Webinar | Strengthen Your Cybersecurity Posture with CIS Controls

This content is provided by our sponsor, and neither is written by nor provides endorsement from ICBA.

Just as washing your hands limits the spread of the flu and other viruses, practicing good cyber hygiene limits your exposure to cyber threats. But many organizations still fall short in their cyber hygiene practices.

The list of the biggest data breaches from this century reveals more than 4.99 billion records have been exposed, with companies like Yahoo, eBay, Equifax, Target and JPMorgan Chase making the top ten. Equally disturbing is the fact that eight of the top 10 breaches occurred within the last five years.

Even though many organizations are not where they should be in terms of defending against threats, there is good news; it is possible to significantly reduce your risk of cyberattack. Using the Center for Internet Security (CIS) Controls as a framework, organizations can build and maintain a strong cybersecurity posture, even with budget and resource limitations.

Stop Today’s Attacks With the CIS Controls

The CIS Controls are a recommended set of actions for cyber defense that provide specific ways to stop today’s most common and threatening attacks. These controls, considered the gold standard, are purposefully designed to be both user—and budget—friendly.

According to the SANS Institute, the CIS Controls were the result of a public-private partnership that included the Department of Defense (DoD), National Security Administration (NSA), CIS and SANS. The product of this partnership was published as the CIS Controls, created to help organizations of all types and sizes prioritize their own cybersecurity spending for maximum effect. The CIS list includes 20 controls, divided into three categories: Basic (1-6), Foundational (7-16) and Organizational (17-20).

There is no regulatory requirement that financial institutions implement a certain cybersecurity framework, but information security experts recommend the CIS Controls, as they are regularly updated, contain easy to understand language and are proven to reduce risk.

Using the CIS Controls as Your Cybersecurity Framework

Due to the controls’ straightforward nature and high return on investment, IT security leaders often deploy them to eliminate common attacks and vulnerabilities. Adopting the CIS Controls can simultaneously simplify and strengthen cybersecurity, but the task of implementing them can still be overwhelming due to the number of controls. To combat that, start with the first six controls, completing them in order, as they build on each other. By incorporating just the Basic Controls, you can reduce cybersecurity risk by as much as 85 percent.

Implementing and maintaining a strong cybersecurity framework is an ongoing process. Even the basic CIS Controls require effort, planning and command of appropriate tools. Many institutions will benefit from continuing to implement the Foundational and Organizational Controls as well, but this effort will depend on your organization’s resource availability, data sensitivity and level of technical expertise.

The CIS Controls provide an actionable and affordable way to incorporate good cyber hygiene throughout your organization while preventing pervasive and dangerous attacks. Your institution should consider further researching all the CIS Controls and consulting with IT professionals when developing a strategy.

Watch CSI’s CIS Controls webinar for insight into the practical applications of the framework and how to gain the maximum utility from these controls.

View on-demand webinar