Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Lawmakers Will Impose Far Stricter Cybersecurity Regulations
By Larry Whiteside Jr., Chief Information Security
Officer at RegScale
2024 is just days away and the need for more (and better)
cybersecurity regulations has never been clearer. Cyberattacks pose a clear and
persistent threat as attackers target organizations across all sectors:
critical infrastructure, the public sector, and public and private companies
are all at risk. Successful infiltrations even at well-known identity and
access management companies, such as
Okta and
LastPass, have put everyone on edge. While lawmakers may not
understand the technical details of how cybersecurity solutions work, one thing
they can agree on is the need to protect individuals, business entities, and
government agencies from malicious actions. To this end, we can expect (and
demand) bills proposing stricter cybersecurity standards, mandatory breach
reporting requirements, and more extensive privacy and compliance frameworks.
Cybersecurity Regulations Go Broad
While the SEC adopted new
rules earlier this year
on cybersecurity risk management, strategy and governance, and incident
disclosure, requiring companies to provide investors with up to date
information that helps them manage cyber risks, expect lawmakers to put more
regulations in place in 2024 to expand such rules beyond public companies. Just
as the General Data
Protection Regulation (GDPR)
disrupted the processing and movement of personal data for all European
citizens when it went into effect in 2016, 2024 will transform cybersecurity
regulations both in the United States and the rest of the world.
Responding to the cost, confusion, and pain caused by
cyberattacks at every level, lawmakers will finally take clear action. Until
now, the United States has not had a framework like the GDPR governing the
protection of personal data, but as stricter cybersecurity standards are
enacted, companies will need to adopt more extensive privacy and compliance
frameworks and follow additional mandatory breach reporting requirements. Under
President Biden, the U.S government has already made clear that it views cybersecurity
strategy as
vital to protecting American citizens in our increasingly digital economy.
Safeguarding sensitive data and critical systems effectively will be one goal
of these new regulations and apply to organizations of all shapes and
sizes.
Global Cooperation is Essential
Cyber attackers are not limiting their efforts at
compromise to their own countries. Far from it. Nation state actors work to
compromise critical infrastructure on the other side of the world. In November,
for example, Denmark faced
attacks on critical
infrastructure from multiple groups, including (possibly) the Sandworm
operation in Russia's Chief Intelligence Office (GRU). Supporters of Russia's
war on Ukraine continue to use cyberattacks against those who support the Ukrainian people. Quite
simply, our digital world is deeply interconnected, and borders and treaties mean nothing to malicious actors. This
means that in 2024 we must have international cooperation on cybersecurity. The
largest, most capable
entities in the public and
private sector must collaborate to manage and minimize cyber risk by working
together around the world.
Standards for Artificial Intelligence
Artificial
intelligence (AI) has roared
forward this year and is becoming increasingly capable and integrated into
nearly every sector of society. This rapid adoption makes the need for unified
AI regulations clearer than ever. Along with global cooperation in terms of
cybersecurity standards in the coming year, we will also see countries
collaborating to quickly set standards for the responsible development and
deployment of AI technologies. These standards must focus heavily on ethics,
privacy, and security. In order to manage and minimize the risks associated
with AI, including data integrity, algorithmic bias, and autonomous
cyberattacks, the international community must collaborate closely to create
and mandate compliance with such standards and regulations.
Already, AI
and cybersecurity are converging. This convergence will also advance
regulations, focusing on creating regulations that are designed to establish
robust and transparent AI-driven security measures. Ensuring ethical AI
protections and protecting our digital world from attacks by adversaries will
be a key focus of such regulations.
Prepare for Cybersecurity & AI Regulations in 2024
For those
already struggling to comply with a wide variety of regulations, buckle up for
a pivotal year in cybersecurity regulations. To manage the increasing and
ongoing threats to all sectors from malicious actors, the United States and the
international community will make rapid advances in creating unified standards
and regulations. This critical step will give businesses and countries alike a
blueprint for how to fortify their defenses against cyber threats, safeguard
sensitive data, and responsibly use AI. The time to shape the future of
cybersecurity and AI is now, and we must rapidly move forward together to put
these regulations in place.
##
ABOUT THE AUTHOR
A former United States Air Force Officer with over 25 years experience in building and running cybersecurity programs, Larry Whiteside Jr. is a veteran CISO, CSO, and CTO in the cybersecurity field and holds extensive experience in C-Level security roles across industries including DoD, Federal Government, Financial Services, Healthcare, and Critical Infrastructure.
As the CISO for RegScale, Larry is responsible for leading the RegOps Community of GRC practitioners who share best practices. He routinely advises corporate security executives and companies across the Fortune 2000 and has helped CEOs and board members of private cybersecurity companies achieve their goals in sales, marketing, and customer retention.
A thought leader in the industry, Larry is a sought-after speaker at conferences such as the Gartner Security Summit, RSA Conference, and SC World Congress, ISC2, Secure World, Black MEA, Infosec World, and has been featured in many articles relating to information security and risk management. Larry is also the Co-Founder of Cyversity, a 501(c)3 non-profit association that is dedicated to increasing the number of minorities and women in the cybersecurity career field.