#1 Trending Cyber Security News & Magazine
Sunday, May 28, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    2023 Biggest Cyber Attacks

    2023 Biggest Cyber Attacks So Far And How to Protect Against Them

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    Invicta Stealer

    Invicta Stealer Developers Exploit Facebook to Advertise Malware

    Cyber attack on the City of Augusta

    Cyber Attack on the City of Augusta: BlackByte Ransomware Group Claims Hit

    Mirai botnet cyber attack

    Linux Devices Attacked Via a Mirai Botnet Variant ‘IZ1H9’

    Norton Healthcare Cyber Attack: ALPHV/BlackCat Posts Ransom Note

    Norton Healthcare Cyber Attack: ALPHV/BlackCat Posts Ransom Note

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    Cyber Attack on ETECSA, GlostSec

    GhostSec Hacker Group Claims Cyber Attack on ETECSA, Partial Database Leaked

    Iranian Cybercriminals Targeting UAE Government

    Iranian Cybercriminals Targeting UAE Government Websites Traced with Backdoor Data

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    Stack Identity

    Silicon Valley Startup, Stack Identity Receives $4 Million to Detect Shadow Access in Cloud

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    2023 Biggest Cyber Attacks

    2023 Biggest Cyber Attacks So Far And How to Protect Against Them

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    Invicta Stealer

    Invicta Stealer Developers Exploit Facebook to Advertise Malware

    Cyber attack on the City of Augusta

    Cyber Attack on the City of Augusta: BlackByte Ransomware Group Claims Hit

    Mirai botnet cyber attack

    Linux Devices Attacked Via a Mirai Botnet Variant ‘IZ1H9’

    Norton Healthcare Cyber Attack: ALPHV/BlackCat Posts Ransom Note

    Norton Healthcare Cyber Attack: ALPHV/BlackCat Posts Ransom Note

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    Cyber Attack on ETECSA, GlostSec

    GhostSec Hacker Group Claims Cyber Attack on ETECSA, Partial Database Leaked

    Iranian Cybercriminals Targeting UAE Government

    Iranian Cybercriminals Targeting UAE Government Websites Traced with Backdoor Data

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    Stack Identity

    Silicon Valley Startup, Stack Identity Receives $4 Million to Detect Shadow Access in Cloud

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Business News

US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

Should business be concerned about the new US National Cybersecurity Strategy? We say, yes. Where do they start? We say, disclosures

Chandu Gopalakrishnan by Chandu Gopalakrishnan
May 2, 2023
in Business News, Compliance, Cyber Essentials, Governance, Policy Updates, Regulations
0
national cybersecurity strategy
598
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter

Cybersecurity commitment is no longer voluntary, Titania strategy alliance manager Matt Malarkey condensed the US National Cybersecurity Strategy in an interview with The Cyber Express.

Titania, like several other individuals, organizations, and governments with operational interests in the US, is gearing up for the US National Cybersecurity Strategy.

You might also like

Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

Cybertech Africa: The Pan-African Event for Innovation and Networking

All You Need to Know About The Nokoyawa Ransomware Group

Aimed at safeguarding the country’s digital infrastructure, the Biden administration presents the US National Cybersecurity Strategy as a comprehensive plan that outlines the government’s approach to cybersecurity and sets out measures to protect against cyber threats.

The strategy includes a range of initiatives such as increasing funding for cybersecurity research, enhancing information sharing and collaboration between government agencies and private organizations, and developing a skilled cybersecurity workforce.

It also outlines plans to strengthen critical infrastructure such as power grids and financial systems against cyber attacks.

The US National Cybersecurity Strategy has been well-received by cybersecurity experts, who see it as a much-needed step towards bolstering the country’s cyber defenses.

However, some have also raised concerns about the implementation of the strategy and the need for more concrete measures to be put in place.

Should business be concerned about the new US National Cybersecurity Strategy? We say, yes. Where do they start? We say, disclosures!

US National Cybersecurity Strategy: The bold and fine prints

Two core points of the 39-page document issued by the government were listed in the fact sheet published on March 2.

“We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best positioned to reduce risks for all of us.

“We must realign incentives to favor long-term investments by striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future.”

Simply put, the legal shield that protected large tech vendors from liability claims over their products’ security will be off, explained Richard Forno, Principal Lecturer in Computer Science and Electrical Engineering, University of Maryland.

Manufacturers and operators of critical computer systems will bear the responsibility of improving product security, reducing the burden on individual citizens for mitigating cybersecurity risks, he noted.

He highlighted two crucial points buried under all explanations: incident disclosure and ransomware attacks.

The US National Cybersecurity Strategy called for “improved sharing of information between the government and private sector about cybersecurity threats, vulnerabilities and risks”, he wrote.

“Interestingly, the strategy places great emphasis on the threat from ransomware as the most pressing cybercrime facing the U.S. at all levels of government and business. It now calls ransomware a national security threat and not simply a criminal matter.”

In other words, disclosure has become mandatory, and improper disclosure on incidents like ransomware attacks will be treated with the urgency of a national security threat.

The need for proper disclosure is the underlying but unmentioned clause of the three main goals of the US National Cybersecurity Strategy: to secure federal networks and data, to improve cybersecurity for critical infrastructure, and to enhance cybersecurity awareness and education.

US National Cybersecurity Strategy: All roads lead to disclosure

Extrapolate the three points on a business perspective, and we can see both challenges and opportunities.

While the strategy highlights the importance of public-private partnerships in combating cyber threats, it also places a greater emphasis on businesses to prioritize cybersecurity as a key part of their operations, pointed out Sarah Kreps, Director of the Tech Policy Institute at Cornell University.

One of the key initiatives outlined in the strategy is the need for businesses to adopt a “defense-in-depth” approach to cybersecurity.

This means implementing multiple layers of security to better protect against cyber attacks. Businesses are also encouraged to regularly assess their cybersecurity risk and prioritize their security investments accordingly. And yes, disclose and patch vulnerabilities.

Another initiative is the need for businesses to share more information about cyber threats and attacks with the government and other businesses. In short, timely and accurate disclosures of cyber incidents.

Ready to disclose, but how?

The US has a complex set of federal and state laws outlining different requirements for reporting security incidents, including data breaches. Incident disclosure is a fragmented game in the US, particularly because of the individual laws hosted by each state.

The rules are not consistent across states, with several having enacted new laws recently to enhance data protection requirements.

For example, New York has the SHIELD Act, while California and Colorado have both established data privacy legislation. The federal government is trying to unify data protection requirements through the National Cybersecurity Strategy, partly in response to the EU’s General Data Protection Regulation (GDPR).

What is a short and effective step to ensure compliance of most of the state laws? Follow GDPR!

A lot stricter than most of the US laws when it comes to disclosure terms, GDPR will help organizations meet US data protection legislation requirements.

“One of the keys to the GDPR is that data subjects must be fully informed about what is happening to their data, why it is being collected, how it will be used, who will be processing it, where will it be transferred, how they can erase it, how they can protect it, how they can stop its processing, etc,” noted and advisory on GDPR and American businesses, prepared by US law firm Dickinson Wright.

“The bulk of the consent and notification responsibility falls on the controller, but the processor and the controller have to work together to ensure the data subject’s rights are protected,” it added.

Organizations need to ensure that their incident response plans cover incidents across multiple territories and industry-specific requirements, and yes, the concepts of controller and processor.

“Simply put, “processing” personal data is basically collecting, recording, gathering, organizing, storing, altering, retrieving, using, disclosing, other otherwise making available personal data by electronic means. A “controller” is the entity that determines what to do with the personal data,” explained the Dickinson Wright report.

A year ago, the Securities and Exchange Commission (SEC) USA took an initiative to centralise the disclosure norms of companies that are listed in the US stock exchanges.

Among others, the proposed norms made “current reporting of material cybersecurity incidents” and periodic reporting to provide updates about previously reported cybersecurity incidents.

Proper disclosure: Role of a controlling body

Even before the centralization of norms, the SEC has been proactive in ensuring proper and timely disclosure of cybersecurity incidents and have penalised companies that violated the norms.

For instance, the securities watchdog put a penalty of $1 million on London-based education and publishing firm, Pearson, for deceiving investors about a 2018 data breach that resulted in the theft of millions of student records.

The agency found that Pearson made misleading statements and omissions about the data breach, where millions of student usernames, scrambled passwords, and administrator login credentials for 13,000 schools, district, and university customer accounts were stolen.

The SEC revealed that Pearson referred to the incident as a hypothetical risk in a semi-annual review filed in July 2019, even though the data breach had already occurred.

Similarly, the company stated in a release that same month that the breach may include dates of birth and email addresses when it was aware that such records had been stolen.

One of the main reasons for the proposed change is that the SEC noted some incidents were reported in the media but not disclosed by the affected companies in their periodic filings. Additionally, the SEC found that when disclosures were made, the nature and thoroughness of those reports were either inconsistent or incomplete.

To address this, the SEC is proposing uniform requirements on breach reporting, which include: disclosing the time and status of the breach, providing a brief description of the incident, disclosing any data stolen, altered, accessed, or unauthorized, disclosing the impact of the incident on the company’s operations, and reporting on any remediation efforts.

US National Cybersecurity Strategy and disclosure: A checklist for businesses

Although the disclosure norms under the US National Cybersecurity Strategy have not yet been finalized, companies can take certain steps to prepare for potential rule enforcement.

To do so, they should focus on their current cybersecurity technology stack, policies, and breach response procedures. Here is a checklist that can help companies prepare for the new SEC disclosure requirements if they are codified:

Review your cybersecurity policies and procedures

Companies should review and update their cybersecurity policies to ensure that they provide effective disclosure controls and procedures, including communication between the infosec team, those responsible for cybersecurity, and the legal team.

Policies and communication channels should facilitate prompt assessment and escalation of detected cybersecurity incidents. Reviewing and updating policies will ensure the right process, oversight, and compliance with new disclosure requirements.

Revamp board oversight structures

Boards should consider whether to delegate responsibility for overseeing cybersecurity disclosures to a specific committee. Companies should also assess the amount of time the board spends addressing cybersecurity during meetings and allocate more time if necessary.

Improve cybersecurity capabilities of executives

Companies should prioritize executives with cybersecurity experience and capabilities when conducting executive candidate search and hiring processes. They should also consider whether their assessments of executive experience align with the criteria proposed by the SEC, as those executives will appear on disclosures, annual reports, and proxy statements.

Maintain optimum disclosure norms

The best way to prepare for any new rule changes is to maintain optimum disclosure norms.

Companies should enlist an experienced cybersecurity and compliance partner to audit and amend their cybersecurity policies and procedures. They should also train legal, infosec, and operational teams on breach prevention, response, mitigation, and reporting.

In conclusion, companies should begin learning about the specific clauses and details of the new disclosure requirement document while implementing data loss prevention software and other technology tools to mitigate the risk of cyber threats.

Organizations should be prepared to comply with the SEC’s new disclosure framework before any incident occurs. By doing so, businesses can improve security culture and enhance transparency for both the stakeholders and the US National Cybersecurity Strategy compliance.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Attack disclosureRole of a controlling bodyUS National Cybersecurity Strategy
Previous Post

Medusa Ransomware Group Claims Alto Calore Cyber Attack

Next Post

Female Formula 1 Drivers: Al Qubaisi Sisters Backed by Cybersecurity Firm

Chandu Gopalakrishnan

Chandu Gopalakrishnan

Executive Editor, The Cyber Express

Related Posts

Five years of GDPR
Compliance

Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

by Chandu Gopalakrishnan
May 28, 2023
Cybertech Africa
Firewall Daily

Cybertech Africa: The Pan-African Event for Innovation and Networking

by Editorial
May 27, 2023
Nokoyawa Ransomware Group
Cyber Essentials

All You Need to Know About The Nokoyawa Ransomware Group

by Chandu Gopalakrishnan
May 26, 2023
StopRansomware Guide
Compliance

Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

by Ashish Khaitan
May 25, 2023
Microsoft Entra
Cyber Essentials

Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

by Vishwa Pandagle
May 24, 2023 - Updated on May 25, 2023
Next Post
Female Formula 1 Drivers

Female Formula 1 Drivers: Al Qubaisi Sisters Backed by Cybersecurity Firm

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Issue is Out. Subscribe Now

Download Now

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

mailchimp

Latest Cyber News

2023 Biggest Cyber Attacks
Features

2023 Biggest Cyber Attacks So Far And How to Protect Against Them

May 27, 2023
Cybertech Africa
Firewall Daily

Cybertech Africa: The Pan-African Event for Innovation and Networking

May 27, 2023
Invicta Stealer
Firewall Daily

Invicta Stealer Developers Exploit Facebook to Advertise Malware

May 26, 2023
Cyber attack on the City of Augusta
Firewall Daily

Cyber Attack on the City of Augusta: BlackByte Ransomware Group Claims Hit

May 26, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cyber Security News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance