Is a global consensus on cybersecurity possible?

Welcome to the new 74 cyber warriors who joined us last week. 🥳We are delighted to have you as part of our community. Each week, we'll be sharing insights and ideas from the Black Hat MEA community straight to your inbox, including exclusive interviews and key moments from the #BHMEA22 keynote stage. Thank you for subscribing and stay tuned for more!

This week we’re focused on…📢

New (and new-ish) regulations are having an impact on how cybersecurity professionals work.

Why?

Because we interviewed Bjørn R. Watne (SVP and CSO at Telenor Group), and he said:

“These days geopolitics are playing a much bigger role than before in my field.”

“Sanctions make it difficult to follow up on supply chains,” he added, “and new regulations like DORA and NIS2 put more strict requirements on how we do initial risk assessments, that we to a larger degree include any involved third-parties, and that we are more diligent in reporting incidents and vulnerabilities.”

Regulations like…⚖️

Watne named two key regulations there:

• The Digital Operational Resilience Act (DORA). Issued by the European Union, it aims to upgrade ICT risk requirements across the financial sector, so that everyone involved in the EU financial system is held to the same common set of standards. DORA requires that companies make sure they can withstand all ICT-related threats – increasing the need for expert cybersecurity operations, and upping the pressure on CISOs.
• NIS2. Also in the EU, the NIS2 Directive is a piece of cybersecurity legislation that places stricter obligations on organisations that operate in critical sectors. Those requirements cover risk management, incident reporting, and information sharing.

But many other regulations around the world have come into play in recent years. And they’re affecting security in a plethora of ways.

Including:

• Imminent new Securities and Exchange Commission (SEC) rules in the US. They’ll force listed companies to report cyberattacks to key stakeholders – including investors, customers, and regulators.
• The ADGM Data Protection Regulations in the UAE. Introduced in 2021, this is a robust framework to ensure more stringent data security standards which are on a level with tightening privacy practices around the world.
• The Cybercrimes Act in South Africa. Legislated in 2021, the goal is to reduce cybercrime and consolidate relevant laws. It includes 20 new cybercrime offences with prescribed penalties, and offers legal authority on how to handle cybercrime.
• The Guideline for a Model Law on Cybersecurity, launched by the United Nations Economic Commission for Africa in 2022. It’s expected to provide guidance to member states, creating the conditions for a more coordinated stance on cybersecurity. Guidance within the model law can be tried and tested by member states, and used as a framework for countries to develop their own regulations for the protection of data and critical national infrastructure, and the promotion of cybersecurity industry.

OK, we’ll stop now ✋

There’s loads of new legislation arriving on the scene. You get the point. And you already know this – you’re working with it.

Towards a global consensus on security?

Watne said:

“Adapting to this new regulatory landscape, and political challenges, takes a lot of focus right now – especially for a global operation like ours.”

And as global and local organisations work to adjust to legislation and geopolitical challenges, we’re wondering whether a global consensus on cybersecurity is possible. 🌍

We know international collaboration between security professionals is a powerful thing. But in the future, will we all be working together in a more formalised way? We don’t know the answer – but we’d love to know what you think.

We’ve got a double dose of wisdom from Bjørn Watne for you. Read his full interview on the blog, or head to the BHMEA podcast to learn more about the current state of cybersecurity.

Has your work become more or less complicated as a result of cybersecurity regulation?

1. MUCH more complicated😬 vote

2. Not more complicated 🤥 – just different vote

3. Less complicated 🤓 vote

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 26 July 2023.

Catch you next week,
Steve Durning
Exhibition Director

P.S. - Mark your calendars for the return of Black Hat MEA from 📅 14 - 16 November 2023. Want to be a part of the action?