Skip to main content

Cybersecurity Laws

In the past, cybersecurity attacks involved credit card scammers and corporate hacks. Today, headlines on cybersecurity have taken an alarming turn (Kandeh, Botha & Futcher, 2018). This has led technology and cybersecurity experts to change their laws, mandates, and requirements.

In June 2017, companies in Europe and the US were hit by the NotPetya ransomware. The attack began in Ukraine and spread to Maersk, a shipping company in Denmark, Merck, in the US and Cadbury chocolate company in Australia (Lika et al, 2018). The attack disrupted and delayed the operations of the company in the four countries. This led to the introduction of various laws on cybersecurity legislation. The rules will not only protect the citizens of the United States from information breaches but also affect the organizations around the world. This means that the stipulated rules should be adhered to by any company that collects information from the United Sates citizens, regardless of its location.

The regulations introduced include promoting training and development of employees and restricting public disclosure of sensitive government cybersecurity information. Under training and development of employees, technology and cybersecurity experts need to train workers on the Lockheed Martin Corporation’s Cyber Kill Chain methodology (Kandeh, Botha & Futcher, 2018). The study of the cyber kill chain method helps the organization understand how an attacker may have conducted the activities that led to the malicious acts to the company. This will help the security professionals establish countermeasures to protect the company. When it comes to restricting public disclosure of sensitive government cybersecurity information, the organization should formulate policies that prevent attacks. The policies applied in this case are a restriction in excessive access to information, frequent monitoring of the system, carrying out penetration tests regularly, and restrictions in sharing of passwords, especially for those handling classified information.

In summary, technology and cybersecurity experts have changed cybersecurity laws, mandates, and requirements. Some of the laws included are training and development of employees and restricting public disclosure of sensitive government cybersecurity information. These policies enable the companies to come up with countermeasures to assist with preventing and mitigating attacks.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

References

Kandeh, A. T., Botha, R. A., & Futcher, L. A. (2018). Enforcement of the Protection of Personal Information (POPI) Act: Perspective of data management professionals. South African Journal of Information Management20(1), 1-9.

Lika, R. A., Murugiah, D., Brohi, S. N., & Ramasamy, D. (2018, July). NotPetya: Cyber Attack Prevention through Awareness via Gamification. In 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE) (pp. 1-6). IEEE.

 

error: Content is protected !!
AVOID DARK WEB THREATS
Enter your name and email below and I’ll send you a checklist on how to secure your business systems from the dark web – and notify you when new training and resources are available.