Impacts on Security and Network Operations Teams
In July this year, the Securities and Exchange Commission (SEC) formally adopted new rules for publicly-held organizations regarding cybersecurity disclosures, with the intent to improve oversight of risks from cybersecurity threats. These rules take effect in January 2024.
According to an article in Forbes, “The rules are designed to help investors make informed investment decisions by providing them with more information about the cybersecurity risks facing public companies. The rules also aim to encourage public companies to take steps to improve their cybersecurity posture.”
These rules will have a number of impacts on enterprise SecOps teams, key among them is the fact that with mandatory reporting, these teams will be under even greater accountability and scrutiny, with lapses possibly leading to legal or regulatory consequences. Effectively meeting these new requirements will require significant effort and resources.
Key Impacts:
Increased transparency: Detailed information about cybersecurity incidents will need to be disclosed, including the steps taken to address future risk.
- Conducting proactive (pre-event) site assessments not only may prevent certain cybersecurity breaches but serves as a baseline from which post-event assessments may be compared, identifying key actions needed for mitigation.
Enhanced reporting requirements: SecOps teams will need to develop rigorous reporting mechanisms to ensure accurate and timely disclosure of cybersecurity incidents. This could entail implementing new processes and tools for incident tracking, response, and reporting.
- Deep post-event assessments will be a critical part of meeting the requirements for reporting. Whether certain details are shared with investors or not, having up-to-date information such as endpoint inventories, vulnerability audit results, and as-is topology maps would all need to be completed as part of an effective recovery effort. Teams will need to ensure that their practices are aligned with the reporting requirements, which may require adjustments to their current procedures and policies.
Increased focus on risk management drives changes in resource allocation: Even though many organizations already spend large portions of their budgets on cybersecurity, these new rules may drive even greater investment in areas such as staffing, new technologies, and training.
- SecOps managers will need to identify ways to improve the efficiency and overall effectiveness of their teams. While “tool proliferation” seems to be the norm in most organizations, identifying process and visibility gaps and judicious investing in (yes, additional or substitute) tools to fill these gaps is prudent. New technologies are constantly coming to market – those that automate or reduce manual processes (which are prone to human error) should be strongly considered.
Improved cybersecurity assessments: Organizations may need to engage third parties to identify vulnerabilities, evaluate their practices, and validate their reporting processes. Given the dynamic nature of the network access layer where increasing complexity, ubiquitous connectivity, and the growth of endpoints multiply threats, thorough and frequent site assessments are essential.
- While adding an independent layer of scrutiny, third-party assessments come with significant costs. Response times of outside organizations are also a factor for consideration. Equipping internal teams with tools for timely and effective site assessments is not only prudent but necessary.
Foster a culture of continuous improvement: If not already in place, these new requirements will compel organizations to continually assess and enhance their proactive cybersecurity strategies and incident response capabilities.
- This greater scrutiny and accountability on enterprise security operations teams will drive them to strengthen their security posture. When organizations undertake to continuously evaluate and improve their processes, tools, and skill sets, not only do they improve their ability to prevent and mitigate risk, they end up being far more effective teams, becoming more sustainable and adaptable in the long run.
NetAlly developed the CyberScope® Edge Network Vulnerability Scanner specifically for SecOps teams and their need for deep site-level visibility. CyberScope offers comprehensive cyber security risk assessment, analysis, and reporting for the site access layer in a single, powerful, portable tool – including endpoint and network discovery, wireless security, vulnerability assessment (Nmap), and segmentation and provisioning validation.
As a ruggedized, purpose-built all-in-one tool, CyberScope is a network security solution that eliminates the use of fragile laptops and tablets. With multiple functions, it provides fast, actionable insights on-prem into site networks, filling the critical visibility gaps that other cybersecurity tools frequently do not address.