BLACK HAT EUROPE 2023 - London - Expect governments to impose greater levels of cybersecurity regulation if businesses cannot defend against major attacks and stop breaches from happening.
That's a prediction from Black Hat founder Jeff Moss, speaking at Black Hat Europe in London this week.
He believes that eventually, the world will come to a tipping point where too many highly impactful breaches and escalating infrastructure hits from nation state-sponsored attackers will spur governments to act.
Moss also said that security could head towards a Sarbanes Oxley moment, a US law implemented after the 2001 collapse of Enron that protects investors by auditing for fraudulent accounting and shady financial practices at publicly traded companies.
Achieving SOX compliance requires financial reports to include an internal controls report to show that a company's financial data is accurate, and adequate controls are in place to safeguard financial data - and one can easily see how that could translate to cybersecurity auditing.
Black Hat Europe keynote speaker and former Uber CISO Joe Sullivan stresses that regulators need to be level-headed in terms of who should be held accountable for keeping people safe, and consider the realities of how data breaches and their containment play out on the ground.
Speaking to Dark Reading, Sullivan uses the example of the SEC's newly implemented data-breach reporting rules; when the SEC put a request out for feedback on a draft set of the rules, it failed to incorporate insight from those working in the trenches, he alleges.
A regulatory approach, if done correctly, could make security a whole-of-company focus, which could lead to positive outcomes in terms of preparedness and defenses, he says.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 08 Dec 2023 20:50:10 +0000