Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Cybersecurity frameworks can aid recovery from attacks

Reprints
Cybersecurity frameworks can aid recovery from attacks

There is no guarantee a company can withstand a determined nation state’s cyberattack, but good cyber hygiene will go a long way to offer basic protection and recovery, experts say.

Many suggest adopting the cybersecurity framework recommended by the Gaithersburg, Maryland-based National Institute of Standards and Technology.

The five pillars of the NIST program are: 

  • Identify risk.
  • Protect critical infrastructure services.
  • Detect a cybersecurity event.
  • Respond to an incident.
  • Recover from it.

Companies should look at the NIST framework to see how it fits with their business, said Eric Byres, founder and chief technology officer at aDolus Technology Inc., based in Victoria, British Columbia, a critical infrastructure cybersecurity company.

“You have to do basically a risk assessment,” said Joshua Larocca, New York-based senior managing director at Stroz Friedberg, an Aon PLC unit. “Build a program that’s designed to harden and protect your business,” he said. 

“Eventually, a determined attacker will find a way in,” said Josh Lospinoso, co-founder and CEO of Rosslyn, Virginia-based Shift5 Inc., a cybersecurity company that specializes in transportation. “They will find a weakness in the armor, and then your job is to identify that intrusion as quickly as possible and remediate it.”

Mr. Larocca said the No. 1 question he gets asked is how soon a business can be up and running after an attack. The answer will be influenced by the environment it operates in and decisions made leading up to the incident, he said. 

Cybersecurity plans should be regularly updated, said Michael Bahar, a partner with Eversheds Sutherland LLP in Washington.

“Even if you were really buttoned up and secure two years ago, it’s time to look at it again, because people figure a way in,” he said. 

 

 

 

 

 

 

 

Read Next

  • Cyber threats escalate with global exposure

    The threat posed by nation states’ infiltration into the United States’ critical infrastructure is growing, and the federal government and private companies must do more to address the risk, experts say.