Following the news that:
UK Government lays out plans to protect telecoms networks against cyber attacks
Government lays out plans to protect telecoms networks against cyber attacks | Evening Standard
We generally welcome this initiative. As demonstrated by both GDPR and CCPA for privacy in the EU and US, respectively, government regulations with the ability to levy fines make a real difference in how seriously companies address what is, up to that point, a self-regulating industry. As with the aforementioned regulations, the devil is in the details. Rather than tick-the-box compliance with generic guidelines, specific recommendations and requirements will require organisations to remediate any deficiencies they may currently have. While there are several important aspects to the legislation, we particularly welcome how the legislation requires that penetration testing includes regularly simulating real techniques that might be used in an attack on the network. Continuous security control validation is the only way to truly ensure the organisation’s resilience to malicious attacks. Of course, other parts of the legislation are just as important; notably, the safety-by-design, similar to privacy-by-design, will require organisations to reconsider how some of their legacy networks and systems need to be redeployed. Shorter patching cycles and incorporating signals from threat intelligence feeds are a welcomed requirement – to reduce the gap from when a new vulnerability is discovered – to when the organisation addresses it. All of these ultimately help protect the consumers.
In a world that can often be dominated by short term commercial objectives, it’s reassuring to see both industry and government bodies working together to prioritise security in recognition of the critical role that IT infrastructure and services play in our daily lives. The EU’s GDPR, Banking’s PSD2, USA’s FIPS and New Jersey’s DGE to name a few, now the UK’s NSCS and Ofcom have recognised that security has a baseline and cannot, will not, be left to chance.
Whilst we know it will not be smooth sailing at first, we note the positive impact other security regulations have had and applaud any effort to secure our critical infrastructure from both inside and outside attack.
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics