Cybersecurity Laws
In the past, cybersecurity attacks involved credit card scammers and corporate hacks. Today, headlines on cybersecurity have taken an alarming turn (Kandeh, Botha & Futcher, 2018). This has led technology and cybersecurity experts to change their laws, mandates, and requirements.
In June 2017, companies in Europe and the US were hit by the NotPetya ransomware. The attack began in Ukraine and spread to Maersk, a shipping company in Denmark, Merck, in the US and Cadbury chocolate company in Australia (Lika et al, 2018). The attack disrupted and delayed the operations of the company in the four countries. This led to the introduction of various laws on cybersecurity legislation. The rules will not only protect the citizens of the United States from information breaches but also affect the organizations around the world. This means that the stipulated rules should be adhered to by any company that collects information from the United Sates citizens, regardless of its location.
The regulations introduced include promoting training and development of employees and restricting public disclosure of sensitive government cybersecurity information. Under training and development of employees, technology and cybersecurity experts need to train workers on the Lockheed Martin Corporation’s Cyber Kill Chain methodology (Kandeh, Botha & Futcher, 2018). The study of the cyber kill chain method helps the organization understand how an attacker may have conducted the activities that led to the malicious acts to the company. This will help the security professionals establish countermeasures to protect the company. When it comes to restricting public disclosure of sensitive government cybersecurity information, the organization should formulate policies that prevent attacks. The policies applied in this case are a restriction in excessive access to information, frequent monitoring of the system, carrying out penetration tests regularly, and restrictions in sharing of passwords, especially for those handling classified information.
In summary, technology and cybersecurity experts have changed cybersecurity laws, mandates, and requirements. Some of the laws included are training and development of employees and restricting public disclosure of sensitive government cybersecurity information. These policies enable the companies to come up with countermeasures to assist with preventing and mitigating attacks.
References
Kandeh, A. T., Botha, R. A., & Futcher, L. A. (2018). Enforcement of the Protection of Personal Information (POPI) Act: Perspective of data management professionals. South African Journal of Information Management, 20(1), 1-9.
Lika, R. A., Murugiah, D., Brohi, S. N., & Ramasamy, D. (2018, July). NotPetya: Cyber Attack Prevention through Awareness via Gamification. In 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE) (pp. 1-6). IEEE.