How to Defend Against Today’s Biggest Cyber Threats
March 16, 2022Protecting Your Organization Against Ransomware Attacks
March 23, 2022By: Emma Roberts, Commercial Projects Coordinator
The Securities and Exchange Commission (SEC) recently proposed rules on cybersecurity risk management, strategy, governance, and incident disclosure for public companies. Technology is ever evolving, and companies’ processes have become increasingly rooted in technology, which makes it more important than ever to implement cybersecurity defenses. Cybercriminals and hackers are becoming increasingly sophisticated in how they access networks and data every day. The caliber of these cyber threats is the most significant risk to our nation’s security, economy, health, and wellbeing. President Joe Biden acknowledged the significance of cyber warfare on U.S. infrastructure in a National Security Memorandum calling the recent attacks on the Colonial Pipeline and JBS Foods as showing “significant cyber vulnerabilities.”
In this day and age, cyber-attacks are increasing, and there are no exceptions when it comes to the next target. Cybercriminals are searching for vulnerabilities within the manufacturing sector, Defense Industrial Base (DIB) sector, and government sector to name a few. As attacks increase, companies and investors are incurring major costs due to the loss of intellectual property and the ransoms that are being demanded to protect that data.
The recently proposed rules from the SEC address this ever-increasing concern. These amendments account for cybersecurity policies and procedures, cybersecurity disclosures, regulatory reporting of cybersecurity incidents, and recordkeeping of cybersecurity incidents. The intent is to educate investors about a registrant’s risk management, strategy, and governance status to provide ample time for investors to respond.
SEC Chair, Gary Gensler, said, “Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner.”
Gensler is proud to support the adoption of this proposal because it would enable investors to evaluate the status of public companies’ cybersecurity and assess the risk they are taking by investing in that firm.
“Companies should be taking this proposed rule change as an opportunity to identify areas within their organization that will be impacted. We at Gray Analytics specialize in identifying gaps within your organization that need to be addressed due to impacts from changes to Federal regulations”, says Brandon Sessions, Vice President Commercial Cybersecurity at Gray Analytics.
In preparation for the impending amendments, companies should take a proactive stance and begin evaluating the current state of their cybersecurity defenses, and our team of cybersecurity stands ready to help you get started. We recommend:
- Performing a gap assessment of cybersecurity practices
- Conducting an overall cybersecurity risk assessment to identify potential vulnerabilities
- Putting in place cybersecurity processes and procedures
- Preparing an incident response plan to detect incidents and minimize both direct and indirect costs such as reputation damage, mitigate exploited weaknesses, and restore IT services
- Conducting a tabletop exercise to validate the content of contingency plans and incident response plans
- Documenting all practices and procedures
Engaging with Gray Analytics’ team of professionals can help your organization navigate the complexities of today’s ever-changing regulatory environment. The need for cybersecurity risk management, compliance, and governance will only continue to grow.
Reach out to our experts today to schedule a consultation and learn more.
Sources: