At a glance.
- DBI urges NCSC to improve communication with small businesses.
- UK unveils tighter cybersecurity requirements for telecom industry.
- Preparing for new cybersecurity regulations.
DBI urges NCSC to improve communication with small businesses.
Digital Business Ireland (DBI), the leading representative body for online businesses in Ireland, has submitted a letter to the National Cyber Security Centre (NCSC) calling for the creation of a working group to share information about cyber threats. BreakingNews.ie explains that the group could also discuss ideas for programs like employee training, as well as serve as a means for sharing information with NCSC. DBI chairperson Ashley McDonnell said, “DBI as a representative body for online businesses is uniquely positioned to communicate with a large number of businesses on concerns surrounding cybersecurity. A working group, led by the NCSC, would act as a forum for businesses to receive real-time information on ongoing threats so that they can quickly adapt and repel possible cyberattacks." While DBI published its own Cybersecurity Guide last year, McDonnell noted that greater engagement between government and smaller businesses is necessary to combat the ever-shifting tactics of threat actors.
UK unveils tighter cybersecurity requirements for telecom industry.
Today in the UK, the Department for Digital, Culture, Media and Sport (DCMS) announced a new set of cybersecurity requirements developed by the National Cyber Security Centre (NCSC) and aimed at broadband and mobile carriers. TechCrunch notes that, as the first major directives stemming from the recently passed Telecommunications (Security) Act, the sweeping rules will regulate not just how telecom networks operate, but also the services that run on these networks. Providers found in violation could be penalized with fines of up to 10% of annual revenues, and continuing contraventions could cost them £100,000 a day. Enforced by Communications regulator Ofcom, the rules will be introduced this October, with full implementation required by March 2024. “The new telecoms security regulations will be among the strongest in the world,” DCMS stated in the announcement. As Tech Monitor explains, telecom companies are currently largely self-regulating, but a recent Telecoms Supply Chain Review showed that providers are unmotivated when it comes to adopting cybersecurity best practices. NCSC Technical Director Dr Ian Levy stated, “We increasingly rely on our telecoms networks for our daily lives, our economy and the essential services we all use. These new regulations will ensure that the security and resilience of those networks, and the equipment that underpins them, is appropriate for the future.”
Preparing for new cybersecurity regulations.
The Harvard Business Review (HBR) offers advice for companies preparing for the wave of new cybersecurity regulations being introduced all over the world. Last year thirty-six US states passed new cybersecurity laws, and a bevy of agencies are working on regulations at the federal level. China, Russia, India, and the EU have also developed or are in the process of implementing data protection and incident reporting laws. HBR recommends companies in the US work to define “materiality” and review their current policies and procedures to determine where materiality applies under these new measures. As well, they should update their ransomware policies, prepare to provide a detailed and up-to-date Software Bill of Materials (SBOM), and devote employees to the task of staying abreast of proposed legislation.