“Merely introducing new guidelines and not using a cultural shift in how corporations prioritize and implement sturdy safety measures can render these updates ineffective,” mentioned Borja Rodriguez, supervisor of menace intelligence operations at cybersecurity vendor Outpost24. “Corporations should not solely adjust to the foundations but additionally embed cybersecurity into their core operations and put money into proactive methods.”
Imposing stricter guidelines and fines may “unintentionally present leverage to ransomware teams,” as these fines are sometimes cited in ransom calls for to stress organizations into paying, Rodriguez warned.
“To mitigate this, the federal government ought to contemplate balancing enforcement with incentives for real enchancment in cybersecurity posture, reminiscent of funding, help applications, or recognition for reaching excessive safety requirements,” Rodriguez mentioned.
