The Importance of Cybersecurity for Companies

While companies have more robust security systems, they can still be attacked. Companies can be targeted by competitors looking to gain an advantage or by cybercriminals seeking the company’s money. It is vital that companies protect themselves from cyberthreats because attacks against them can affect the people they serve. Without proper security, people will not trust companies to handle their data. Both parties can suffer a financial loss or theft of personal data with companies being especially vulnerable to reputational damage.

Actions that Companies Take:

You will learn about more defensive measures in course 4, but here are some topics to get you started:

• Training/Awareness: training that companies provide their employees or even their clients on security prevents people from making blunders that can risk the companies welfare.
• Intrusion Detection Tools: Companies use tools to warn them of intrusions or suspicious activity on their systems
• Policies: Both company policies and mandatory policies levied by the government improve the security of company systems

Frameworks:

A framework in cybersecurity is a model that dictates how companies should respond to security incidents. There are a variety of frameworks that companies can choose to use, some of them being a company’s own framework. In the following example, we will look at the NIST CSF.

NIST is the National Institute of Standards and Technology, and they created the NIST CSF or the NIST Cybersecurity Framework . This is one of the most popular frameworks used by organizations. This is the NIST CSF:

Stages of the NIST CSF

1. Identify: Identifying assets and areas in a system where attacks can occur.
2. Protect: Taking necessary measures to protect assets and seal attack vectors in preparation for possible attacks.
3. Detect: Once an attack occurs, the source of the attack and areas of the system that were affected must be detected.
4. Respond: Containing the attack and its effects to a certain area and eliminating the attack.
5. Recover: Restoring the system back to its original state, fixing vulnerabilities that led to the attack, and reflecting on what could have been done better.