If you’re just trying to take the bare minimum to comply with the proliferation of cybersecurity regulations, you might be doing it wrong.
That was one takeaway from Forrester’s Security & Risk 2023 conference, which kicked off Tuesday and featured a panel discussion on rapidly changing regulatory requirements. The keynote, “Too Fast, Too Furious: Managing the Speed of Cybersecurity Regulatory Change,” will feature Gene Sun, corporate vice president and CISO of FedEx, and Stephanie Franklin-Thomas, senior vice president and CISO of ABM Industries. A discussion with was featured.
Sun said the pace of regulation is accelerating with the increasing digitalization across our lives. “Everything is becoming digital in our businesses, businesses and personal lives,” he said. “How many gadgets are there in your home that are digitized and connected to the internet? Doorbells, garage door openers, everything else…this is one of the drivers of regulation,” he said.
Another driver of cybersecurity regulation is national security, he said. And when you run a multinational company, compliance becomes even more difficult. FedEx operates in over 200 countries, so complying with regulations can be a nightmare. “In Washington, in recent years, all regulatory intent has been driven by national security.”
Use compliance as a foundation
Franklin Thomas said regulation is moving at a furious pace because the United States has lagged in many ways in developing a regulatory framework. “We really feel like we’re behind the eight ball because we have all the necessary regulations in place,” she said.
Franklin Thomas said it is not enough for companies to simply comply with regulations. “The regulations that are coming out are really the minimum standards that we should have,” he said, adding that if companies are willing to go beyond the minimum regulatory requirements, they will be more likely to comply with new regulations as they come out. Ta. “It’s not that big of a leap if we’re doing the right thing in the first place.”
Forrester senior analyst Ara Valente summed up the regulatory battle at the event’s opening. “Compliance brings order to potential chaos,” she said. “Fast and Furious is a great way to think about both sides of the regulatory equation. On the one hand, some organizations are upset by the speed with which all these regulations are being implemented at once. For those who do, it’s just a struggle to endure. But that speed also accurately represents the speed of innovation that’s happening to us and our entire organization.”
Become a regulatory influencer
Sun said CISOs need to look beyond their technical backgrounds and start making connections with policymakers.
“I think it’s a new discipline for CISOs, especially CISOs of global companies, to learn how to work with industry associations and chambers of commerce to help shape regulatory frameworks around the world,” he said. . “My first piece of advice to CISOs is to help influence policymakers and regulators to think not only about national security, but also about international commerce and keep their economies vibrant. .”
He added: “This breakneck pace is going to continue…as robotics, AI, self-driving cars, and all these technologies become increasingly important to our society in terms of national security and everything else. So, whether we like it or not, regulation is coming…we can influence it, make sure it’s prudent, and implement it in our organizations. We need to be able to confirm that it is possible.”