Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.
If you’re looking to improve your organization’s cybersecurity, the NIST Cybersecurity Framework provides an excellent starting point.
Compliance with the NIST Cybersecurity Framework enables you to:
While email security isn’t the only component, it is a vital component of your organization’s overall cybersecurity program. So how can levelling up your email security bring you closer towards your NIST Target Profile?
First, let’s look at the overall structure of the Framework. Then we’ll consider how developing your organization’s email security is a key step towards NIST Cybersecurity Framework compliance.
At its broadest level, the NIST Cybersecurity Framework consists of three parts: Core, Profile, and Tiers (or “Implementation Tiers”).
Think of the Core of the NIST Framework as a three-layered structure.
At its topmost level, the Core consists of five Functions:
Then, at the next level down, each Function consists of Categories focusing on business outcomes. There are 23 Categories split across the five Functions.
Here are a few examples of some of the NIST Framework’s Categories:
At the bottom level, each Category consists of a set of Subcategories and Informative References.
Subcategories are more specific statements of an intended business outcome, while Informative References provide further technical detail available outside of the Framework.
For example, under the Data Security (PR.DS) Category sit eight Subcategories, including the following:
And here are some of the Informative References accompanying PR.DS-1: Data-at-rest is protected:
Check out the full framework for reference.
The Tiers represent different degrees to which organizations may implement the NIST Cybersecurity Framework.
There are four Tiers:
You can choose the Tier most appropriate to you, depending on factors such as your resource level, organizational maturity, and compliance demands.
Profiles allow you to adapt the Framework to meet the needs of your organization.
Establishing your Current Profile and determining a Target Profile provides a systematic way for you to work through the Functions, implementing the Categories and Subcategories that are most relevant to your organization.
Your organization’s size and resource levels may help to determine an appropriate Target Profile. But you can also consider the business context in which you operate — or the cybersecurity threats that are most likely to impact you.
NIST recently released a preliminary draft profile for managing the threat of ransomware, which we’ll look at later in this article.
In the current cybersecurity climate, email security is a key consideration for business leaders. In fact, email is the attack vector security leaders are most worried about.
We know that email serves as a key vector for ransomware, phishing, data exfiltration, and other increasingly widespread attacks and incidents.
As such, you can mitigate some of the most serious and destructive security threats by ensuring your organization operates a highly secure email system.
Now we’re going to look at some of the Categories from across the NIST Cybersecurity Framework’s five Functions, and identify how maintaining robust email security can help you meet NIST Cybersecurity Framework outcomes.
Asset Management (ID.AM): “The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.”
Effective asset management means ensuring you have overall knowledge and understanding of your organization’s inventory, information flows, and personnel.
How is asset management relevant to email security? Well, understanding your organization’s communication networks and data flows is a vital part of asset management, and email is the primary means of communication for most companies.
The ID.AM-3 Subcategory requires that “organizational communication and data flows are mapped.”
Mapping communication flows is the first step in detecting email cybersecurity events and creating a data loss prevention (DLP) strategy. An effective email security solution will use machine learning technology to establish employees’ communications networks.
Want to learn more about DLP? Check out these resources:
⚡ [Research] The State of Data Loss Prevention
⚡ Why is Email DLP So Important?
Awareness and Training: “The organization’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity related duties and responsibilities consistent with related policies, procedures, and agreements.”
Security awareness training should always feature extensive information about social engineering attacks.
Phishing, spear phishing, Business Email Compromise (BEC) — social engineering attacks that occur almost exclusively via email — rely on manipulating people into taking certain actions that expose data or compromise security.
Therefore, email security training is essential to meet the outcome associated with the PR.AT-1 Subcategory: “All users are informed and trained.”
But we know that, while essential, security training is not enough to tackle serious cybersecurity threats.
Data Security: “Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.”
Preventing data loss via email is a core requirement in maintaining data security. Email is at the root of most data breaches, whether due to phishing and other social engineering attacks, or “accidental” breaches involving misdirected emails or misattached files.
Preventing data loss via email is a key step towards meeting the outcome for Subcategory PR.DS 5: “Protections against data leaks are maintained.”
Unless there is an operational requirement for data to leave your organization, your email security software should prevent it from doing so. Effective email security software can detect and prevent unauthorized data transfers. Learn more about how Tessian prevents data loss below.
Anomalies and Events: “Anomalous activity is detected and the potential impact on events is understood.”
How does this Category tie in with email security? Well, most cyberattacks rely on email as the route through an organization’s defenses. So detecting and analyzing anomalous activity across your email activity is essential.
Within the “Anomalies and Events” Category, the following Subcategories are particularly relevant to email security:
Security Continuous Monitoring: “The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.”
Monitoring your organization’s email activity is a crucial element in your overall security continuous monitoring efforts.
The following “Security Continuous Monitoring” Subcategories are of particular relevance to email security:
Detection Processes: “Detection processes and procedures are maintained and tested to ensure awareness of anomalous events.”
This means any email security solution must be continuously monitored and improved to ensure it can defend against the latest cyberattacks.
Here are some relevant “Detection Processes” Subcategories:
In June 2021, NIST published Preliminary Draft NISTIR 8374 — Cybersecurity Framework Profile for Ransomware Risk Management.
Ransomware is becoming the most severe cybersecurity threat in the current threat landscape. Because many, if not most, ransomware attacks start via email, improving your organization’s email security and its ransomware defense posture go hand-in-hand.
As mentioned above, setting a Target Profile is an important step in implementing the NIST Cybersecurity Framework. To defend against the increasingly serious ransomware threat, you may choose to work towards the Ransomware Risk Management Profile.
Implementing the draft Profile means achieving numerous Category outcomes from across all five Functions. We won’t go into the full details of the Profile here, but we recommend checking it out — particularly in the current threat climate.
Tessian is a modern email security solution driven by machine learning. As well as monitoring inbound and outbound emails for signs of phishing, malicious attachments, data exfiltration, and accidental data loss, Tessians scans your employees’ email activity to learn how they “normally” act, and flags suspicious behavior.
This intelligent, context-driven approach means Tessian will allow your employees to work uninterrupted, and access the legitimate files and links they need across devices — while being alerted to anomalous and suspicious email content.
Tessian’s in-the-moment warnings help reinforce training and nudge employees towards safer behavior over time.
Tessian’s Human Layer Security platform uses machine learning (ML), anomaly detection, behavioral analysis, and natural language processing (NLP) to detect a variety of suspicious signals:
Learn more about how Tessian can transform your organization’s cybersecurity program.
