Cyber security is regularly thrust into the limelight, with breaches rightly making the headlines.
In recent months the discussion has shifted, however, with cyber security becoming a mainstream topic.
Part of this is driven by the increasing attention given to the issue by politicians, while in some cases this can be hot air, the knock-on impact is beginning to be seen through more legislation and policy that is designed to protect organisations and the public.
How, then, is political awareness of cybersecurity shaping legislation?
Cyber security on the campaign trail
The US election campaign has been a case in point of the rise of cyber security to the top of the political agenda.
With the candidates trading increasingly lurid blows the issue has been a weapon that both sides have reached for – and clearly Democratic and Republican both have a lot to learn on the subject.
Hillary Clinton has been rightly lambasted for some very poor decisions in keeping email data under lock and key – not an ideal habit for the potential leader of the free world.
Meanwhile, Donald Trump went as far as to invite hackers to help Hillary find those missing emails, an extraordinary statement.
More alarmingly, the hacking of the Democratic Party during the election campaign proves that hostile states, or those seeking to swing a sovereign election in their favour, are more than willing to use well-funded and persistent cyberattacks to achieve their aims.
“The cyber”, as Donald Trump would have it, seems to have permanently made the leap to being a political issue in the US.
Thankfully, whoever is President will be kept many steps away from making the important decisions about legislation to keep the nation safer from cyber threats, and if they are sensible they will heed the advice of those leading its development.
When talk turns to action
Cyber security’s move into the political consciousness isn’t something unique to our transatlantic cousins, however.
Politicians and legislators are increasingly aware of the need to secure not just critical national infrastructure against cyber attack, whether from sole actors or nation states, but also to help citizens and organisations navigate the issue.
One notable example of legislation growing from debate around cyber security is the upcoming GDPR regulations.
At its core, GDPR represents well-intentioned, best-practice common sense, and is a significant improvement over what has gone before.
>See also: Consolidation in the security market
But, it is also a telling example of policymakers and regulators not fully understanding all the nuances of cyber security.
Make no mistake – GDPR has teeth, and will require organisations to take security very seriously.
However, the 72 hour rule of telling the regulator is one thing; but then forcing companies to communicate with the public ‘without undue delay’ is another.
This public communication announces to hackers that they’ve been found and gives them time to cover their tracks or hide malware within compromised systems to be resurrected later.
This is exact opposite of what the industry should look to achieve, and a prime example of why best practises should be the focus, instead of slavish compliance to lots of different regulations driven by policy.
As a starting point, however, GDPR imposes a requirement for businesses to consider what their critical assets actually are, and how they protect this in depth.
Putting the crucial IP and assets at the centre of a holistic approach to security means that firms are compliant through end-to-end best practice and not as a result of a meaningless ‘tick box’ governance and compliance exercise.
After all, security does not need to be a problem; organisations just need to protect their key data assets.
Is the future bright?
This industry has been campaigning for years to have cyber security taken seriously, and it’s good that this has begun to resonate in the political sphere – even if it’s clear that the grasp that politicians have on the topic is limited.
For all the sensationalism that comes when politicians begin to discuss an issue or formulate policy, the fact that the security of critical data is being addressed at the highest levels of power is a good thing.
With increased awareness of the importance of securing critical data end-to-end, and legislation to back this up, maybe we can all feel more confident about the future of “the cyber”.
Sourced by John Madelin, CEO, Reliance ACSN