In this segment of his keynote address from Trava's #BeCyberSmart: Cybersecurity Awareness for Today's SaaS Companies live event, Trava co-founder and CEO Jim Goldman provides more insight into how small businesses should be thinking about cybersecurity by predicting how legislation might impact the cybersecurity industry in 2022 and what changes we might see.
Business leaders will also learn more about what comprehensive cyber risk management should look like, why each component is critical, and common pitfalls small business leaders face when implementing a cybersecurity program.
Cybersecurity is something businesses of all sizes need to consider moving forward into 2022 and beyond. In our video, Trava co-founder and CEO Jim Goldman provides insight into how SMBs should be thinking about cybersecurity in the future. He also discusses how government regulation might impact cybersecurity measures this year and what changes we’ll possibly see.
Security requirements are often mandated by customers; however, the government also gets involved. CEO Jim Goldman is asked what changes he foresees in requirements in 2022 from the government. He projects government entities, perhaps most especially the U.S. Department of Defense, will get stricter about CMMC security standards for government contractors, providers, suppliers, and other entities working with the government. Expect CMMC certification to be required very soon.
A lack of industry regulation creates cybersecurity problems and, ultimately, governments will eventually intercede to provide solutions. However, many businesses object to the government, not just the U.S. but any government, passing cybersecurity standards and regulations. Yet, at the same time, they largely aren’t stepping up to do the job themselves, but if they did, this would resolve most problems they have with government-imposed mandates.
An interesting example is the payment card industry. They didn’t want government mandates outlining how to deploy security, so they took it upon themselves and created PCI security standards. If more industries were to take charge and deploy industry-developed solutions, much like the payment card industry did, this could go a long way towards security standardization. Even better, industries could quickly adapt as needed rather than wait for sluggish legislation to correct problems that emerge as technological development rapidly evolves.
CEO Jim Goldman predicts higher expectations for businesses to obtain ISO 27001 certification, along with other increased regulations, requirements, and mandatory standards. However, it’ll be up to individual business owners to determine if they want to invest or not.
Essentially, there are two primary reasons to invest in a cybersecurity program – business motivation or regulatory obligation. Big contracts, breakthrough customers, or government-mandated standards often steer companies towards the implementation of stronger cybersecurity measures. No business is safe from cybercriminals and to compete in any given industry, companies will need to adapt as standards emerged, whether by private industry or government.
Although the bottom line is, regardless of the reason, businesses will increasingly have to invest in better cybersecurity if they want to achieve their goals or meet compliance standards.