It is known that the world is now entering a new era in terms of cybersecurity threats, for example how ransomware like WannaCry and Petya have wreaked havoc throughout the whole world recently, but it is less commonly known that it is entering a new era in terms of cybersecurity regulations as well.
It is quite evident that cyber attacks are one of the most dangerous, and unfortunately most prevalent risks that businesses face today. The reason why new cybersecurity regulations are being put into place is because of the fact that the majority of all cyber attacks occurring within businesses are largely preventable; for example, the large HBO breach involved hackers exploiting an insecure file transfer protocol. Moreover, the implications of these laws and regulations in various regions will cause these large corporations to take action upon their technical vulnerabilities, as they will receive very steep penalties if they do not.
Furthermore, it’s clear that technology alone is no longer enough to combat today’s threats, rather it takes a combination of people, processes and technology to do so. Several regulations have already been instated, for example the New York Department of Financial Services’ requirement of financial services companies to hire a CISO who will put the proper risk assessments and processes in place for employees to use and follow. The effect that these laws and regulations will have on all industries will be very large and beneficial, although likely slow and tedious, and will require corporations to invest in modern IT security infrastructure to protect their customers’ invaluable data.
Short related video: