Understanding the NIST cybersecurity framework

A macro photograph of the keys on a computer keyboard

As technology and cybercriminals advance, creating effective cybersecurity becomes more complicated.

So how do you know that your cybersecurity strategies are working? How do you know that you are protecting your data from cyberattacks and exploitation?

Fortunately, cybersecurity experts developed frameworks to help others protect their data. In addition, they continue to test various systems, practices, and tools to determine the most effective.

The National Institute of Standards and Technology (NIST) of the United States created its NIST framework in 2013. It is one of the recommended frameworks for building a cybersecurity strategy.

For over 25 years, WEBIT Services has helped hundreds of clients develop positive cybersecurity practices. It is passionate about cybersecurity education and sees it as the first step to building protective processes.

By reading this article, you will learn about the five stages of the NIST framework, what each step covers, and how this helps protect your business from cyberattacks.


The five stages of NIST

The NIST framework is divided into five stages, each addressing a specific aspect of cybersecurity. They are:


A circle diagram outlining each of the 5 NIST stages. Each stage is a different color and surrounds the word "Framework." The stages are Identify, Protect, Detect, Respond and Recover

  1. Identify or Inventory hardware, software, and practices in use.
  2. Protect the system through various tools and practices.
  3. Detect threats.
  4. Respond to detected threats.
  5. Recover system functionality and data loss, if possible.


If your IT provider or internal IT department is not following a framework like NIST, they are likely missing a key piece of cybersecurity.

  1. Missing the Identify step means unidentified technology does not receive protection, potentially exposing the entire system.
  2. Missing the Protect step means the system is exposed and vulnerable to cyberattacks.
  3. Missing the Detect step means viruses and malicious activity goes unnoticed.
  4. Missing the Respond step means viruses and malicious activity are not addressed or removed.
  5. Missing the Recover step means data and functionality are lost after a cyberattack.

While there is flexibility regarding which tools, programs, and strategies can be used within the framework, an official framework like NIST must be followed for maximum effectiveness.

If your company is not following a framework, you are missing critical security elements and are exposed to preventable risks.

1. Identify technology

If you don't know what you're protecting, how can you protect it?

Therefore, it's vital to identify all IT assets within your organization. All hardware, software, and systems must be identified to be protected.

Once you've identified all of your technology, it can be monitored for risks and updates.

An unidentified laptop or table connected to your network creates a vulnerability. It can open your organization to attack.

2. Protect your system

Ten years ago, all you needed to protect your data was antivirus, firewall, and backups. Now, "antivirus" is an antiquated term. Instead, cybersecurity systems use "endpoint protection"—a series of tools to counter cyberattacks.

NIST recommends the following endpoint protection tools to help guard identified hardware and systems:

A wide range of products and services meet these security requirements. Each tool has a unique function in protecting your data.

A chart of the NIST framework steps and the tools associated with each step.

3. Detect threats

NIST includes "threat detection" as a vital step in the security process. Detecting threats allows you to address and remove them before they cause significant damage.

Cybersecurity is not a "set it and forget it" practice. Instead, once you establish defenses, you regularly look to improve them and detect any threats that may have come through.

If you do not detect threats, they can wreak havoc on your systems.

Malware and viruses can slow down technology, which is a frustrating inconvenience that limits your productivity.

However, the more dangerous malware and viruses will steal valuable data and lock critical systems, taking your organization offline.

Cybercriminals can sit undetected in a network for months, learning their victim's IT systems and organization for the most effective attack

That is why detection tools, systems, and procedures must be in place. Early detection is key to preventing significant damage and loss.

As part of your detection practices, your IT provider or internal IT department will run quarterly risk assessments to detect new risks and potential threats.

4. Respond

When you face a cyber threat, NIST recommends having tools to remove the danger and an incident response plan to reduce downtime and bring your system back online.

An incident response plan helps minimize financial losses resulting from system failure.

5. Recover

As part of the Recover stage, NIST recommends having data backups and continuity plans to help prevent data loss.

Backups are "snapshots" of data or systems at a specific point in time. On the other hand, IT continuity saves and restores data in real time. The two are similar but not identical.

For example, ransomware attacks will identify critical systems and backups. Once it knows your IT setup, it will encrypt vital systems, making them unusable, and wipe any backups it can access.

After a ransomware attack, cybercriminals will demand payment before they will send you the encryption key to unlock your systems. However, there's no guarantee that cybercriminals will keep their word after they are paid.

In this case, storing backups securely can prove invaluable. The ransomware will be unable to reach it; therefore, these backups can restore critical data and systems.


Why follow a cybersecurity framework like NIST?

If you aren't following a framework, you will likely miss a critical piece in your cybersecurity practice and create preventable vulnerabilities.

You may fail to identify your hardware and software. It can't be updated to patch up holes in your security if it's not recognized. It can't be examined to detect threats. Each unidentified piece of technology creates risks of cyberattacks.

You may use the wrong tools or are cutting vital tools entirely. Skipping any tool from NIST's Protect stage creates vulnerabilities.

For example, neglecting to add and program a firewall creates an open door to your system, allowing harmful data to flow into your network.

Failing to detect threats means you allow viruses and malware to create maximum damage to your systems. Early detection prevents damage.

If you don't follow the Respond and Recover stages, your system is at the mercy of cybercriminals. You will have no way to halt attacks or restore data after the threat has passed. As a result, you could lose time, money, data, and even your reputation.

Following a framework like NIST allows you to protect your data and respond effectively to threats. In the end, it protects your data, time, reputation, and profits.


Next steps for using a cybersecurity framework:

Cybersecurity frameworks like NIST grew in response to the increasing number and damage of cyberattacks. NIST created guidelines summarized as the following steps:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

Each step has a collection of recommended tools and processes to meet its goal.

Cybersecurity has grown more complex and requires more specialized skills and knowledge. As a result, many businesses hire Managed Security Services (MSS) or IT providers that are a hybrid between managed services and managed security.

Speak to your IT provider or internal IT team to learn more about the framework they used to create their procedures and determine their tools.

If your IT provider or team does not follow any framework, that is cause for concern. They could be missing a critical step in protecting your company's data. This could also indicate that it's time to find a different provider.

WEBIT Services has established cybersecurity practices rooted in frameworks for hundreds of clients.

If you are looking for a new provider or have questions about cybersecurity, schedule a free 30-minute consultation to see how WEBIT can help.

If you are not ready to make a commitment but want to learn more about cybersecurity, we recommend the following articles: