HomeAiNew Cybersecurity Regulations: A Step-by-Step Guide to Compliance

New Cybersecurity Regulations: A Step-by-Step Guide to Compliance

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 05/12/2023 by Dolly

The scale of cyberattacks and their impact mean that the effects of these incidents can spread across societies and borders at a time when cybersecurity systems have reached a tipping point and after years of letting private sector organizations deal with cyber incidents on their own.

Governments now feel pressure to “do something,” and many are considering enacting new rules and laws. However, lawmakers frequently struggle to control technology because they do so out of political necessity, and most do not have a firm understanding of the technology at issue. The effects, impacts, and uncertainties on businesses are frequently not realized until after the fact.

New Cybersecurity Regulations: A Step-by-Step Guide to Compliance 1

The Federal Trade Commission, Food and Drug Administration, Department of Transportation, Department of Energy, and Cybersecurity and Infrastructure Security Agency are all developing new rules that will be enforced in the United States. In addition, in 2021 alone, 36 states enacted new cybersecurity legislation. Globally, there are numerous initiatives, including the GDPR and its incident reporting requirements in the EU, the data localization requirements in China and Russia, the CERT-In incident reporting requirements in India, and others.

However, businesses do not have to wait impatiently for the rules to be developed and put into effect. Instead, they should be working right away to comprehend the types of regulations that are currently under consideration, identify the uncertainties and potential effects, and get ready to take action.

New Cybersecurity Regulations: A Step-by-Step Guide to Compliance 2

Observations for Companies and Organizations

Make certain your processes are effective

SEC-regulated firms, which include many of the leading US businesses, urgently need to clarify the concept of ‘materiality’ in light of recent regulations. They need to assess and review their existing policies and procedures to determine the validity of ‘materiality’. Quick and frequent decisions require streamlined operations for compliance.

New Cybersecurity Regulations: A Step-by-Step Guide to Compliance 3

Keep your ransomware policies up to date

Across the board, regulations are being made, including those relating to reporting ransomware attacks and, in particular, the criminalization of paying for ransomware. The operation of cybersecurity insurance policies may need to change, and company policies on ransomware payments need to be reviewed.

New Cybersecurity Regulations: A Step-by-Step Guide to Compliance 4

Prepare for the “Software Bill of Materials” to examine your supply chain in more detail.

Many companies did not know they had a vulnerability called log4j that came packaged with other software. A Software Bill of Materials (SBOM) is a detailed and up-to-date list that quickly and accurately shows all the different pieces of software embedded in complex computer systems, and it is recommended that companies actively use this list.

Even though SBOM might be useful for other things, it might necessitate major changes in how your business creates and acquires software. Management needs to assess how these changes will affect the organization.

New Cybersecurity Regulations: A Step-by-Step Guide to Compliance 5

What else for now?

These regulations must frequently be reviewed by a group or an individual on an ongoing basis, and their impact will be determined. In general, the information technology and cybersecurity team focuses on technical aspects. They do, however, have a company-wide impact, and normal business must adapt once more. Your company should stay up to date on new regulations and may want to actively incorporate them. 

Read More:
  1. SaaS Security: How to protect user data as a SaaS?
  2. 5 security flows of communication library that can get targeted by the attackers
  3. With what intentions did Google buy this well-established cybersecurity firm?
Candeğer Şen
Candeğer Şen
Hello, I'm Candeğer Şen, a devoted language enthusiast with a profound interest in both human and machine languages, software development, and the art of persuasive copywriting.
- Advertisment -

Must Read

edge-ai

Challenges and Opportunities in Deploying AI Solutions in Edge Computing Environments

0
Edge AI is a ground-breaking new paradigm that has the potential to completely change how companies run. Organizations can seize new chances for creativity,...