Level up your cybersecurity compliance with these four expert strategies.

January 2, 2024
1 min read

With the SEC’s recent implementation of rules requiring the disclosure of cybersecurity incidents and the charging of a software company and its CISO for fraud and control failures, companies must respond and comply with these new regulations. Karen Worstell of Carbon Black offers four ways for security teams to effectively address the SEC’s new cybersecurity rules:

  • Elevate cybersecurity risk management to a CxO business function
  • Set aggressive metrics for cybersecurity improvement
  • Commit to more transparency
  • Take a holistic and business-centric approach

Worstell emphasizes that CISOs must empower themselves as consultants and risk mitigators, driving increased involvement and responsibility for cybersecurity within their organizations. This requires elevating cybersecurity risk management to a C-suite executive level and making it a top-level priority. Setting aggressive metrics for improvement can help prioritize and improve cybersecurity efforts.

Transparency is also crucial, with the SEC sending a clear message that unreported breaches can lead to legal, financial, and reputational risks. CISOs should ensure transparent and detailed reporting in key documents, creating awareness about threat trends within their organization and across industries. Finally, CISOs must shift their mindset from an incident-centric approach to a business-centric one, focusing on a highly defensive posture that aims to minimize risk throughout the organization.

The SEC’s new rules and charges against SolarWinds Corporation highlight the need for a systematic change in how companies approach cybersecurity. By adopting these strategies and treating cybersecurity as a well-managed business function, organizations can effectively comply with the SEC’s regulations and reduce harm from cybercriminals.

Latest from Blog

Trust is the secret sauce for cybersecurity success

TLDR: Key Points: Trust between CISOs and top executives is crucial for justifying cybersecurity investments. Five key questions CISOs must ask themselves about their cybersecurity strategy include budget justification, risk reporting, celebrating

Expert opinion on cyber security is a must have

TLDR: Key points from the article: Study shows link between lack of sleep and increased risk of Alzheimer’s disease. Researchers found that poor sleep quality was associated with higher levels of brain