Cybersecurity: Meeting Government Regulations Isn’t Enough

August 21, 2017

9:20 am

As bad a reputation as the concept of “government regulations” has, the things are designed to help us. Take seatbelts, for example. No one’s questioning the benefit of strapping in before you start driving your two-ton machine around at 60 mph speeds. But plenty of important factors can’t be regulated: The government can’t make sure you look both ways before driving through an intersection.

And it’s factors like that which are contributing to the increase in security breaches everywhere over the last few years. Here’s how to rethink your strategy.

Look Beyond Government Regulations

Laura Whitt-Winyard, Director of Information Security at Billtrust, spoke to TechCo on the laundry list of regulations overseeing the cybersecurity sector, and revealed what they’re lacking.

“Whether it’s PCI-DSS 3.2, NY DFS 23 nycrr 500 or NACHA – there is a misconception that, if the company complies with these regulations, then they don’t need to do anything else from a security standpoint,” Laura explained.

“These regulations are a good starting point but far from enough. An example would be the Target and Home Depot breaches. Both were PCI compliant, yet both were hacked. It is pivotal for FinTech startups to ensure this message is communicated and understood by the C-Suite and Board of Directors.”

Like a seatbelt law, the regulations on cybersecurity are great to follow. And also like the seatbelt law, they’re not the full story.

Security Needs to Evolve to Keep Up

The basic problem is that hackers are constantly improving, which means security measures must do the same.

“At a recent hacking convention, DefCon,” Laura said, “a presentation was given about the development of DeepHack, an opensource hacking AI, which learns how to break into web applications using a neural network and trial-and-error, which is unprecedented. Luckily, the creators are some of the good guys, but it won’t be long, if it is not already out there, for this type of technology to be commonly used by threat/bad actors to attack companies/users, so FinTech startups need to stay nimble to adapt to these ever changing threats.”

But since we can expect a 1.8 million cybersecurity worker shortage by 2022 according to a recent Global Information Security Workforce Study — not to mention that pesky gender gap in the industry — cybersecurity’s ability to evolve with the times may continue to struggle.

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Adam is a writer with an interest in a variety of mediums, from podcasts to comic books to video essays to novels to blogging — too many, basically. He's based out of Seattle, and remains a staunch defender of his state's slogan: "sayWA." In his spare time, he recommends articles about science fiction on Twitter, @AdamRRowe

Leave a Reply

  • (will not be published)