Just a few months past the initial SolarWinds discovery, it is clear that standardized cybersecurity regulation is needed to outline best practices for companies to follow. A coordinated approach at the federal and even global level would strengthen companies’ security posture internally and externally, including customers and third-party vendors.We are unsure what the rest of 2021 has in store, but the most successful CISOs will be the ones ensuring security teams have access to the latest intel and tools to be prepared for emerging threats. Part of this preparedness means understanding how potential legislation could reshape cybersecurity efforts.
How Cybersecurity Measures Taken During the Obama Presidency Could Shape Biden’s StrategyPresident Barack Obama and then-Vice President Joe Biden worked together on various cybersecurity initiatives throughout the eight-year presidency, including brokering an arrangement with China to discourage cybertheft of intellectual property and developing the Cybersecurity National Action Plan (CNAP) to enhance cybersecurity capabilities in the government and private sector.The strategies developed and executed during this administration show that President Biden was motivated to improve the nation’s cybersecurity posture long before SolarWinds and provides insight into possible ways to expand the nation’s cybersecurity preparedness at a time when it is crucial.In March 2021, President Biden signed the $1.9 trillion coronavirus relief package into law, which highlights cybersecurity as a key part of economic recovery and includes nearly $2 billion in funding towards updating aging government technology and risk mitigation for the Cybersecurity and Infrastructure Security Agency (CISA), which has been in charge of the SolarWinds and Microsoft Exchange breaches.Achieve Compliance and Data Privacy Regulation Standardization at the Federal LevelWhile it’s true that no two companies operate the same and different industries demand different compliance commitments, foundational approaches are similar across the board. Too many organizations are implementing just enough measures to “check the box” on their cybersecurity strategy, which dramatically reduces the value compliance is meant to drive and leads to breaches that compromise sensitive customer data. The SolarWinds hack brought the need for federal mandates on third-party vendors and suppliers to light in an unprecedented way. In early March, the Securities and Exchange Commission Division of Examinations announced cybersecurity compliance areas such as threat management, incident response and third-party vendor management would be top priority for the rest of the year. The logical next step would be for the Biden administration to require one set of compliance regulations at the federal level that serve as a best practice framework for all organizations.Pivoting to a Global Focus for Optimal SuccessThis is an important time to talk about the need for not just a national focus, but a global cybersecurity “code of conduct” to establish governance and rules for engagement across nations and prevent the further weaponization of cyberattacks. The steps taken with China during the Obama administration were a great start, and it would be wise for the Biden administration, other countries and the United Nations to begin taking a tougher look at cybersecurity attacks and penalizing nations that operate outside of established rules.While there is currently no uniformity between regulations from country to country, the majority are based on frameworks from entities like the National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO). This is an important factor to highlight because it demonstrates that common ground already exists to define a basic security regulation for all nations.CISOs are dealing with a global pandemic, the ongoing effects of the rapid shift to remote work and the threat posed by nation-state cyberattacks in addition to their normal focus of keeping the company safe and staying ahead of emerging threats. In order to stay ahead of the curve, they should keep a close eye on the renewed legislative discussions and high-profile breaches.James Carder, CSO, LogRhythm
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
