Wave of Cyber Security Regulations Starting To Spread
In our digital age things happen fast. New technologies, new abilities and new threats appear at lightning speed, so quickly that everyone is having a difficult time keeping up. The thrill of new possibilities with new solutions often takes precedence over keeping up with security measures. That is even more dangerous with ransomware and other threats coming like an endless stream of waves, hitting large worldwide organizations as well as individuals. Stemming the rate of or putting an end to the attacks seems impossibly overwhelming.
The EU set the stage for companies by establishing the GDPR regulations for any company in the EU or doing business with any company in the EU. The EU deadline for being compliant is coming up on May 25, 2018. Now the U.S. is starting to follow the example as well as China, Singapore and the UK. While the regulations may not go into effect soon enough nor be tough enough to make companies compliant, it is a start.
When Companies Don’t Make Cyber Security A Priority
The need for the new regulations came out of the fact that many of the biggest cyber attacks were largely preventable. By now everyone already knows that the WannaCry criminals exploited a patching code vulnerability. This has led to the wave of new regulations as forbes.com has said, “We’re now seeing new regulations emerge that are forcing organizations to get their proverbial houses in order. These regulations feature a new characteristic: They’re hitting companies where it hurts, with steep penalties for those that don’t comply.” (https://www.forbes.com/sites/forbestechcouncil/2017/08/25/the-cybersecurity-regulatory-crackdown/#373818f64573)
Cyber security protocols must become the number one concern of businesses if they want to survive the growing wave of threats. Literally, the threats are coming from everywhere. I just read in another recent forbes.com article, an announcement that an app has been created that allows cybercriminals to create ransomware on their mobile devices. (https://www.forbes.com/sites/leemathews/2017/08/25/new-mobile-app-lets-wannabe-cybercriminals-create-ransomware-with-ease/#24ee85a832c4) This makes it rather obvious that there is very little sophistication required to cause disruption on a wide scale basis.
Will A Combo Of People, Processes And Technology Be The Answer
According to the article about the regulatory crackdowns, “It’s clear that technology is no longer enough. It takes a combination of people, processes and technology to effectively combat today’s threats, which is why we’re seeing the regulatory environment heat up.” (https://www.forbes.com/sites/forbestechcouncil/2017/08/25/the-cybersecurity-regulatory-crackdown/#373818f64573)
In this new world that is being created there will need to be people in place who know the processes and technologies that will provide the breadth and depth of protection to keep businesses compliant with new regulations. According to the article, “The New York Department of Financial Services cyber security regulation, for example, requires that financial services companies hire a CISO who will put the proper risk assessments and processes in place for employees to use and follow. This regulation also requires that firms report any attempted data breach, and that they enforce their third-party providers to step up their security measures too.”
Prevention Is The Best Medicine And Hurts Less
Companies must protect their assets, data and otherwise. This protection can only happen with the most aggressive cyber security protocols in place. Soon enough the regulations will be imposed and the penalties are sure to be steep. In the EU non-compliance with the GDPR regulation can be up to £17 million, or 4% of global revenue. Ouch!
When you are ready to explore how to take the most effective measures against further imminent cyber attacks call our offices for a free consultation.