Fearful of a cyberattack? Framework helps businesses manage risks

This piece is presented by SDN Communications.

Devising and implementing an effective cybersecurity strategy isn’t a one-and-done chore for businesses. Good cyber defense requires ongoing commitment.

Working through federal guidelines would be a great start for many small and midsize businesses, but the work does not end there.

The continuing commitment required to maintain a good cyber defense was among the points that private cybersecurity experts stressed in a recent Department of Homeland Security webinar.

The 90-minute event focused largely on how businesses can use the NIST Cybersecurity Framework to develop a cyber defense strategy tailored to their operations. The National Institute of Standards and Technology, a federal agency, led the development of guidelines, designed with business input, to help companies improve cyber risk management and protect the nation’s critical infrastructure.

Two experts from SDN Communications were among the four panelists who shared corporate experiences. Jake VanDewater, director of network operations, and Chris Aeilts, a sales engineer, offered their suggestions to the national audience.

VanDewater and Aeilts recounted SDN’s experience in working through the NIST Cybersecurity Framework with help from CyberRx, a software tool that helps companies analyze and reduce risks.

“The framework is good to use one time, but I think where it really comes into its own is when you take a year-after-year evaluation approach to be able to see your own progress as you continue,” Aeilts said.

Aeilts stressed that companies should work on the most important, high-impact issues first.

VanDewater suggested that companies establish a security committee to, for example, define areas of responsibility and accountability. He also emphasized the need for businesses to provide good, ongoing training to employees.

Speakers generally agreed that employees are a highly vulnerable, first line of defense for companies. The speakers also generally agreed that phishing is the most common threat to companies’ network security.

Phishing is when cyber thieves try to enter a company’s network fraudulently through means such as getting an employee to open a contaminated link in an email or by coaxing them to provide a password or other sensitive information. Employee training should be updated and held regularly.

Equipment should be kept up to date, of course. But human vulnerabilities generally present larger security concerns for business than mechanical failures.

Resource limitations hamper some businesses from deploying good security. Meantime, the fear of attack provides a strong incentive for businesses to act.

The NIST Framework generally is flexible enough to help businesses of various sizes and missions assess threats and minimize risks. But some businesses might benefit from outside help in working through the framework, experts said.

The webinar was part of Homeland Security’s Critical Infrastructure Cyber Community, or C3, Program. The program is among the national resources available to help businesses develop and improve their cybersecurity readiness.

In addition to Homeland Security, the Small Business Administration can provide help to companies trying to improve their cybersecurity posture.

Private companies such as SDN, a regional provider of broadband connectivity for businesses, also offer cybersecurity services.

Visit this page to get more information about how CyberRx can help you identify and manage your cybersecurity risks.

We know the audio on the webinar can be challenging, but we believe the presentations still deliver great content. SDN’s presentation begins at 29 minutes. It has been edited for time.

Fearful of a cyberattack? Framework helps businesses manage risks

Devising and implementing an effective cybersecurity strategy isn’t a one-and-done chore for businesses. Good cyber defense requires ongoing commitment.

News Tip

Have a business news item to share with us?

Scroll to top