Swimming in the Sea of Compliance

When it comes to compliance you need to juggle with many regulations and standards. With so many requirements to comply with, it can be overwhelming to manage it all. But ignoring compliance could lead to serious consequences for your organization. Therefore, you have to make sure your organization meets all necessary requirements to avoid loss of customer trust, reputation damage, or hefty fines.

Cybersecurity Regulations in the European Union

The EU has been actively working on strengthening cybersecurity and the safeguarding of communication and data in multiple fields, including politics, energy, economy, healthcare, and the financial sectors, for quite some time now.

These sectors have become increasingly dependent on digital technologies. However, the complex, overlapping legislative systems across these sectors could still prove ineffective for the growing concerns of modern cybersecurity in the future.

It is a well known fact that there is no single, global approach being adopted for cybersecurity and regulatory management and oversight. This makes the process of compliance management more difficult. While it can be challenging to understand and achieve compliance with the requirements of a single regulation, as was the case with GDPR for example, the process becomes infinitely more complicated when you need to synthesize standards and regulations enforced by multiple regulators.

The most obvious examples are encompassing both already in force as well as regulations announced for the near future, such as: GDPR, PCI/DSS, NIS, NIS2, to name just some of them.

And more regulations

Digital Markets Act (DMA), adopted in 2022, boosts competition among online service providers, while the Digital Services Act (DSA) protects users from online harm.

Cyber security regulation will see significant developments (like DORA) to harmonize highly sensitive information in the financial sector with cybersecurity measures to handle outages, mitigate leaks, disable unauthorized access, and prevent data loss.

The Cyber Resilience Act will set tighter cybersecurity requirements for connected devices to make common consumer practices way more transparent. Regular monitoring for updates will be accompanied by stricter enforcement.

Artificial intelligence is another EU regulatory focus. The AI Act will set fair play rules for businesses that use, create, or sell AI products and services across the EU. The AI Act regulation is to be adopted by the end of 2023 with the forthcoming of all compliance controls.

Finally, the European Commission is to shift the payment sector by reviewing the PSD2 regulation for online transactions.

Where do you stand in the middle of this?

You should closely monitor all relevant topics. Observation shows that the EU does not hesitate to set higher and higher penalties in case of noncompliance. Added to that is the knowledge that the number of cyberattacks against companies is ever increasing, so the bill seems to be getting higher and higher.

For example, NIS2 mandates a more comprehensive set of powers to be conferred on competent authorities. They will be able to penalize at least equal to a fixed amount or 2% of worldwide turnover for essential entities. This is a significant incentive for businesses to make sure they are meeting their obligations. These new potential penalties will be a major lever for resilience in the EU and beyond.

Cybersecurity compliance strategy

Once you’ve identified relevant regulations, it’s important to map them against existing internal policies and procedures. This will help you identify gaps and overlaps between different requirements from various regulations, allowing you to prioritize efforts for achieving compliance.

Merging and combining requirements from different regulations and standards

Merging and combining requirements can be a daunting task. One way to simplify this process is by identifying commonalities across different regulations and standards. For instance, the NIS2 directive requires organizations to implement appropriate technical measures to protect against cyber threats, while ISO/IEC 27001 outlines best governance practices for such measures within an Information Security Management System (ISMS). By identifying overlapping areas between frameworks, organizations can streamline their compliance efforts.

Another key consideration when merging requirements from multiple sources is ensuring that each requirement is met in its entirety. This may involve mapping out each regulation or standard’s specific controls against one another and prioritizing those that are most critical.

Ultimately, successfully merging requirements requires a comprehensive understanding of each framework as well as careful planning and execution.

Tools and platforms to help in managing and achieving cyber security compliance

Popular tools used are so-called GRC (Governance Risk Compliance) software or platforms. These tools allow companies to integrate their compliance initiatives into one platform for easier management. It also provides monitoring capabilities to ensure ongoing compliance with relevant regulations.

Vulnerability scanning tools can be good complementary tools, which helps identify potential risks within an organization’s network infrastructure. Additionally, it recommends solutions to address any vulnerabilities identified during scans.

For organizations using cloud services like AWS or Azure, cloud security posture management platforms provide real-time visibility of security posture across multiple clouds. The platform identifies misconfigurations and non-compliance issues while providing remediation advice accordingly.

Recommendations for security leaders on how to effectively manage cyber security compliance

Firstly, it is crucial to have a clear understanding of the regulations and standards that apply to your business. By merging these requirements into one comprehensive strategy, you can streamline your compliance efforts and avoid duplicative work.

Secondly, investing in tools and platforms designed for managing cyber security compliance can greatly improve efficiency. These solutions provide real-time visibility into your organization’s risk profile and automate many tasks related to monitoring and reporting on compliance.

Thirdly, establishing a culture of accountability within your organization is essential for maintaining ongoing compliance. Regular training sessions on best practices will ensure everyone is aware of their role in keeping information secure.

Conducting regular audits to assess the effectiveness of your cybersecurity compliance program is critical, and very often mandatory, for ensuring continued compliance with regulatory mandates. Being proactive about identifying vulnerabilities or areas needing improvement will help prevent costly fines or reputational damage from data breaches or leaks.

By following these recommendations, you are well-equipped to stay ahead of evolving threats while also meeting regulatory obligations without breaking the bank or compromising customer trust.

Additional tips

Making senior managers accountable for cyber resilience is a major step. Accountability drives behaviour and outlining that senior management needs to know security standards and oversee processes aligned to risk management practices, and sufficient to manage that risk, will drive change from top to bottom in an organisation.

Cybersecurity compliance has to be a board-level and senior management issue and not delegated to technical teams.

Cyber hygiene practices can help

If you feel that achieving compliance is a tenuous exercise, fear not! If you consistently practise good cybersecurity hygiene, you are already on your way to being compliant.

Although attacks are becoming more advanced, the fact, however, is that most successful attacks are the result of routine lapses:

  • Lack of visibility on what endpoints are connecting to your network,
  • Failing to monitor and deploy patch updates consistently and rapidly,
  • Misconfigurations or poor and insecure configurations,
  • Not enforcing strong authentication and authorization,
  • Slow identification and resolution of breaches, ultimately harming core business operations,

Cyber hygiene reduces the opportunity for fraudsters to infiltrate an organization’s network, or at the very least, makes it so difficult that they give up and hunt for another victim. Compliance is the key benefit of excellent cyber hygiene, besides the apparent advantage of robust cybersecurity.

Conclusion

In conclusion, achieving and managing compliance with cybersecurity regulations and standards is critical for organizations to protect their sensitive data and prevent cyber attacks. By following these strategies and recommendations, CISOs and Security Leaders can ensure that their organizations comply with regulations and standards.

Remember: compliance is not a one-time activity, but a continuous process that requires ongoing efforts and resources. With the right approach, compliance can become a competitive advantage for organizations, demonstrating their commitment to protecting sensitive information and ensuring the trust of their customers and partners.

Questions You Should Ask Potential SIEM Solution Provider

How does the product meet our auditing and compliance needs?Although it has been supplanted by threat detection, compliance management is still one of the most frequent use cases for SIEM solutions. It can provide coverage for ISO27001, PCI DSS, and SOX, among many others. You need to make sure that a potential solution is compatible with your specific industry regulations. Ask your potential vendor to demonstrate a clear relationship between your industry compliance needs and their policies.

Do you offer assistance with deployment or training for personnel?
Once deployed, a SIEM solution requires a dedicated team of skilled analysts to manage and ensure effective use. You should inquire with any potential SIEM vendors about what they can offer to offset the stress of deployment and operation. (SIEM Buyers Guide)

Cost considerations

Enterprise-grade SIEM systems can cost hundreds of thousands of euros. It requires initial license costs, often arranged as base price plus user or node, database costs for servers, hiring and training personnel, and costs of additional external storage. Not all businesses can afford it. Some SIEM vendors offer a lightweight version with basic log management and reporting capabilities without advanced analytics, a good alternative for businesses looking to save money.

For relatively small companies or those with simple IT infrastructure, the cost of an AI-enabled SIEM would probably be prohibitive while offering little to no advantage when coupled with good security hygiene.

A large and complex IT infrastructure might easily justify the costs. However, it is always advisable to get a detailed evaluation of the products.
Data security, cloud security, and infrastructure protection are the fastest-growing areas of security spending through 2023. In 2018, a whopping $7.1B was spent on AI-based cybersecurity systems and services, which is predicted to reach $30.9B in 2025, according to Zion.

Operating considerations and benefits

SIEM also requires constant monitoring from the IT security team. Manually monitoring every system is not only exhausting but will also induce burnout. SIEM backed with AI capabilities can offer:

  • Self-learning to automate repetitive, unstructured processes
  • The ability to automate system alerts
  • Data visualization dashboards
  • Real-time analytics
  • Top-level enterprise security
  • Cross-department sharing

SIEM still cannot match the power of human ingenuity and collective collaboration of cybersecurity adversaries. Hence, the enterprise’s security team needs to take the lead on threat hunting and incident response. However, a properly implemented AI-augmented SIEM can optimize these processes through its predictive and automated capabilities.

Such SIEM can provide the groundwork for an IT security team, for instance, through security correlation rules, it can perform automated threat hunting. The AI element in SIEM can identify false positives through the automatic application of contextualization on all alerts. AI-augmented SIEM can speed up the detection and response times.

Essentially, you can think of this technology not only as a second pair of eyes, but also another set of hands. However, keep in mind that specialized human intelligence will always triumph over AI.

Other AI powered options

If you already have a SIEM and want to hold onto it, you can complement it with an AI and automation driven MDR service that coexists alongside your current system. As a reminder, Managed Detection and Response (MDR) is an outsourced service that provides organizations with threat hunting services and responses. Also, there is a team of experts who monitor your endpoints, networks, and alerts.
Another alternative is to decommission the SIEM entirely and upgrade to a SOAR platform. Whether you choose an MDR service or a SOAR platform for detection and response depends on your unique business needs and, of course, your budget.
In the last four or five years, we have seen security teams trying to use Security Orchestration, Automation, and Response (SOAR) products to “clean up” some of the noise that the sensors generate – combining SOAR with SIEM.

The Takeaway

AI and ML-driven SIEM solutions continue to gain traction. Therefore, it is crucial for you as a decision-maker to recognize the potential of these technologies and prioritize their adoption. Then, you can make more informed choices about the tools and solutions.
To ensure a successful transition to AI and ML-driven cybersecurity solutions, your organization must also invest in building a skilled workforce that understands these technologies and can effectively utilize them. This may include providing training and development opportunities, as well as collaborating with academic institutions and industry partners to address the AI and ML skills gap.
By carefully considering these challenges and working towards overcoming them, you can successfully harness the potential of AI and ML-driven SIEM solutions to enhance the cybersecurity posture in an increasingly complex digital landscape.

Share this post
Next IT Security Team
Next IT Security Team
Articles: 321

Nordics Edition

C-Level IT Security Event

BeNeLux Edition

C-Level IT Security Event

DACH Edition

C-Level IT Security Event