Dura-Tech joins together with LeadingIT Learn more
Our knowledgeable team will support you organization, allowing your staff to get the most out of your technology.
We implement layers of protection to ensure your organization is secure.
Using best practices, we proactively protect your organization from becoming a victim of cybercrime.
As a Datto Blue Diamond Partner we secure your data with industry leading backup and disaster recovery solutions.
LeadingIT understands the technology needs of your business and offers computer, network and cybersecurity support to help you get the most out of your technology.
Read why businesses small and large across Wisconsin, Illinois and Indiana choose LeadingIT.
Working at LeadingIT means joining a group of people obsessed with taking on the real challenge of cybersecurity and helping businesses.
Stay up to date on the latest security threats your business faces and get tips on how to stay protected and informed.
NIST recently updated its Special Publication 800-53, introducing a whole new dimension to what security awareness comprises. What do these new Security and Privacy Controls for Information Systems and Organizations mean for your Chicagoland business? Here’s the skinny.
If you’ve been in infosec or IT for a while, you must be familiar with the National Institute of Standards and Technology (NIST). Or, you must have at least heard of NIST 800, heralded by many experts as the standard guideline for establishing robust security programs across all industries.
Well, in response to the alarmingly increasing Exchange Mass Hack rates, NIST recently revised its Special Publication 800-53 to redefine what security awareness constitutes.
To give us a better perspective, let’s first look at what NIST 800-53 entails in general.
Initially, NIST was tasked with establishing security standards for federal agencies and their contractors only. However, due to the rapidly evolving cyber threat landscape, most of the agency’s Standards have since been adopted by the private sector.
One of such Standards is NIST 800-53. It establishes guidelines for agencies and organizations to create reliable security systems and shield their networks from external interference.
The overall idea is that organizations should use FIPS Publication 199 to classify their information systems into various security categories. Once you’ve decided on the system’s security objective (availability, confidentiality, or integrity), NIST 800-53 highlights the standards that will help you achieve these goals.
Note that NIST 800-53 does not recommend any specific software packages or applications. It leaves this decision to individual security stakeholders because of the understanding that information technology is continuously evolving.
Because of this rapid nature of the cybersecurity dynamics, even NIST is continually looking for ways to better its standards. The recent NIST 800-53 update is just one among the many adjustments we can expect.
The most striking adjustment to the NIST Special Publication 800-53 is the stipulation of simulated social engineering tests as a compliance requirement.
The update partly reads, “practical exercises include no-notice social engineering attempts to collect information, gain unauthorized access, or simulate the adverse impact of opening malicious email attachments or invoking, via spear-phishing attacks, malicious web links.”
This reinforces what frontline cybersecurity stakeholders have been advocating for the past several years — simulated cyberattacks are necessary and urgent in the war against cybercrime.
Even with the most elaborate security systems in place, an under-informed and ill-prepared staff will still leave your network vulnerable to hacks and breaches. Your employees are your first (and most susceptible) line of defense. That’s why it’s essential to prioritize behavior-based training in your security protocols.
Essentially, the new recommendations say that your security awareness training exercise should closely reflect real-life breach and hack scenarios. Only then can you accurately deduce your security posture and understand your threat levels.
Thanks to the recent updates, NIST 800-53 is an excellent roadmap for developing and maintaining a good data security strategy. With a bit of guidance from an experienced IT team, it can go a long way in improving your cybersecurity posture.
Leading IT offers 24/7, all-inclusive, fast, and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 10-200 employees across the Chicagoland area.
©2022 LeadingIT. All Rights Reserved.