Let’s look at how regulatory landscape is shifting and what businesses can do in response
Changing Cybersecurity Landscape
The U.S. has no comprehensive national cybersecurity law, but that could and should change soon. On April 4, the Department of State announced a new agency: the Bureau of Cyberspace and Digital Policy (CDP).
CDP will focus on cyberspace, digital technologies, and digital policy, possibly establishing nationwide, up-to-date security regulations.
This changing regulatory landscape comes in response to growing cybersecurity risks and concerns. Cyber warfare has broken out in the Ukraine/Russia conflict, with hackers taking government sites offline, spreading misinformation, and taking down communications networks. As infrastructure and organizations rely more heavily on digital technologies, these attacks become increasingly concerning.
Apart from cyber warfare, general cybercrime has skyrocketed as digital data plays a more crucial role in businesses. Supply chain attacks like the SolarWinds hack highlight how third parties’ vulnerabilities can impact businesses.
Consequently, since business valuation methods weigh risk factors, companies that aren’t up to certain security standards may not be able to make strategic partnerships.
In light of these growing risks and possible new regulations, businesses must embrace higher security standards. Here’s what that should entail.
The first step is paying attention to developing regulations and ensuring compliance with them. Existing legislation like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can serve as guidelines.
Some companies may fall under these regulations and not realize it, so they should review their data and these laws to make sure.
Even if these laws don’t apply to some businesses, adopting their standards can be helpful. While these regulations differ, there’s often significant overlap between them, so embracing their standards could help prepare for future laws. Machine learning network management tools can help install updates across a network to align operations with new regulations.
While the national government has yet to release comprehensive security policies, they have published recommended actions. On March 21, the White House a cybersecurity fact sheet in response to rising cyber warfare risks. Businesses should review these and implement any steps they haven’t already.
These recommended actions include:
- Mandating multi-factor authentication (MFA)
- Using continuous threat-monitoring tools
- Encrypting and backing up data
- Educating employees on best security practices
- Running emergency simulations to train quick responses
- Checking for and patching vulnerabilities like stolen passwords
- Building relationships with government security offices
Businesses should also check with regional departments and agencies and any government partners for any other recommendations for their specific situation. Complying with these guidelines will likely help organizations comply with new regulations even before they emerge.
Going Above and Beyond
Cybercrime is continually evolving, and as current events highlight, regulations and official recommendations aren’t always timely. Consequently, businesses should raise their standards above what regulatory bodies expect.
Some regulations, like the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC), consist of multiple tiers of increasingly advanced protections. Instead of settling for the lowest applicable option, organizations should aim for the highest.
It’s important to take the mindset of what makes the company, its customers, and its partners the safest instead of focusing on requirements.
Steps like establishing zero-trust architecture or using artificial intelligence (AI) to monitor and adapt networks may not be required but vastly improve security. Given how quickly new cyber threats emerge, businesses can never become complacent in their security.
The Nation Needs New Cybersecurity Regulations
Recent cybercrime trends emphasize the need for new, more comprehensive cybersecurity regulations. While businesses look for these laws to come about, they should take the initiative to raise their standards.
As more businesses hold themselves and their partners to higher security standards, the nation’s overall cybersecurity will improve. New regulations are necessary to guide companies in better practices, but security can and should advance before them.