By Chase Peterson, MBA, CISSP - ©2023 

In the last semester of my MBA program I had decided that I needed a certification to compliment my concentration in information assurance and cybersecurity.  While I was studying for the CISSP exam I came across a term that I had seen so often before that I had to stop and do a double take.  The term wasn’t difficult or even mildly interesting outside of the fact that it had been an almost daily part of my engineering and maintenance careers, Mean Time to Failure, or the average amount of time until a particular device fails and needs to be replaced.  While it was just one term nestled among enough techno jargon to make the most seasoned professional cross their eyes, it felt like home to me.  During that moment I realized engineering, maintenance and information security all share a similar mindset, calling on the same core skills; analytical thinking, problem solving and adaptability.

In any field that requires a blend of technical acumen and people skills—be it engineering, maintenance, or information security—certain core skills are universally valuable. In engineering, we are continually scrutinizing and refining our designs to ensure both safety and reliability while maintaining a reasonable price point. As maintenance and sustaining engineers, the focus shifts to troubleshooting, analyzing options, and adapting to available resources. Information Security professionals, meanwhile, must quickly identify the origin of an issue, trace its spread, and adapt to the evolving circumstances of a security incident. Each field requires its own blend of the trio, but at their core they rely on analytical thinking, problem solving and adaptability.  These common traits highlight the strong connection between the fields and illustrate how one can translate fluency and literacy in one field to another.

During my time in maintenance, my skills in welding and metal fabrication was more than a line on a resume, instead it provided an opportunity to forge stronger team connections. I earned my crew's respect—not through the authority of my position, but by being fluent in skills they valued and by speaking their language. This hands-on expertise didn't just enhance my team's camaraderie; it streamlined communication, making for a more collaborative workspace. In my role as a sustaining engineer, my academic background, particularly a paper I authored on Lean and the Quality of Work Life, provided me with unique insights during a Kaizen event, encouraging the team to see problems from a fresh perspective. These common threads not only unite these fields, but also make transitioning from one to another less daunting than it might appear.

Research from a 2020 Gartner report highlights the vital role of cross-functional teams in identifying and implementing cost optimization initiatives within organizations. These teams are effective because they combine diverse skills, perspectives, and areas of expertise, promoting creative problem-solving and avoiding the limitations of a siloed approach. Similarly, possessing a background that spans multiple, yet equivalent, fields like engineering, maintenance, and information security offers similar advantages on an individual level. It's akin to being a 'one-person cross-functional team,' equipped to identify unique efficiency gains, avoid pitfalls, and bring about more integrated solutions. The value here lies in the multi-disciplinary viewpoint, which enables the individual to mediate between different departments and thus act as a force multiplier in collaborative settings.

In my journey from engineering to maintenance to information security, the common denominator has always been a core set of skills: analytical thinking, problem-solving, and adaptability. These skills have acted as my personal "Mean Time to Failure"—a metric not of when things will go wrong, but of how long it will take to find a solution no matter the field or the problem at hand. Embracing these skills is like extending your own "Mean Time to Failure."

References

Gartner. “How Important Are Cross-Functional Cost Optimization Teams for Business?” Gartner, 31 Mar. 2020, www.gartner.com/en/documents/3982763. Accessed 1 Sept. 2023.

(c) Chase Peterson September 3rd, 2023

By Chase Peterson, MBA, CISSP - ©2023 

Introduction

When a Chinese engineer and artisan named Bi Sheng invented the world's first movable type somewhere in the middle of 1000 CE, the promise of the new technology was revolutionary. The ability to quickly produce and reproduce knowledge meant movable type had the potential to put knowledge into the hands of anyone who could read, allowing ideas to reach a much larger audience. Unfortunately, this also meant that misinformation could be spread with little to no effort. This underscores that every innovation provides incredible opportunities for advancement, as well as pitfalls both seen and unseen.

He might have a difficult time imagining that a little under a millennia later, the movable type would find a way to rearrange itself on a screen of light in response to a question using the whole of human history to draw from. Along with this new technology came an old problem: the new technology could be used to help or harm.

In the summer of 2023, Google, Stanford, and the University of Wisconsin-Madison held a workshop discussing this “dual-use dilemma” inherent in Generative AI (GenAI). They explored some attack and defense tactics and procedures that have been observed and discussed short and long-term goals that security practitioners can implement to help keep their organizations more secure in light of this new technology.

Historical Context

This ‘dual-use dilemma’, where technologies possess the potential to both benefit and harm Is far from novel. With every major advancement there has been equal opportunity to apply the new advancement in an altruistic way or in a nefarious way. Movable type could spread knowledge to any who wanted to learn and could read, but now it could also be employed to spread disinformation as well as. The dilemma presents itself in different ways with different technologies, modern encryption is key to safe navigation of our online spaces, however threat actors often use similar encryption techniques in ransomware attacks. The automobile simultaneously heralded a new method of transportation while creating far reaching environmental concerns and resource consumption issues. This recurrent theme underscores the need to balance innovation with vigilance of the potential pitfalls of any new technology.

The Power of GenAI

GenAI has shown remarkable capabilities in its ability to create well composed passages that are able to attempt to connect with the reader on an empathic level as well as incorporate any data it has been provided access to.  Additionally when given enough context material GenAI is adept at distilling a document down into its key points and performing varying levels of analysis.  The way these models are created or trained requires vast quantities of data to allow them to adopt a specific professional lens through which they can recreate some best practice answers.  The paper states that while the models are not flawless they have been able to recreate specific reasoning patterns that can be applied to a diverse range of fields from biology to computer architecture to defense tactics. Aside from creating text the paper also cites these model’s ability to generate realistic images and video with very little skill illustrating how these models can be used in the generation of deep fakes, or a fully synthetic video or recording of a person saying things they never said.

The positive applications of this technology range from highly customizable tutors for students and eager learners to a new way of playing video games.  Companies like Inworld.ai boast about creating characters with contextual awareness based on the players previous actions.  While most video games these days track decisions players make, it often comes with dialogue trees that need to be manually plotted out and text written for each branch.  The integration of GenAI into game engines can cut lengthy character development times and allow for a more dynamic and free flowing interaction between the player and their computer driven counterparts, or non player characters.

GenAI does not suffer from any drop in quality whether it's the first time it is completing a task, or its one billionth, it is able to provide a consistent level of detailed analysis of consistent quality every time.  This kind of reliability is something that manufacturing engineers and machine designers spend decades trying to achieve, if given the right parameters GenAI can do this almost ‘out of the box’.  GenAI is also immune to psychological trauma, therefore it can flag harmful versus annoying content, acting as a kind of buffer for content moderators.

Human-AI Collaboration

GenAI's capability to produce high quality media offers a new and more customizable approach to education. By allowing for tailored learning experiences that cater to individual needs GenAI can simulate specialized scenarios where learners can interact, make decisions, and receive feedback in real-time. This individualized approach not only revolutionizes traditional teaching by adapting to each student's unique requirements or learning style but also holds the promise of making education accessible and less daunting. Particularly in sectors like cybersecurity, where there's a recognized professional shortage, GenAI could be a pivotal tool in addressing the gap and enhancing the learning landscape.

The advancements in GenAI herald a new era of collaboration between humans and technology. In tasks ranging from text classification to object recognition, GenAI has showcased its potential. An excellent example of this would be log file analysis.  Analyzing these files often requires a line by line examination to look for anomalies, a time consuming and mentally exhausting task for a human.  The GenAI model can ingest the log file and return relevant results every time without tiring. This collaborative approach not only streamlines processes but also ensures a higher quality of results, emphasizing the immense potential of human-AI collaboration in various domains.

The Dark Side of GenAI

The paper calls out a number of potential attacks that Genai can be used in, the authors of the paper are also careful to note that this is not a comprehensive list but this is another starting point for discussion. The attacks called out are; spearfishing, hallucinations, dissemination of Deep fakes, proliferation of cyber attacks,. 

Spearfishing is probably  one of the more damaging ways that GenAI can be used. a threat actor with limited English abilities can easily copy and paste information about an executive from a web page into a chat bot Like chat gpt, Google's barred, anthropics Claude 2, or meta's llama 2 And with very little effort generate a high quality spearfishing email that reads as though it was written by a native English speaker. Hallucinations are not as directly damaging as spearfishing, however they underscore the point that not everything these models generate is true or accurate. a hallucination happens when the model generates factually incorrect info or fabricates Sources If the people using the chatbots are unaware of these limitations, then they will not understand the need to verify any Source generated by GenAI. 

On the more technical side, the dissemination of deep fakes is of large concern during an already highly incendiary political cycle. Anyone can easily use the technology to manufacture, and distribute disinformation that furthers whatever goal they have.  GenAI  also has the potential to increase cyber attacks as they are able to generate high quality code, which can be used to exploit vulnerabilities in a network. There are GenAI models that will help plan and execute a cyber attack Under the guise of penetration testing.

Challenges with GenAI

In the realm of GenAI and their intersection with society, certain characteristics have inadvertently facilitated the rise of cyberattacks. For example the ease with which these technologies can be accessed has exponentially magnified the effectiveness of such attacks. Notably, these advanced tools empower threat actors to execute intricate social engineering campaigns, even with minimal proficiency in the target language. A startling concern highlighted in the research is GenAI’s occasional disregard for social norms. While it might generate responses that are technically accurate, it can sometimes overlook societal conventions, leading to potential harm. This is exacerbated by the public's general unawareness of these limitations. For instance, in the context of spear-phishing, a borderline trivial amount of publicly available information can be leveraged to craft convincing emails. 

Advancements in GenAI have also paved the way for the creation of deep fakes.  A deep fake is synthetic media in which a person's likeness or voice is replaced with someone else's. With the aid of sophisticated algorithms, deep fakes can produce video or audio that are nearly indistinguishable from genuine content. This poses a significant threat, as malicious actors can misuse this technology to spread misinformation, tarnish reputations, or even manipulate public opinion. The realism and accessibility of deep fakes underscore the urgent need for countermeasures and public awareness campaigns.

Defending Against Misuse

While GenAI is lowering the bar for threat actors there are a number of defenses that have been included to help enhance and attempt to limit the risk posed by the technology.  The strategies discussed include detecting GenAI content, watermarking, code analysis, penetration testing and multimodal analysis.

The quickest and most effective method would be to detect the GenAI content and deal with it accordingly. The authors point out the possibility of suppressing a politically motivated tweet created by GenAI, but are also quick to highlight that GenAI created content such as text can simply be paraphrased and current GenAI content detectors are not able to identify whether or not the content is AI generated.

For video and audio generated content detection may be easier due in no small part to existing watermarking techniques that can be quickly inserted into a generated picture or audio clip.  Watermarking involves embedding a "statistical signal" during the GenAI-generation process, allowing for later detection. It essentially indicates the origin of the content. However, watermarks can be easily eliminated through simple methods, such as text paraphrasing. Watermarking is deemed valuable when there's a reason not to remove the watermark.

Threat actors employ a wide range of techniques and tools to gain access to their target, and while they have the upper hand in regard to phishing and spear phishing GenAI has shown its ability to perform sophisticated static code analysis, or the ability to tell what a program will do by looking at it without running it.

Companies often use Third party auditors to test their security, GenAI can afford smaller organizations the chance to test their security without an auditing firm or an incident. By assisting their internal IT teams in performing a penetration test or a simulated attack by a threat actor often restricted to a very specific scope or system.  The results of the penetration test often shows companies where they can bolster their defenses with minimal effort and expenditure.

The Short-Term Future of GenAI Defense

In the coming years, several short-term goals will shape the landscape of GenAI and its applications. Firstly, with the rapid emergence of techniques like GenAI content detection and watermarking, it's crucial to understand their potential uses and limitations, especially as countermeasures to these techniques are also rapidly evolving. Secondly, there's a pressing need for a thorough analysis of the capabilities of Large Language Models (LLMs) in code-related tasks, such as code summarization and obfuscation. Furthermore, as LLMs become integral in code completion for developers, ensuring their alignment with secure coding practices is paramount. Lastly, the establishment of a repository detailing state-of-the-art (SOTA) attacks and defenses can provide a comprehensive overview of the current security landscape, aiding in the deployment of the most advanced techniques against manipulated media and other threats.

It's essential to be able to differentiate between AI-generated content and human generated content. Currently detection algorithms can be divided into four types: neural network-based detectors, zero-shot detectors, retrieval-based detectors, and watermarking-based detectors. Neural network detectors are trained to differentiate between AI and human-generated content, for AI generated text companies, like OpenAI, fine-tuned their model to distinguish between AI content and human content with mixed success.  For Images generated by AI the neural network will look at different pixel features, and other features that are characteristic of deep fakes and GenAI content.

Zero-shot detectors identify AI content based on “statistical signatures”.  These signatures are subtle patterns or tendencies that are particular to GenAI content.  The signatures emerge from the elements or structure the model introduces in the content. While zero-shot detectors work by looking at the likelihood of something being created by AI, retrieval-based detectors work in just the opposite, they scour databases of GenAI output looking for matching text.

Watermarking detectors embed signals in the generated content for later identification. However, the challenge lies in embedding a watermark that's hard to detect or remove without a key. While watermarking has shown promise, with companies like Google committing to watermark their AI content, its effectiveness is still under scrutiny. Attacks have shown vulnerabilities in these detectors, especially when content is paraphrased. Furthermore, as language models improve, distinguishing between human and AI text becomes more challenging. Currently, no watermarking method is proven to be entirely robust, and the future of creating an unbreakable watermark remains uncertain.

Long-Term Goals

Addressing the challenges of GenAI requires a blend of technical, social, and political solutions. GenAI's potential societal impact is vast, but there's a gap between its technical capabilities and societal needs. We need to understand this interaction and develop ways of measuring the social implications. Furthermore, trustworthiness of online content is critical, and one potential solution, an online reputation system, similar to newspaper bylines, can help establish credibility. Accountability is essential, both for users and developers, especially when considering the potential misuse of GenAI.

Furthermore, the development of GenAI models is currently dominated by a few tech giants due to the high resource requirements, such as specialized video cards and borderline unfathomable amounts of data. This centralization can stifle innovation and prioritize profit over safety. The paper calls for the need to democratize GenAI research, making it accessible to academia and startups. Policy decisions often lag behind technological advancements, which can hinder AI safety efforts. Collaborative partnerships between government, academia, and the commercial sector are crucial for informed policy-making.

Finally, value alignment in AI is complex in a diverse world. Deciding whose values AI should align with, especially when machines display human-like qualities, requires interdisciplinary discussions, an article published on June 10, 2023 from the Washington Post reports a staggering 17 fatalities and 736 crashes caused by Tesla’s now infamous autopilot.  Grounding, or ensuring that content is based on reliable sources, is another challenge. LLMs, used in contexts like cybersecurity or the classroom, need to provide information that's based on authoritative and accurate sources. Current efforts in grounding are promising but have limitations, and more research is needed to understand why LLMs sometimes produce inaccurate or nonsensical outputs.

Conclusion

The evolution of GenAI brings us face-to-face with the age-old dual-use technology dilemma. Just as nuclear energy can benefit humanity by powering cities, it can be used to destroy the city and render the ground unfit for habitation by all but the hardiest of species. GenAI has the potential to revolutionize industries or be misused with dire consequences. 

In the short term content detection is needed to help ensure the authenticity of the source.  There are a number of tools and technologies currently available or in development ranging from examining specific features of pictures to watermarking and looking at specific patterns and nuances in the text.  The technology requires a sophisticated, multipronged approach of technological, societal and regulatory changes, in the long term, there is no easy or clear cut answer.  Currently the development and training of high powered models is in the hands of a few tech giants that have a corner on the market in terms of computing power and training data. The democratization of GenAI is also going to play an important role in how accessible it is for research. Opening it up will allow for greater breakthroughs and better protection for it and against it.

References

Barrett, C., Brad, Boyd, Burzstein, E., Carlini, N., Chen, B., Choi, J., Chowdhury, A., Christodorescu, M., Datta, A., Feizi, S., Fisher, K., Hashimoto, T., Hendrycks, D., Jha, S., Kang, D., Kerschbaum, F., Mitchell, E., John, & Mitchell. (2023). Identifying and Mitigating the Security Risks of Generative AI. https://arxiv.org/pdf/2308.14840.pdf

Norman, J. (2023). The Invention of Movable Type in China : History of Information. Historyofinformation.com. https://www.historyofinformation.com/detail.php?id=19

Siddiqui, F., & Merrill, J. B. (2023, June 10). 17 fatalities, 736 crashes: The shocking toll of Tesla’s Autopilot. Washington Post; The Washington Post. https://www.washingtonpost.com/technology/2023/06/10/tesla-autopilot-crashes-elon-musk/

(Disclosure: The Author uses Generative AI in the outline process)

(c) Chase Peterson September 21st, 2023

By Chase Peterson, MBA, CISSP - ©2023 

In the bustling world of modern business, where emails fly faster than pigeons ever did, I'm reminded of an anecdote. A tech novice once exclaimed in frustration, "I wish emails came with a 'recall pigeon' button!" This novice had mistakenly sent their vacation photos to the boss instead of their family. While we can get a good laugh imagining a digital pigeon swooping in to retrieve the beach selfies, the story underscored the importance of effective and professional communication tools in our digital age. As we navigate the intricate world of email, remember: we might not have 'recall pigeons', but we do have state-of-the-art tools to ensure our messages are both professional and precise.  We just need to make sure we use them

Email is an irreplaceable cornerstone of business facilitating swift and streamlined interactions with clients, partners, and team members across the globe. However, not all email platforms are crafted with the same finesse or functionality. Embracing a professional email platform can elevate a business's productivity, professionalism, and security, offering a myriad of benefits that are essential in our fast-paced, interconnected world.

Reinforced Branding and Elevated Professionalism

Professional email platforms grant businesses the privilege of crafting custom email addresses that resonate with their brand domain. This not only amplifies brand recognition but also infuses every communication with a touch of professionalism. A branded email address not only instills trust in its recipients but also distinguishes a business from rivals relying on generic email services.

Optimized Deliverability

Compared to their free or personal counterparts, professional email platforms often boast superior deliverability rates. Their dedicated servers, coupled with sophisticated spam filters, ensure that emails land in the intended inboxes, sidestepping the spam or junk folders. This ensures that crucial messages are promptly noticed and acted upon, while spam is properly filed away in the trash.

Fortified Security Measures

In a world rife with cyber threats, data security is paramount, especially when emails carry sensitive information. Professional email platforms are fortified with robust security features, including encryption protocols, multi-factor authentication, and frequent backups. These measures shield sensitive data from unauthorized breaches and potential losses, offering businesses peace of mind.

Collaboration and Productivity Enhancements

Beyond mere email functionalities, many professional platforms come bundled with a suite of productivity tools. Features like shared calendars, collaborative document tools, task management systems, and integrations with other productivity apps streamline intra-team communication, bolster workflow efficiency, and foster project collaboration. This cohesive ecosystem amplifies productivity and fosters a spirit of teamwork.

Scalability and Adaptability

Business needs are dynamic, and as they evolve, so do their email requirements. Professional email platforms are inherently scalable, allowing businesses to seamlessly add or subtract email accounts in tandem with their team's size. They also offer flexibility in storage, ensuring businesses never run out of space for pivotal emails and attachments.

Dedicated Customer Support

Opting for a professional platform brings with it the assurance of dedicated customer support. Should businesses face technical hitches or have queries about functionalities, they can lean on expert assistance. This ensures swift resolution of issues, minimizing potential operational disruptions.

Adherence to Regulatory Compliance

Certain industries are bound by stringent data privacy and security regulations. Professional email platforms are often designed to comply with these mandates, helping businesses navigate the compliance landscape. This not only mitigates non-compliance risks but also shields businesses from potential legal repercussions linked to data mishandling.

Wrapping up

In the competitive business arena of today, professional email platforms are not a mere luxury—they're a strategic necessity. They offer a plethora of advantages over personal or free email services, from bolstering brand image and professionalism to enhancing deliverability, security, collaboration, adaptability, and regulatory compliance. Investing in such platforms is tantamount to investing in a business's success, ensuring communications remain secure, efficient, and impactful.

References

Dato, Nico. “How a Professional Email Address Can Help You Build Trust - Podium CMS.” Www.podium.com, 26 Mar. 2020, www.podium.com/article/professional-email-address/. Accessed 1 Oct. 2023.

Lopez, Daniel. “The Benefits of Using a Professional Email Address for Business.” Www.linkedin.com, 27 Apr. 2022, www.linkedin.com/pulse/benefits-using-professional-email-address-business-daniel-lopez. Accessed 5 Oct. 2023.

Michalski, Cloé. “Top 7 Reasons to Use a Professional Email Address.” Www.cyberimpact.com, 30 Aug. 2022, www.cyberimpact.com/en/top-5-reasons-to-use-a-professional-email-address/. Accessed 4 Oct. 2023.

(The author discloses the use of Generative AI in the outlining process)

By C. Peterson M.B.A., C.I.S.S.P. – © 2024

One does not have to look far to learn about a new health care system breach or compromised restaurant chain, demonstrating the need for organizations in every industry to stay current with trends in cybersecurity.  The expectation within the cybersecurity industry has become “when, not if” a breach occurs, demonstrating the need for a robust plan that includes both protective and restorative elements.  Enter a government agency within the Department of Commerce, the National Institute for Standards and Technology (NIST).  Nearly 110 years after its formation in 1901, it published the first Cybersecurity Framework(CSF 1.0), offering organizations a blueprint or roadmap to protecting their assets in the age of cybercrime.  

Now, nearly a decade after publishing version 1.0 they are updating the framework to reflect ten years of experience and lessons learned in how best to safeguard our digital environments.  Many security practitioners are already familiar with the core functions of 1.0;  Identify, Protect, Detect, Respond and Recover.  The new framework introduces Govern; as the new function covers a critical gap, offering organizations a clear path to establishing a set of milestones and including cybersecurity in the organization’s overall business continuity plan.

CSF Core Functions at a Glance:

Govern

The newest addition to the CSF2.0, Govern lays the groundwork of the cybersecurity strategy by understanding, incorporating and monitoring the organization’s policies and procedures in regards to the risk management framework.  Critical aspects of this function are a deep understanding of how the organization functions within its industry as well as an understanding of the different roles, what responsibilities will be assigned to them and what oversight will ensure that all critical elements of the strategy are implemented.

Identify 

The identify function is foundational in the formation of a cohesive strategy.  While carrying out this step or function in the process an organization will identify assets, their supply chain, and the risks that are associated with each.  The assets often include things like hardware (computers, hard drives, servers, industrial machinery), data (sales data, employee records, business plans, fiscal forecasts, ect), facilities, and people.

Protect

Once the organization has identified all relevant assets and risks associated with them they work to erect safeguards to help manage and mitigate as many of these risks as possible.  Key tools that are helpful with this step include identity and authentication management, access controls, data security and awareness and training.  Ensuring the resilience and security of the assets and infrastructure are the goal of this function.

Detect

Unfortunately, as stated at the beginning, the current thinking, and what practice continues to show, is that it's only a matter of time before a company is breached and compromised.  The Detect function is critical for the timely discovery and analysis of anomalies, indicators of compromise, and potentially adverse events.  These events signal that cybersecurity attacks or incidents may be occurring.  This function supports the ability to identify cybersecurity threats promptly, facilitating successful incident response and recovery activities.

Respond

Once a breach is detected, the Respond function outlines the actions to contain its effects.  It supports the organization's capability to manage and mitigate the impact of cybersecurity incidents.  This function covers incident management, analysis, mitigation, reporting, and communication, ensuring a coordinated and effective response to security breaches.

Recover

The Recover function focuses on restoring the assets and operations affected by a cybersecurity incident.  It aims to reduce the effects of cybersecurity incidents by supporting the timely restoration of normal operations and facilitating appropriate communication during recovery efforts.  This function ensures that the organization can quickly return to its standard operational status, minimizing downtime and the economic impact of the incident.

The Key to the Core Functions

The Govern function sets the stage for embedding cybersecurity into the fabric of the organization.  It's crucial because it ensures that cybersecurity is not an afterthought but an integral part of the strategic planning and daily operations.  By incorporating good security practices into both long-term strategies and short-term objectives, organizations can create a culture of security awareness and preparedness.  A clear governance structure provides direction, facilitates compliance with regulations, and establishes protocols for responding to incidents, thereby reducing legal and financial risks associated with cybersecurity breaches.

Understanding the organization's assets, systems, and data is the cornerstone of an effective cybersecurity strategy.  The Identify function is essential because it allows organizations to focus their efforts and resources on protecting the most critical assets.  It’s akin to knowing the valuables within a fortress; without this knowledge, defenses could be misallocated, leaving critical assets vulnerable.  This step also involves understanding the cyber threat landscape and how it relates to the organization's specific vulnerabilities, enabling targeted and effective risk management strategies.

Once assets are identified, the Protect function implements the necessary safeguards to shield them from threats.  This ongoing process is crucial for preventing unauthorized access, breaches, and other cyber threats.  It encompasses a wide range of practices, from access control and data encryption to employee training and security policy enforcement.  By proactively securing assets, organizations can prevent breaches and minimize the impact of any potential incidents, ensuring the continuity of operations and safeguarding organizational reputation.

The ability to detect anomalies, intrusions, and cybersecurity incidents in real-time is critical to maintaining cyber health.  Early detection is vital for limiting the scope of an attack and preventing deeper access to the network.  It involves continuous monitoring and the use of sophisticated detection technologies, such as smart firewalls, that can identify even subtle signs of malicious activity.  This capability enables organizations to respond more swiftly and effectively to threats, reducing the potential damage and costs associated with a breach.

A prompt and well-orchestrated response to an incident can significantly mitigate its impact.  The Respond function ensures that organizations have a plan in place to address and contain threats as they are detected.  This includes predefined roles and responsibilities, communication plans, and procedures for analyzing and neutralizing threats.  A swift and accurate response is essential for preventing a cascade of breaches and minimizing downtime, financial losses, and damage to the organization’s reputation.

Finally, the Recover function focuses on restoring systems and operations to normal following a cybersecurity incident.  This involves not only the technical aspects of restoring IT operations and services but also addressing the broader business impacts.  A clear and practiced recovery plan ensures that operations can resume smoothly and efficiently, reducing the long-term consequences of the incident.  It also includes lessons learned and post-incident reviews to improve future resilience and response capabilities.

Countering Resistance to Change

In a perfect world, cybercrime wouldn’t exist, in the world that does exist, cybercrime exists and in 2023 it cost an estimated 11.5 trillion.  Over the next three years, the cost is projected to more than double, reaching $23.82 trillion by 2027, illustrating the need to incorporate a more security centric mindset in long term organizational planning.  Inertia and organizational resistance to change could potentially cost an organization.  According to the Harvard Business Review “Resistance is usually created because of certain blind spots and attitudes which staff specialists have as a result of their preoccupation with the technical aspects of new ideas.” These blind spots and preoccupations cause friction as people attempt to navigate the changes that their organization is undergoing.  The addition of the new Govern function seeks to close this gap by offering organizations a more unified vision of how cybersecurity can be incorporated into an organization's long term planning.

Wrapping it Up

The cybersecurity landscape will continue to evolve and grow to encompass a larger portion of the working landscape.  The revision and migration to the CSF2.0 reflects the key lessons learned over the past decade and reflect this through the introduction of the govern function.  Resistance opposed to the incorporation of the Govern function can be countered by illuminating the blind spots that the function is working to resolve.

References

Arghire, I. (2024, March 1). Golden Corral data breach impacts 180,000 employees. Security Week. https://www.securityweek.com/data-breach-at-golden-corral-impacts-180000-employees/

Charlton, E. (2024, January 10). 2023 was a big year for cybercrime. World Economic Forum. https://www.weforum.org/agenda/2024/01/cybersecurity-cybercrime-system-safety/

Lawrence, P. (1969, January). How to deal with resistance to change. Harvard Business Review. https://hbr.org/1969/01/how-to-deal-with-resistance-to-change

National Institute for Standards and Technology. (2024). The NIST Cybersecurity Framework (CSF) 2.0. https://doi.org/10.6028/nist.cswp.29

Richgels , J. (2024, March 2). UW Health Says Information on Some Patients Compromised in Cybersecurity Incident. Wisconsin State Journal. https://madison.com/news/local/business/health-care/uw-health-patient-information-cybersecurity-incident/article_0b82101e-d7ef-11ee-9c74-6fd837d826c4.html

The author discloses the use of generative AI in the outlining process