GlobalSign Blog

NICE Job: How Companies Can Navigate Nasty Threats with a NIST Framework

NICE Job: How Companies Can Navigate Nasty Threats with a NIST Framework

Both the cost and frequency of cyberattacks are increasing.

According to the IBM Cost of a Data Breach 2022 report, the average global cost of a data breach — from initial detection to damage caused to remediation — reached $4.35 million this year. In the United States, the cost of a breach was more than double the worldwide average, coming in at $9.44 million.

Recent results from security firm Kaspersky, meanwhile, found that in 2022 attacks such as Trojan Password Stealing Ware (PSW) increased from just over 3 million in the first four months of 2021 to more than 4 million in the same period of 2022. Website redirect attacks and sites containing malicious code jumped to over 35 million in 2022, an increase of 3 million from the year before.

These statistics suggest a hard truth: Despite best efforts, attacks are inevitable. As a result, businesses need strategies that help them respond ASAP to minimize monetary and operational impacts. The National Initiative for Cybersecurity Education (NICE) framework developed by the National Institute for Standards and Technology (NIST) can help. Here’s how. 

The Current State of Cybersecurity 

Before digging into the details of NICE, it’s worth understanding current cybersecurity conditions.

On the positive side, more companies are now leveraging machine learning (ML) and artificial intelligence (AI) tools to automate key detection and response processes. As noted by the IBM study, companies with well-developed AI and automation programs saved up to $3 million in data breach costs thanks to quicker detection and better remediation.

Attackers, meanwhile, are leveraging the same types of technologies to build better malware. Consider the rise of ransomware-as-a-service (RaaS), which sees skilled attackers creating ransomware tools that low-skilled attackers can use to compromise businesses and demand payment. Instead of carrying out attacks themselves, these designers sell their “products” in online marketplaces, going so far as to provide customer support for buyers who have trouble deploying these attack vectors.

According to data from security provider Barracuda, both baiting and phishing attacks are gaining ground, with 35% of organizations saying they were targeted by a baiting attack in September 2021 — despite efforts by IT teams to educate staff and put automated defenses in place. Part of the challenge stems from bait attacks themselves. Since these bait emails typically contain minimal text and no links, they’re often overlooked by detection tools. If staff respond to these emails, attackers know the email account is active and follow up their first message with a more aggressive phishing attempt.

No More NISTer NICE Guy

NIST created the NICE framework to help companies better manage cybersecurity threats. According to NIST, the framework “establishes a common lexicon that describes cybersecurity work and workers regardless of where or for whom the work is performed.” By using a common language to describe threats, risks, and responses, the framework looks to reduce the impact of security incidents by eliminating potential areas of confusion or complexity.
The framework is divided into seven core categories, 32 specialty areas, and 52 work roles, along with a set of capability indicators for each — including certifications, training, and experience — that could help staff succeed in a given role. The seven core categories include:

  • Security Provision

Security provision speaks to the need for system and network development that helps reduce total attack risk. Work roles include risk management, systems architecture, and systems testing.

  • Operate & Maintain

This category focuses on the maintenance and administration of IT systems. Its associated work roles include data administration, knowledge management, and network services configuration.

  • Oversee and Govern

Leadership and management are the focus of this category. Common work roles in oversee and govern include security training, strategic planning, and executive leadership.

  • Protect and Defend

For the protect and defend category, threat mitigation is key. Work roles include defense analysis, incident response, and vulnerability assessment and management.

  • Analyze

The analyze category looks to collect and evaluate security data to improve business intelligence. Threat analysis, exploitation analysis, and target analysis are common work roles.

  • Collect and Operate

Data collection and operational planning are the priorities of this category. Roles include collection operations, cyber operations, and operational planning.

  • Investigate

This category investigates security incidents or crimes through work roles such as cyber investigation, digital forensics, and forensic data analysis.

Taking on Threats with TKS

Put simply, the NICE framework looks to put the right people in the right place to limit the impact of security threats such as ransomware, phishing, and other malware attack vectors.
In practice, this is achieved through applying task, knowledge, and skill (TKS) statements, which NIST describes as the core building blocks of the NICE framework.

In combination, TKS statements create a competency area, which is a “measurable cluster of related task, knowledge, or skill statements that correlates with performance on the job.” In other words, these competency areas identify what staff is doing, where they need the knowledge to be successful, and how they will accomplish the task.

Consider phishing attacks. For front-line staff, example, TKS statements might look like this:

Task — Don’t respond to phishing emails.
Knowledge — Awareness of common phishing tactics.
Skill — Ability to communicate risk to security teams.

If all three components are present, the phishing risk goes down. If not, more training or additional tools may be required.

When it comes to security professionals handling ransomware, meanwhile, example TKS statements include:

Task — Detect potential ransomware attacks
Knowledge — Understanding of common and emerging threat vectors
Skill — Competency in using security tools and monitoring networks for possible threats

Remove any of these components, and risk goes up — if staff understand the threat landscape but security tools are cumbersome and complex to use, attackers may be able to leverage this gap.

Speaking the Same Language

Ultimately, the NICE framework aims to provide a universal language for security incidents and responses that make it easier for companies to detect, identify, and respond to emerging threats.

This common language approach is underpinned by work roles and TKS statements that help organizations ensure they have the right people in the right place at the right time to combat security threats. These statements also streamline identifying knowledge or skills gaps that could be addressed by additional training, more hands-on experience, or specific IT certifications.

Ready to better navigate nasty IT threats? It pays to be NICE.


Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.

Share this Post

Related Blogs