Increased Cyber Regulation in the Offing as Attacks Mount

  /     /     /  
Publicated : 23/11/2024   Category : security


Increased Cyber Regulation in the Offing as Attacks Mount


Cybersecurity could be heading for a Sarbanes Oxley-type of regulation in light of escalating attacks, but the devil is in the details.



BLACK HAT EUROPE 2023 — London —
 Expect governments to impose greater levels of cybersecurity regulation if businesses cannot defend against major attacks and stop breaches from happening.
Thats a prediction from Black Hat founder Jeff Moss, speaking at Black Hat Europe in London this week. He believes that eventually, the world will come to a tipping point where too many highly impactful breaches and escalating infrastructure hits from nation state-sponsored attackers will spur governments to act.
Self-regulation is not working, he noted from the keynote stage.
Moss also said that security could head towards a
Sarbanes Oxley
(SOX) moment, a US law implemented after the 2001 collapse of
Enron
that protects investors by auditing for fraudulent accounting and shady financial practices at publicly traded companies. Achieving
SOX compliance
requires financial reports to include an internal controls report to show that a companys financial data is accurate, and adequate controls are in place to safeguard financial data — and one can easily see how that could translate to cybersecurity auditing.
Meanwhile, Black Hat Europe keynote speaker and former Uber CISO
Joe Sullivan
(who himself has been convicted of and on probation for fraud for failing to alert regulators of a 2016 cybersecurity breach at the ride-share giant) stresses that regulators need to be level-headed in terms of who should be held accountable for keeping people safe, and consider the realities of how data breaches and their containment play out on the ground. Should someone face jailtime for succumbing to social engineering, for instance? Is the CFO who doesnt think two-factor authentication fits the company budget on the hook for fines when an account takeover leads to a ransomware attack? What about the security team who failed to appropriately make the case for it?
Speaking to Dark Reading, Sullivan uses the example of the SECs newly implemented data-breach reporting rules; when the
SEC put a request out
for feedback on a draft set of the rules, it failed to incorporate insight from those working in the trenches, he alleges.
I wish the security community would actually give them feedback, not just the [victims affected by breaches], he says. I think most of the people who have sat in those government seats have never sat in the CISO seat or the security engineer seat, and theyre not going to have empathy.
Even so, a regulatory approach, if done correctly, could make security a whole-of-company focus, which could lead to positive outcomes in terms of preparedness and defenses, he says.
[The] regulators message is, if youre not going to keep people safe, there is going to be consequences, he notes. We need that to be heard at the highest levels of the company, not just at the security level of the company, and then well get real change.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Increased Cyber Regulation in the Offing as Attacks Mount