The Importance of Cybersecurity Standards

By John King, CISSP, PMP, CISM •  Updated: 07/05/22 •  3 min read

Introduction

Unfortunately, we live in a world where it’s open season for businesses. Hackers, financially motivated or state-sponsored, have turned other people’s livelihood into an illegitimate source of revenue. For small to medium businesses (SMB) the threat posed reaches the level of an existential crisis. SMBs typically don’t have the budget to hire a full team of qualified and experienced cybersecurity professionals but the need for security is still there. One method smaller companies can shore up their defenses is by adopting cybersecurity standards.   

What are these standards?

Sadly, 60% of SMBs close their doors six months following a successful breach so defining cybersecurity standards is of vital importance for this article. Cybersecurity standards are set up by either legislation or a third party responsible for maintaining a standard or certification that sets forth easily adoptable techniques, controls, and processes that maintain a certain level of protection. 

Once a business can say they comply with a specific set of standards or certifications they display higher levels of credibility to stakeholders, insurance providers, potential clients, and potential partners in terms of its security posture. While meeting a standard does require a capital outlay and a reputable third party to complete a compliance assessment, it is far less expensive than developing an in-house security operations center from scratch.

Why are these standards important?

Defining what a standard typically begs the question as to why cybersecurity standards are important? The most obvious answer, and the one that generates the most value over time for the organization, is that they can drastically improve the security posture of an organization without the adoption of expensive newer technologies. Cybersecurity standards look to prevent attacks but attacks do happen, that is just our current reality. Standards and certifications require the organization to have incident response policies in place. This in itself is reassuring as those responsible for responding to an incident know what needs to be done.

We have already mentioned that successfully adopting and implementing standards can be beneficial to future relations with stakeholders, insurance providers, potential clients, and potential partners. However, another advantage of adopting standards is that they can quickly be leveraged into a cybersecurity strategy. This can allow the SMB to properly structure its approach to cybersecurity well into the future. The adoption of standards can help create a new security focussed culture where everyone receives a high level of education regarding current and future cyber threats.

Using a standard as the foundation of your cybersecurity strategy helps further develop an understanding of the business’s needs. This further allows for better spending when it comes down to selecting what solutions and technologies suit identified risks. Your finance department will certainly be in favor of such an approach. Further, such an approach sets up a future framework for security decisions down the road.

Conclusion

Cybersecurity standards are important as they provide a broad base of individuals and organizations the opportunity to drastically increase their security posture. The article has highlighted other benefits but the main reason to adopt a standard be it GDPR, HIPAA, ISO27000, or NIST to name a few is to help prevent attacks that have the ability to close businesses for good. A smart business leader will leverage a standard for the good of the business but the ultimate value is preventing attacks and responding appropriately if one happens.

John King, CISSP, PMP, CISM

John King currently works in the greater Los Angeles area as a ISSO (Information Systems Security Officer). John has a passion for learning and developing his cyber security skills through education, hands on work, and studying for IT certifications.