Don’t assume that the standards you implemented two years ago will provide the same protection today.

Cybersecurity threats are constantly evolving. If your organization isn’t employing the latest cybersecurity standards, then you’re putting your systems at risk.

Savvy hacker groups are relentless in finding new vulnerabilities to exploit, effectively making many standards obsolete.  Today’s organizations must be proactive about identifying these gaps and implementing the latest security protocols and technologies.

Here’s a quick look at some of the latest standards to consider, plus the actions being taken at the federal level that businesses can use as a basic guide to identifying the latest threat areas and solutions.

Where to Find the Latest Cybersecurity Standards

By the time you’re reading this post, new cybersecurity standards will already be in the works. So before we list our current recommendations, let us guide you to some additional sources where you can find up-to-date standards for your organization.

The following standards are comprised of wide-ranging guidelines and best practices for IT and other areas of operations:

• NIST Cybersecurity Framework (CSF) 2.0: This is a voluntary framework provided by the National Institute of Standards & Technology, a division of the Department of Commerce. First published in 2014, CSF provides a comprehensive set of standards for mitigating cybersecurity risk, divided into five categories of action: Identify, Protect, Detect, Respond and Recover. The newest version of the framework, known as CSF 2.0, is scheduled to be published in early 2024.
• ISO/IEC 27001: This is an international standard for IT security management systems. ISO/IEC 27001 was first published in 2005 and most recently updated in 2022. Globally, it is the most widely known standard for managing cybersecurity.
• Service Organization Control Type 2 (SOC 2): This set of compliance standards is primarily geared to third-party service providers that store and manage data for other companies. However, many of the guidelines in SOC 2 are still applicable to most organizations, covering areas including access control, network firewalls, data encryption and disaster recovery.

7 New Cybersecurity Standards to Consider

Below, we’ve highlighted some fundamental cybersecurity standards that most organizations should adhere to. Not all of these standards are necessarily “new” – in fact, some of them have been recommended for the last few years. However, they are reflections of overall trends and an increase in adoption, driven by current cybersecurity threats.

1) Zero Trust Network Access (ZTNA)

More organizations are moving away from traditional VPN to implement the more secure Zero Trust Network Access. In the new era of hybrid work, organizations have strengthened their networks to accommodate more off-site workers while also removing vulnerabilities. VPN was the gold standard for off-site access for a while. But it left open too many doors for malicious activity. Generally, once a user connected to a network via VPN, they gained far-ranging access to that network. With ZTNA, users and devices face a much more granular level of security and access control. Access to network resources and applications is granted only to the specific users and devices that need them.

2) Fileless Exploit Mitigation

Fileless attacks occur when vulnerabilities in legitimate systems and software are exploited within a computer’s memory (rather than the hard drive). With traditional malware, the infections are delivered via files. With fileless attacks, for example, a user’s web browser could be infiltrated simply by visiting a website. When these vulnerabilities are discovered and exploited by attackers before patches are available, they are known as zero-day attacks. The prevalence of fileless and zero-day attacks has required organizations to adapt new cybersecurity standards that mitigate the risks of these threats. Exploit mitigation tools, such as those built into Windows, help to thwart these attacks by detecting the types of techniques commonly used in these attacks. Third-party tools like Sophos Intercept X (an endpoint detection and response solution) take this protection even further to prevent users’ devices from being exploited, even if vulnerabilities exist.

3) Endpoint Security & Backup

Building off that last point, a critical cybersecurity standard that today’s organizations must implement is endpoint protection. 2 out of 3 companies have experienced “one or more endpoint attacks that successfully compromised data and/or their IT infrastructure,” according to Ponemon Institute. And with the increase in hybrid work, workers are now using a greater variety of devices, on different networks, increasing their cybersecurity risks. Stronger endpoint protection is essential to detecting and isolating attacks on the user’s device (including mobile devices), before it can spread laterally across a network. Similarly, endpoint backup is needed to ensure that files saved locally on users’ PCs can be recovered when data loss occurs.

4) Security Orchestration, Automation and Response (SOAR)

The term SOAR was first coined by Gartner in 2015, but it is still a relatively new cybersecurity standard that organizations have adopted over the last few years. In basic terms, SOAR is a software solution that provides an integrated approach to managing diverse cybersecurity tools and tasks. A recent study by IBM found that 52% of large organizations were using between 30 to 100 different security tools and technologies – most of which do not play nicely together. SOAR takes the data from all these tools to create a central console for managing incident response and streamlining security workflows. More significant security alerts are prioritized, for example, while false positives are automatically filtered out. End result: security is faster, smarter and more fluid. While SOAR is currently most beneficial to larger organizations, we anticipate that SMB-focused tools will become more ubiquitous in the years ahead.

5) Next-Gen Intrusion Prevention Systems (IPS)

Intrusion prevention systems have long been an effective tool for blocking dangerous network activity. But the next-generation of IPS (or NGIPS) is ushering in a new era of smarter threat detection. New IPS technologies allow for a much deeper analysis of network traffic, identifying not just known threats but also contextual data, such as applications, users, files and so on. This deep analysis is combined with automation to rapidly identify and respond to threats as they happen, across the network. Firewall solutions from Sophos leverage this next-generation IPS technology and in fact can be integrated with endpoints and access points for 360-degree protection (what Sophos refers to as Synchronized Security). For example, if a threat is detected on an endpoint, it is immediately blocked and the access point also restricts Internet/network access to the endpoint, so that no further malware can be downloaded or moved laterally.

6) AI-Powered Phishing Detection

Advancements in AI and machine learning are expected to revolutionize the cybersecurity landscape over the next few years. One area in which AI is already making a big impact is email. New email solutions now use natural language processing (NPL) and machine learning to detect phishing scams and other malicious messages. In the “old days” of spam filtering, messages would be flagged for certain words in an email message, such as “urgent” or “FREE.” NPL enables today’s cybersecurity systems to understand these words in context. This reduces the risk of legitimate emails being flagged as spam and improves the detection of messages from imposters. For example, even if the message contains no URLs or malware, email protection solutions from Sophos use NPL machine learning to detect and automatically block targeted impersonation and Business Email Compromise attacks. Beyond NPL and email, AI is playing an increasingly important role in all aspects of threat intelligence, using an extensive array of data points to identify potential cybersecurity threats anywhere on the network.

7) Managed Detection & Response (MDR)

Managed Detection & Response involves having external teams manage a company’s cybersecurity. It’s not exactly a new concept – various forms of MDR have been available since the early 2000s. However, as evolving threats like ransomware have become more prevalent and sophisticated, it has become increasingly challenging (and costly) for organizations to manage their security on their own. More companies are now using MDR from providers such as Sophos to receive round-the-clock threat detection, response and remediation. MDR thus allows companies to respond to threats much faster and more effectively than they could if they managed their cybersecurity by themselves, significantly reducing the risks and impact of an attack.

Conclusion

As threats continue to evolve, organizations must be proactive about adopting new cybersecurity standards to protect their systems from being compromised. The latest solutions for protecting endpoints, email, networks and data are significantly better at thwarting attacks, especially when implemented properly as part of an integrated cybersecurity and business continuity strategy. On a federal level, the government has also created a comprehensive and long-term vision for a proactive cybersecurity posture for the public and private sectors. Organizations that take advantage of the frameworks, practices and technologies proposed in these new cybersecurity standards can significantly enhance the resilience of their businesses.

This abridged article was republished with permission from Invenio IT.  You can read the unabridged version which includes additional resources and standards.