From: Information Age
Many organisations are opting to define security policies based on regulatory requirements, however the result is that their cyber-defences become very quickly out of date
As the headlines reporting data breach after data breach show, hackers are seemingly always one step ahead of businesses’ cyber security defences. The reality is that in some cases, rather than protecting data,regulation could be compounding the problem. The enforcement of GDPR and NYDFS mean many organisations – understandably – opt to define security policies based on regulatory requirements. It ensures that are not hit with the huge fines these regulations promise for failure to comply and is theoretically supposed to ensure the safety of data.
However, this approach results in security postures that become quickly out of date. On one hand, regulations are 24 months old by the time they must be implemented, but perhaps more concerning, is the fact that businesses could be inadvertently providing hackers with an ‘access blueprint’.