Cybersecurity regulations should not be seen as an avoidable additional expense
In an era of increasing digital threats, ESET maintains that complying with cybersecurity regulations and laws is much more than just ticking a box: it is a vital shield to protect assets, reputation and much more
As cyberthreats show no signs of slowing down, both small and large organizations increasingly recognize that cybersecurity is no longer optional. Governments and regulatory agencies highlight its importance, especially when it comes to organizations operating in sectors critical to a country’s national infrastructure. This results in an ever-growing set of compliance requirements that seem daunting, but from ESET, a leading company in proactive threat detection, they affirm that they are essential for good functioning and public safety.
To start, there are two types of compliance: mandatory and voluntary, each with its own set of requirements. Mandatory compliance encompasses regulations enforced by state or adjacent agencies, targeting companies operating in critical infrastructure sectors such as healthcare, transportation, and energy. For example, a company working with patient data in the United States must comply with the Health Insurance Portability and Accountability Act (known as HIPAA), a federal regulation, to maintain the privacy of patient data across state lines.
On the other hand, voluntary compliance means that companies apply for specific certifications and standards that identify them as experts in a particular field or qualify some of their products as compliant with a standard. As an example, a company seeking environmental credibility may apply for ISO 14001 certification, which demonstrates its commitment to environmentally friendly practices.
“The specific cybersecurity regulations that an organization must comply with; this depends on the type of sector in which the company operates and the importance of the security of its internal data for privacy, data security or acts on critical infrastructure. It should also be noted that many regulations and certifications are specific to each region. In addition, depending on which clients or partners a company wants to attract, it is advisable to request a specific certificate in order to be eligible for a contract,” says Fabiana Ramirez Cuenca, IT Security Researcher at ESET Latin America.
In any case, ESET advises that compliance with regulations be part of the foundation of any business strategy. As regulatory requirements will continue to increase in the future, well-prepared companies will find it easier to adapt to changes. Compliance is continuously measured, which can save organizations significant resources and allow for long-term growth.
ESET shares a review of the most important laws and regulatory frameworks in cybersecurity
- General Data Protection Regulation (GDPR): The GDPR is one of the strictest data privacy and security regulations in the world. It focuses on the privacy and data protection rights of individuals in the European Union, giving them control over their data and mandating secure storage and breach notification for companies that manage the data.
- Health Insurance Portability and Accountability Act (HIPAA): This law regulates the handling of patient information in hospitals and other healthcare facilities. It represents a set of rules designed to protect patients’ sensitive health data from misuse by requiring government entities to enact various safeguards to protect such data, both physically and electronically.
- National Institute of Standards and Technology (NIST) Frameworks: A U.S. government agency within the Department of Commerce, it develops standards and guidelines for a variety of industries, including cybersecurity. By imposing a certain set of policies that serve as a foundation for the security of organizations, it allows companies and industries to better manage their cybersecurity. For example, the NIST Cybersecurity Framework 2.0 contains comprehensive guidance for organizations of all sizes and current security posture on how they can manage and reduce their cybersecurity risks.
- Payment Card Industry Data Security Standard (PCI DSS): PCI DSS, designed to control the handling of credit card data. It aims to reduce payment fraud risks by strengthening security around cardholder data. It applies to all entities that handle card data, whether a retailer, bank, or service provider.
- Network and Information Security Directive (NIS2): This directive strengthens the cyber resilience of critical entities in the European Union by imposing stricter security requirements and risk management practices on entities operating in sectors such as energy, transportation, healthcare, digital services, and managed security services. NIS2 also introduces new rules for incident reporting and fines for non-compliance.
Some regulations provide for hefty penalties for non-compliance. For example, GDPR violations can result in fines of up to €10 million, or 2 % of global annual turnover, for any company that fails to notify a breach to a supervisory authority or data subjects. Supervisory authorities can also impose additional fines for inadequate security measures, with consequent additional costs.
In the United States, non-compliance with FISMA, for example, can result in reduced federal funding, government hearings, censure, loss of future contracts, and much more. Similarly, HIPAA violations could also have consequences, from fines of $1.5 million per year to even 10-year prison sentences.
“Ultimately, it is better to be safe than sorry (or sorry), and it is also wise to stay up to date on cybersecurity regulations specific to your industry. Instead of seeing it as an avoidable additional expense, your company should consider compliance as an essential and regular investment, doubly so in the case of mandatory standards, which, if neglected, could quickly turn your business, if not your life, upside down,” concludes Ramirez Cuenca, from ESET Latin America.
Contact details for ESET in Venezuela: https://www.eset.com/ve/. Also, its social networks: Instagram @esetla) and Facebook: (ESET).
With information and reference image provided by ESET and Comstat Rowland
Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram