WHAT'S THE BEST WAY TO PROTECT COMPANIES FROM CYBERSECURITY ATTACKS AND RANSOMWARE THREATS

ORLANDO, FLORIDA / AGILITYPR.NEWS / March 06, 2023 /

Breaking News - According to TheCorporateCounsel.net, today (July 21, 2023), the US SEC posted a Sunshine Act Notice for an open meeting of the Commissioners to be held next Wednesday, July 26th. On the agenda is the highly-anticipated rulemaking on cybersecurity risk management, strategy, governance, and incident disclosure. "Among other things, proposed to amend Form 8-K to require a registrant to disclose certain information within four business days after it determines that it has experienced a material cybersecurity incident... This seems like a particularly challenging topic to tackle — with the understandably heightened sensitivity involving companies who are themselves victims in a cybersecurity incident — and trying to thread the needle to address improved disclosure for investor protection. While this proposal may not have received as many comments as the seemingly record-breaking climate proposal, commenters — and Commissioner Peirce — voiced several concerns about certain aspects of the cybersecurity proposal that I’m sure the Corp Fin Staff has been spending this time carefully considering." Stay tuned if the US SEC regulator issues a new national cybersecurity rule for the capital markets.

Meanwhile back In February 2023, Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency said – “We need to continue to be vigilant, keep our shields up, and ensure that we are putting all those controls in place” as the nation needs to protect against potential Russian cyberattacks as the war with Ukraine presses on “we can’t assume that won’t happen going forward.”

Call to Action: The US Congress, The President, US SEC must agree on a new Federal Cybersecurity Governance Law to Protect America and the Privacy of US Citizens' personal data.

Stats/Facts: Cybercrime is predicted to inflict damages totaling $8 trillion USD globally in 2023 — would be equal to the world’s third-largest economy after the U.S. and China in terms of cost. Cybersecurity Ventures expects global cybercrime costs to grow by 15% per year over the next three years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined. Right now – +755,000 cybersecurity jobs are currently open across the United States: approximately 710,000 in the private sector and 45,000 in the public sector.

Analogy: Think “Cyber Pearl Harbor” but with a new Russian Attacker - a surprise electronic cyber attack with the potential to neutralize U.S. military power and cause massive disruptions in U.S. and global computer business networks nationwide. It’s literally happening now. But we now have an opportunity to guide future cyber strategies to prevent a future “Cyber Pearl Harbor” against America and EU before it can happen with a new federal cybersecurity governance plan to protect America homeland and also protect the privacy of all Americans.

BACKGROUND:

US Government Response to New CyberAttacks:

On March 2, 2023, President Biden issued its new “National Cybersecurity Strategy” because of significant cyber intrusions and ransomware attacks, including major social media superstars; financial institutions; and companies supported by national infrastructure -- targeted by Russia. (Source: https://www.upguard.com/blog/biggest-data-breaches-us) The Biden Strategy supersedes the last National Cyber Strategy, released by the Trump Administration in September 2018. 

The Trump administration bolstered U.S. offensive initiatives against cyberattack and state-backed actors. It also raised the alarm about having Huawei, the Chinese telecommunications mega-company accused of being an arm of the Chinese government for surveillance or allow Beijing to close-down communication systems at a time of military conflict. But the Trump administration has been less proactive in requiring U.S. companies to minimize potential cyberattacks via minimum protections and/or critical infrastructure (like internal controls) designed to create a fundamental company disclosure/reporting model designed to prevent cyberattack/ ransomware. BUT IT IS VOLUNTARILY...

Today, why not utilizing existing critical infrastructure (Internal Controls) used to verify FINANCIAL REPORTING to provide critical verified data for investor decision making (promote TRUST) currently MANDATED and RETROFITTING over to company CYBERSECURITY GOVERNANCE under the US Securities and Exchange Commission. We call create GOVERNANCE OVER to NON-FINANCIAL REPORTING PUBLIC COMPANY for better CYBERSECURITY/ PRIVACY with TEETH. These risks can have a significant impact on the entity’s operations and financial condition utilizing "ADD-ON" Governance to reduce regulatory pain from the GROUND-UP without put into regulatory operation. Especially if other nation's -- like the United States (POSSIBLE LEAD) to agree upon standards of regulatory oversights "OUT OF THE BOX" to reduce a company's regulatory compliance and tapped into TRUSTED INVESTORS to support CYBERSECURITY protections/ risk mitigation/ new innovation/technologies?

Capital markets are where savings and investments are struck/impressive between suppliers and those in need to solve opportunities/ better protectivity/ INVESTMENT OPPORTUNITY. Whether a democracy succeeds is said to depend on its system of governance related to critical independent "checks and balances"—that is, on the effectiveness of its mechanism for better decision making and correcting past mistakes and enhance new public and business policies to support the PUBLIC INTEREST. Among the most important “leveling” of these institutions are OPEN, TRANSPARENT, ACCOUNTABLE well-functioning capital markets – POSSIBLY -- the quickest means of accomplishing impressive economic growth and higher standards of living (CONSTANT EVOLVING CHANGE)...

SO HERE WE ARE- WHERE NOW RELATED TO THE CURRENT CYBERSECURITY PUBLIC/PRIVATE MODEL AND WHAT NEEDS TO CHANGE?

Today as well in the past for close to 100 years -- investors believe in a company mandate for the recognition, measurement, and disclosure guidance/standards for FINANCIAL reporting to support a thriving capital markets. Question: Should investors also believe that company CYBERSECURITY GOVERNANCE / ransomware disclosure/reporting also be mandated by by the US Securities and Exchange Commission (regulation) instead of "voluntary" disclosure/reporting - enforcement to better protect investors and access new capital for innovation/technologies through transparency and accountability?

With Russia’s renewed cyberattacks against America moving now into “year two Ukraine Potential Attack of EU” -- the Biden Administration has provided a summary overview of this cyber strategy policies which seeks to build and enhance collaboration around five pillars:

1. Defend Critical Infrastructure – We will give the American people confidence in the availability and resilience of our critical infrastructure and the essential services it provides, including by:

• Expanding the use of minimum cybersecurity requirements in critical sectors to ensure national security and public safety and harmonizing regulations to reduce the burden of compliance;
• Enabling public-private collaboration at the speed and scale necessary to defend critical infrastructure and essential services; and,
• Defending and modernizing Federal networks and updating Federal incident response policy

2. Disrupt and Dismantle Threat Actors – Using all instruments of national power, we will make malicious cyber actors incapable of threatening the national security or public safety of the United States, including by:

• Strategically employing all tools of national power to disrupt adversaries; 
• Engaging the private sector in disruption activities through scalable mechanisms; and, 
• Addressing the ransomware threat through a comprehensive Federal approach and in lockstep with our international partners.

3. Shape Market Forces to Drive Security and Resilience – We will place responsibility on those within our digital ecosystem that are best positioned to reduce risk and shift the consequences of poor cybersecurity away from the most vulnerable in order to make our digital ecosystem more trustworthy, including by:

• Promoting privacy and the security of personal data;
• Shifting liability for software products and services to promote secure development practices; and,
• Ensuring that Federal grant programs promote investments in new infrastructure that are secure and resilient.

4. Invest in a Resilient Future – Through strategic investments and coordinated, collaborative action, the United States will continue to lead the world in the innovation of secure and resilient next-generation technologies and infrastructure, including by:

• Reducing systemic technical vulnerabilities in the foundation of the Internet and across the digital ecosystem while making it more resilient against transnational digital repression;
• Prioritizing cybersecurity R&D for next-generation technologies such as postquantum encryption, digital identity solutions, and clean energy infrastructure; and,
•  Developing a diverse and robust national cyber workforce

5. Forge International Partnerships to Pursue Shared Goals – The United States seeks a world where responsible state behavior in cyberspace is expected and reinforced and where irresponsible behavior is isolating and costly, including by:

• Leveraging international coalitions and partnerships among like-minded nations to counter threats to our digital ecosystem through joint preparedness, response, and cost imposition;
• Increasing the capacity of our partners to defend themselves against cyber threats, both in peacetime and in crisis; and,
• Working with our allies and partners to make secure, reliable, and trustworthy global supply chains for information and communications technology and operational technology products and services.

In March 2023, COSO issued the new revised Committee of Sponsoring Organizations (COSO) framework (March 30, 2023) and how organizations can also apply this ERP framework for better cybersecurity infrastructure/ governance/ internal controls.

What’s Next on the horizon?

Clearly the Biden Administration believes that the U.S. can no longer support “voluntary company collaboration and security against cyber threats so the Administration must shift responsibility to industry through regulations when the market has allegedly failed to incentivize cybersecurity THROUGH better connection to the Capital Markets via assured recognition, measurement, and disclosure guidance/standards (building upon a +100 year of financial reporting disclosure). Novel concept? That means the nation and other capital market dependent countries MOVE to a more perfect public/ private partnership model built upon mandated regulations built on verification regarding critical cybersecurity infrastructure (internal controls) because the Administration is convinced that VOLUNTARY standards are simply not enough to both government / investors. Why not the same “GOLD STANDARD” for company financial reporting AND MOVE QUICKLY over to obtain funding to build cybersecurity infrastructure and PRIVACY protections using the same governance/regulations for the past +100 years?

It is clear -- the Administration is also looking to coordinate with Congress on legislation to mandate national privacy protections and security regulations/ laws to close the growing cybersecurity gap. Effort in these fundamental areas could also support future human capital disclosures that enhance better transparency and accountability to also support a thriving capital markets.

Continued to Page 2 below: