The cybersecurity landscape is plagued by the fact that cybercriminals seem to be permanently one step ahead and rather than addressing the problem, it seems that regulation is, in some cases, compounding the problem. Understandably, many organizations are opting to define security policies based on regulatory requirements, however the result is that their security postures become very quickly out of date. Not only are regulations typically at least 24 months old by the time they are implemented, but a compliance-only approach actually provides hackers with an ‘access blueprint’ – as weaknesses in the security model that are not covered by regulation are clearly visible.
With high profile security breaches continuing to hit the headlines, organizations are clearly struggling to lock down data against the continuously evolving threat landscape. Yet these breaches are not occurring at companies that have failed to recognize the risk to customer data; many have occurred