Higher Expectations Around Disclosure
There’s going to be an expectation going forward that enough information is shared by cyberattack victims to benefit similarly situated organizations, according to Sophos CEO Kris Hagerman (pictured above). More disclosure allows the industry as a whole to be more aware of the cyberthreats out there as well as how to stay protected against exploits that are currently active in the wild, Hagerman said.
Victims need a mechanism to disclose in a private and confidential matter quickly and thoroughly what happened, why it happened and who the perpetrators are believed to be, according to Hagerman. There should be mandatory disclosure around incidents that rise to a certain magnitude or flip specific triggers, rather than allowing the organization to decide for itself whether or not it wishes to share.
In addition, Hagerman expects the current decentralized, laissez fare approach to cybersecurity regulations in the U.S. to be supplanted by something that requires endpoint protection, an active incident response plan and regular third-party testing. There will be a baseline set of security best practices that get rolled out by federal agencies to companies in the critical infrastructure space.