It can take a lot of pain to motivate someone to make a lasting change in behavior. This is true not only for individuals who need to shed self-destructive habits, but for organizations that lack a prudent cybersecurity strategy.
While ransomware threats like Petya and WannaCry continue to take the cybersecurity spotlight, large companies still are falling victim to hacking tricks that have been around for ages, leading to massive (but preventable!) data breaches such as those suffered by HBO and Home Depot in past years. Employers keep lagging behind in their defenses, even as cybercriminals keep churning out yesterday’s hacks.
However, regulatory agencies have started waking up to the fact the industries they oversee have made little headway in the cybersecurity fight. This has prompted a noticeable crackdown on compliance standards from several agencies.
The U.S. Securities and Exchange Commission in 2016 made waves with its pledge to come down on compliance laggards following the breach of the SWIFT messaging platform and resulting hacks on the international banking system. Shortly after, the New York Department of Financial Services (NYDFS) raised alarms among financial organizations, announcing a new mandatory set of cybersecurity regulations for firms it oversees.
As of late August, the deadline for meeting NYDFS standards has passed and meanwhile, across the pond, companies doing business in Europe are sweating an additional regulatory crackdown initiated by the European Union’s General Data Protection Regulation (GDPR) legislators. New regulations, which will go into effect at the end of 2017, place new requirements on businesses with regard to recording and handling consumers’ personally identifiable information.
The current wave of intensified compliance requirements and increased scrutiny likely won’t change course until more organizations have caught up with today’s cybersecurity demands. For those businesses, nonprofits and other groups that have been dragging their feet, the time to act is now — before government agencies start to pile fees on top of your cybersecurity costs.
If you need to establish a cybersecurity governance plan for your organization or enhance your processes, Lunarline is here to help. To learn more about the services and solutions we provide, contact us today.