Daniel Clayton, VP of Cybersecurity Operations at Expel, discusses how detailed cybersecurity frameworks can help the industry become more resilient.
Cybersecurity resilience is a cornerstone of organisational resilience and operational continuity. With each passing day, the threat landscape evolves, presenting new challenges and complexities for businesses and individuals alike.
As organisations strive to safeguard their digital assets and mitigate risks, the need for comprehensive cybersecurity frameworks has never been greater.
Against this backdrop, frameworks, guidance, and regulatory mandates play a pivotal role in shaping cybersecurity practices and fostering resilience. From the evolution of renowned frameworks like the National Institute of Standards and Technology (NIST)’s Cybersecurity Framework (CSF) to tailored guidance from entities such as the National Cyber Security Centre (NCSC) and regulatory initiatives like the Digital Operational Resilience Act (DORA), the cybersecurity community witnesses a concerted effort from governmental bodies across the globe to address emerging threats and bolster cyber defences.
Here are a few examples of how frameworks and guidance are actively helping the cyber industry to become more resilient.
Evolving cybersecurity frameworks
The recent evolution of cybersecurity frameworks, exemplified by the NIST CSF 2.0, represents a significant leap in improvement in addressing the complexities of modern cybersecurity challenges.
Since its first iteration in 2014, the NIST CSF has provided organisations with a structured approach to cybersecurity, breaking down the key tenets into easily digestible functional areas: Identify, Protect, Detect, Respond, and Recover. With the release of CSF 2.0 in 2024, NIST refined and expanded its guidance to add ‘Govern’ as a functional area – aligning with evolving threats and organisational needs.
The introduction of the Govern function represents a notable enhancement, emphasising the importance of evidence and verification in cybersecurity frameworks. This addition enables organisations to establish robust policies and procedures, ensuring compliance and minimum levels of resilience across many key aspects of cybersecurity operations.
Moreover, CSF 2.0 offers tailored resources and implementation examples, empowering organisations to customise their cybersecurity approach based on industry-specific requirements and operational priorities.
Whether it’s identifying vulnerable critical assets, protecting against emerging threats, or enhancing incident response capabilities, the cybersecurity framework provides a comprehensive roadmap for organisations to navigate the complexities of cybersecurity effectively (you can find Expel’s toolkit to help assess your company’s cybersecurity posture here).
Tailored guidance for operational resilience
Operational resilience is paramount in today’s interconnected digital landscape, particularly as organisations increasingly rely on cloud technologies and operational technologies (OT) solutions. Tailored guidance from entities such as the NCSC fills a crucial gap, offering practical insights and recommendations to bolster resilience and mitigate risks.
For example, organisations migrating critical systems to cloud environments face unique challenges. NCSC’s guidance on cloud-hosted Supervisory Control and Data Acquisition (SCADA) systems provides insights into risk assessment, technology suitability, and organisational readiness. By understanding business drivers, cloud opportunities, and potential risks, organisations can make informed decisions that align with their operational objectives and risk appetite.
Furthermore, NCSC emphasises the importance of securing online services for small and medium enterprises (SMEs), recognising their reliance on digital platforms for day-to-day operations. By providing accessible resources and tutorials, NCSC enables SMEs to implement effective an effective cybersecurity framework, safeguarding critical functions against prevalent threats, including ransomware attacks and data breaches.
Regulatory mandates and harmonisation
Regulatory mandates currently play a pivotal role in shaping cybersecurity practices, particularly in highly controlled sectors such as finance, where we tracked a 5% uptick in cyberattacks in the latter half of last year and saw some of the most high-risk malware and identity incidents (see the full Expel 2024 threat report here).
Initiatives like the Digital Operational Resilience Act (DORA) and the Network and Information Systems Directive 2 (NIS2) are instrumental in fortifying the cyber resilience of organisations across the EU.
DORA is a landmark regulation aimed at enhancing financial entities’ digital operational resilience. By harmonising rules and oversight frameworks, DORA will help streamline ICT risk management, third-party oversight, incident reporting, and information sharing across the financial sector in particular.
Both DORA and NIS2 position cyber risk management within an organisation’s strategic framework, recommending that it be treated with the same level of care and attention as other, more traditional business risks.
Financial entities must prioritise proactive risk management and incident response preparedness to effectively mitigate ICT risks. Adhering to one of these frameworks’ principles and requirements will give them a better chance of doing so.
Empowering cybersecurity practices
Overall, the evolution of cybersecurity frameworks, tailored guidance for operational resilience, and regulatory mandates emphasise the collective efforts to strengthen cybersecurity practices globally. Organisations must embrace these initiatives, to fortify their cyber defences and safeguard against emerging threats.
Compliance and security continue to be two different standards, but by prioritising resilience, collaboration, and compliance, the cybersecurity community can confidently navigate the evolving threat landscape, securing the digital future for organisations and individuals alike.
