The Russian invasion of Ukraine has created yet another new era of cybersecurity vigilance across the globe. Both Ukraine and Russia are using hackers to wreak havoc on each other’s cyber infrastructure. These efforts are causing governments around the world to take notice and give serious thought to shoring up their own cybersecurity laws and defenses.
Most notably, the United States is preparing to take some immediate actions. For instance, the SEC is cracking down on public companies—with special emphasis on the investment community—as it relates to cybersecurity incident reporting.
According to CNBC, “An SEC spokesperson noted that these proposals had been under consideration for some time, but that the crisis in the Ukraine has given them a “special relevance.”
“I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner,” SEC Chair Gary Gensler said in a statement.1
The proposal would shorten the mandatory timeline for reporting breaches and pose stricter regulations on cybersecurity governance disclosures.
These measures come at a good time as the number of ransomware incidents are spiking this year. Already in 2022, the number of ransomware reports are up over 60% from 2021, and last year experienced a 105% increase over 2020. These attackers take control of an organization’s computer network (rendering it all but useless) until a set ransom is paid. The U.S. government is attempting to better protect these organizations and their investors by requiring more transparency and improved reporting.
Actions you Can Take Now
Considering these impending new laws and the growing threat of cyberattacks, businesses can take some measures right now to start shoring up their cybersecurity defenses and posture themselves for better reporting, including:
- Centralize your threat detection and compliance reporting operations under one roof (e.g., by employing a single cybersecurity vendor to manage both)
- Gain access—or make sure that your cyber partner has access—to the Defense Department’s real-time threat feeds and intelligence reports for the most up-to-the-minute visibility into potential attacks
- Employ ‘Security Information and Event Management’ (SIEM) software to identify threats, perform end user behavioral analysis and facilitate proper compliance reporting
- Conduct frequent forensic security reviews to identify previously undetected cybersecurity anomalies so you can take corrective and preventative action
- Work with a security vendor who can provide a singular, 360-degree view of your total cybersecurity posture
The move to implement new cybersecurity laws is likely coming from the vulnerabilities the U.S. government is facing itself. In fact, governments worldwide saw a 1,885% increase in ransomware attacks in 2021.2 A big reason for these dramatic increases is due to the rise of remote workers, which open agencies up to a host of new threats.
With the remote workforce model looking like it is here to stay, these susceptibilities will continue and likely keep cybersecurity at the forefront of regulators’ agendas.
Ukraine and Global Cybersecurity’s Future
According to a new report from Forrester, “Russia’s invasion of Ukraine has permanently altered the cyber-threat landscape, and security leaders across all organizations must be prepared for this new environment.”
Fortunately for Ukraine, Russia’s cybersecurity war machine hasn’t rolled out completely. Many cybersecurity experts predicted its attacks would be far worse.
However, this conflict and impending government regulations do remind us all of the importance of cybersecurity protection. Let this international conflict serve as a catalyst to strengthen your business’s security defenses and compliance reporting. This will help you defend yourself from attacks and also prepare you for future regulations. Let me know if you need help navigating the increasingly complex world of cyber security regulatory compliance and the state of cyber attacks.
1. “SEC to vote on new cybersecurity disclosure rules as Ukraine crisis gives them ‘special relevance’”, CNBC, March 9, 2022.
2. “There’s a huge surge in hackers holding data for ransom, and experts want everyone to take these steps”, Fortune, February 17, 2022.
3. “Russia’s Invasion Has Permanently Altered the Cyberthreat Landscape”, Forrester, March 14, 2022.