Mako Bytes - Cybersecurity Regulations: Falling Behind or Rising To The Challenge? Reporting from Pr
About The Author
Zach Jones, Security Vulnerability Analyst with The Mako Group
The internet changed the world and that includes the workplace. The Mako Group joined the remote work revolution early in its history, but now one member of the team is taking it to the next level. Zach has been a member of The Mako Group team for two years, and is now spending year three on the road while working full time. He is joining the ranks of digital nomads and moving from city to city working across time zones and countries while pursuing his career in federal sales and penetration testing. During his travels, he is learning about local cybersecurity concerns and issues in relation to the industry as a whole and sharing thoughts from the road. We’re pleased to be able to share his findings with you through this blog. Stay tuned for updates monthly!
It is no secret that cybersecurity is one of the top concerns of governments and corporations across the world. Everyday this is illustrated by headlines of hacks and the attempts of governments to stop the bleeding. Most recently, the Czech Republic has moved in this direction as well by updating their Cyber Security Act which establishes regulatory minimums around critical infrastructure. The amendment expanded the number of critical industries to include the financial, medical, chemical and digital services industries. The move also increased fines for non-compliance to 5 million Czech Koruna (~$250,000) and created the National Bureau for Cyber and Information Security. The move by the Czech government was spurred on by larger requirements for the European Union’s Network and Information Security (NIS) Directive aimed at increasing cybersecurity amongst the 28 member states.
Given the growing impact of cyber-incidents, the recent steps taken by the Czech Republic beg the question: Is it enough?
Falling Behind –
The Czech Republic is all but ensuring that it will fall behind not only the rest of the world but also hackers, cybercriminals and malicious entities. The problem lies in motivation. If industries and government agencies are racing to meet the minimum, it all but guarantees a larger portion of organizations will be at risk. If compliance is the only motivation to develop stronger cybersecurity programs, it all but guarantees most organizations are at or below the minimum requirements. The industries should be focused on maturity rather than compliance. Meeting regulations shouldn’t be the goal or even necessary if a robust drive toward strengthening and hardening cyberinfrastructure is fostered.
Rising to the Challenge –
The need for regulation and governmental organizations to enforce cybersecurity is undeniable. Compliance with cybersecurity regulations is forming the basis of a stronger national, economic and digital security standing for industries and countries alike. Moreover, establishing government agencies and installing officials to lead national cybersecurity will only help direct resources and efforts to combat cyberattacks and crime. By pushing industries to meet increasing standards and benchmarks, countries like the Czech Republic will hopefully begin to see a reduction in economic losses and national security risks from cybersecurity which stands to benefit the entire country.
Where Does This Leave Us –
Simply put, creating minimum regulations is only half the battle and shouldn’t be viewed as a solution but a component of a robust cybersecurity strategy. Critical infrastructure and industry alike should strive toward a mature cybersecurity environment that will stand up against the latest hacks and cutting edge attacks. It is 2017 and the Czech Republic has only established a government agency for cybersecurity this year. Governments throughout the world are finally waking up to the challenges of cyberspace, but it remains to be seen if regulations and compliance will evolve into true maturity and leadership in cybersecurity.