Unlocking cyber resilience
What the NIST cybersecurity framework 2.0 means for your business.
The digital threat landscape is rapidly evolving, and with it, the tools organizations use to defend against cyberattacks must evolve too. Recently, Will Bass, VP, Cybersecurity Services at Flexential chatted Antonio Sanchez, Principal Security Evangelist at Fortra to discuss updates to the NIST Cybersecurity Framework (CSF) and how businesses can implement it to enhance security, resilience, and executive accountability.
Learn more about how the NIST CSF can support your cybersecurity program and the value of the new additions in CSF 2.0. Watch the full webinar, on-demand now.
The power of a framework: Clarity, structure, and strategy
Frameworks provide a proven foundation for organizations looking to strengthen their security posture. The NIST CSF—now in its 2.0 version—remains free and publicly available. It brings structure and clarity to cybersecurity initiatives by offering a common language and shared goals for technical teams and business stakeholders.
“The benefit of frameworks is that it's a great way to accelerate your cybersecurity maturity and help with the adoption. It's a good way to of understand and assess and prioritize what you should be doing to reduce the risk to the organization.”
— Will Bass, VP, Cybersecurity Services, Flexential
Key changes in the 2.0 update include:
- A sixth core function: Governance, elevating cybersecurity to a board-level priority
- Enhanced guidance and specificity in tactical execution
- New target profiles addressing contemporary threats like ransomware, supply chain attacks, and platforms
These improvements not only reduce ambiguity but empower teams to track progress, define roles and responsibilities, and ensure that cybersecurity is treated as a business risk, not just an IT concern.
Why the governance function matters
The addition of the Governance function in NIST CSF 2.0 is more than just symbolic. It pushes accountability to the C-suite and boardroom by:
- Defining roles, responsibilities, and reporting structures
- Encouraging use of KPIs (Key Performance Indicators) and KRIs (Key Risk Indicators) to measure success
- Aligning cybersecurity with enterprise goals like growth, operational efficiency, and market expansion
This top-down visibility is crucial for securing executive buy-in, obtaining funding, and showcasing measurable ROI in cybersecurity programs.
“Accountability… it’s elevating not just the security team but up to the C-suite level, as well as the boardroom. But it also provides some clarification and defines the roles and responsibilities, leaving less to interpretation.”
—Antonio Sanchez, Principal Security Evangelist, Forta
Real-world application: Risk mitigation in action
The webinar highlighted a real customer example in which Flexential security services identified and stopped a potential attack in progress. Leveraging tools like Alert Logic and in-house threat intelligence, the Flexential team was able to:
- Detect suspicious activity (Burp Suite scans)
- Block malicious IP ranges
- Analyze the incident with forensic tools and pen testing
- Avoid downtime or system compromise by acting quickly
This scenario illustrated the practical value of proactive monitoring, clear roles, and a structured incident response strategy.
Operational resiliency and incident recovery
Cyberattacks, particularly ransomware, are now more likely to disrupt business than natural disasters. During the session, speakers emphasized how integrating disaster recovery (DR) and incident response (IR) into the broader cybersecurity framework is essential.
One customer leveraged Flexential DRaaS to recover all critical systems within four hours following a ransomware event. This not only preserved operations but also allowed time for complete system remediation without compromising customer-facing environments.
Key implementation tips for organizations
Whether you’re a startup or an enterprise, implementing NIST CSF 2.0 starts with a gap analysis. Determine:
- Where you are today (current profile)
- Where you want to be (target profile)
- What gaps exist, and how to prioritize addressing them
Remember, progress is incremental. Focus first on high-impact, low-cost improvements such as policy updates and user training. As budgets and resources grow, invest in advanced tooling and external expertise when necessary.
A continuous evaluation loop ensures the framework evolves alongside your organization and the threat landscape. Engaging business leaders throughout ensures alignment with strategic goals.
Top 5 takeaways from the webinar
- Governance is key: NIST CSF 2.0 adds governance to elevate cybersecurity to a strategic priority.
- Accelerate cyber maturity: Frameworks offer a clear path for improving cybersecurity readiness.
- Mitigate modern threats: Target profiles help address ransomware, AI threats, and supply chain risks.
- Cyber insurance is evolving: Insurers now demand higher standards like MFA and EDR as prerequisites.
- DR + Cybersecurity = Resilience: DR plans are critical for business continuity after a cyber incident.
Ready to begin? Resources to explore:
Learn how to align governance, prioritize risk, and establish a mature, responsive cybersecurity posture to protect your business—explore the expert insights from 451 Research report, Achieve cyber resiliency with the NIST Cybersecurity Framework.
