Evolving Cyber Regulations: Simplify Your Approach to Patchwork Regulations
Corporations have been undergoing the digital transformation process for years. Then COVID hit and created an urgency for digital and cloud infrastructure. As a result, many businesses have advanced their technology platforms quickly, but not yet figured out how to protect all of their shared data and digital applications.
This has left IT and security teams scrambling to fend off increasing cyber attacks at a time when hackers are more nimble and sophisticated than ever before. According to IBM’s latest Cost of Data Breach Report, the share of breaches caused by ransomware alone grew 41% in the last year and took 49 days longer than average to identify and contain. Moreover, data breach costs are up 13% from 2020 to 2022.
Recognizing the enormous risk to companies, health care systems, nonprofits, governments, and more, the Cybersecurity & Infrastructure Security Agency (CISA) and legislators have stepped in with a patchwork of cyber regulations designed to provide guardrails to help protect organizations and institutions. But understanding their applications and keeping up with which regulations are controlling is challenging and costly. Many new regulatory bodies have recently entered the fray. For example:
-
In March, the SEC proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The amendments are intended to better inform investors about a registrant’s risk management strategy, and governance to provide timely notification to investors of material cybersecurity incidents. They would require, among other things, current reporting about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents.
-
In June, the US passed two new cybersecurity bills designed to strengthen the federal cyber workforce and foster collaboration across all levels of government. The new laws continue a trend of increased efforts to shore up cybersecurity at the federal, state, and local levels.
-
In July, the NCUA (National Credit Union Incident Reporting) became the latest arm of the federal government moving to require organizations under their regulatory purview (federal insured credit unions) to notify and report substantial cyber incidents to the government within 72 hours.
These and other enhanced data security mandates call for an additional layer of defense. IT and security teams working to head off cyber incidents must evaluate their current protection strategies, including tackling the challenge of drilling down to pinpoint who owns and can authorize access to the data. In order to do this effectively, organizations need to look beyond traditional credentials-based security measures that are widely recognized as a serious weakness, and move toward a modern-day approach that is easy to deploy irrespective of the environment. With swelling volumes of data scattered across a myriad of locations, new and expanded regulations call for advanced protections that are dedicated to preventing unauthorized access. A crucial place for organizations to start is with multifactor encryption.
Atakama’s multifactor encryption solution is data centric and decentralized to protect organizations from data exfiltration, even when identity and rules-based access controls fail. Using multifactor encryption allows for the highest levels of data security without sacrificing business performance and productivity. The concept is simple, but the approach completely changes the way data is protected and provides that additional layer needed to keep pace with the evolving regulations.
Organizations that embrace this paradigm achieve not only better security regarding their data but also send an important signal to potential attackers that security is hardened overall, not just within the realm of protecting data but also within other aspects of security. And thanks to its unique approach, adopting multifactor encryption is a simplified and streamlined way of staying in sync with current and future cybersecurity regulations.
For more information on how multifactor encryption can help your organization stay compliant with the evolving set of regulations and be safeguarded against future cyber threats, contact Atakama today.