As more government agencies get involved with creating cybersecurity regulations, security professionals will need to monitor new laws and understand which apply to their industry and whether some overlap or conflict. Increased enforcement from different agencies can mean significant consequences even if breaches are avoided.

As the new administration adjusts regulations, chief information security officers (CISOs) will need to add governmental cyber regulations to their daily watchlists. Consider the following key areas that impact enterprise security in multiple ways.

Federal Cybersecurity Regulations

The Cybersecurity Information Sharing Act of 2015 provides a framework for the federal government, some state governments and private industry to securely share cyberthreat information. As part of that action, the Security and Exchange Commission (SEC) established guidelines for regulated firms to comply with specific regulations. For example, the SEC recently settled a case with a company that suffered a data breach that compromised the personally identifiable information (PII) of nearly 100,000 people, showing its commitment to increasing security — particularly in the financial sector.

Government Fraud and Waste

Banking and finance regulations have been the focus of attention in the years since the Great Recession, and offshore tax evasion has been high on the Department of Justice’s list of targets. In 2015, the DOJ, under its Swiss Bank Program, entered agreements with multiple banks to encourage cooperation with regard to financial transactions.

Additionally, the Organization for Economic Cooperation and Development (OECD) created a global standard for financial institutions to exchange account information automatically in an effort to restrict offshore tax evasion. These efforts need to be understood and considered as companies conduct business around the globe. CISOs must institute measures to alert them when suspicious activities threaten their standard business practices.

Corporate Compliance

The Organizational Sentencing Guidelines of 1991 set the stage for federal oversight of corporate activities. In 2015, the DOJ hired a compliance counsel to guide prosecutors with regard to specific charges that might be brought against companies.

Since that time, the DOJ has demonstrated a commitment to pursuing a variety of charges. New guidelines are likely to bring about changes in how the agency monitors compliance. CISOs need to be aware of changes and update their compliance practices as needed.

Global Cooperation

The internationally connected internet narrows or eliminates separations between regulators in countries around the globe. This connectedness increases the complexity of interactions in companies, some of which may not even know the specific countries where they are doing business. Privacy regulations vary widely and change frequently as governments strive to protect their own and their citizens’ interests. CISOs need to be vigilant about changes in regulations on a global basis.

Focus on Money Laundering

Global trade involves the movement of money across international borders, and some governments are concerned about funds being routed to terrorist organizations. Closely associated with those concerns is the prospect of money laundering that hides the sources and destinations of funds. CISOs must monitor the routes of transactions and assure they are within federal and state guidelines.

Trade Sanctions as Foreign Policy

Trade sanctions have long been used to encourage behavioral changes in foreign governments. The U.S. has increased its use of sanctions for a variety of purposes against countries in recent years. Often, those sanctions impose criminal or civil penalties against U.S. companies that violate them. CISOs need to understand the specifics of international sanctions and monitor the sources and destinations of business transactions that take place across borders to be in full compliance with laws.

Government regulations are in flux, and CISOs are responsible for the security and compliance of their companies’ transactions and business dealings. They must maintain a current view of government rules and understand how they apply to and affect the data that flows in and out of the organization, even if they are not responsible for the contents of those transactions.

Listen to the podcast: Lessons from the NIST Cybersecurity Framework

More from CISO

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…

Laid Off by Big Tech? Cybersecurity is a Smart Career Move

Big technology companies are laying off staff as market conditions change. The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years. As noted by Stanford…