Enews-Sept 2023 Are you drowning in compliance? by STEVE MANSFIELD-DEVINE September 3, 2023 written by STEVE MANSFIELD-DEVINE September 3, 2023 245 As new mandates come online, most firms need to ensure IT systems meet changing regulations. But is compliance stealing resources from cybersecurity efforts?Four out of five firms are more worried about compliance than they were five years ago, according to recent research from Hornetsecurity. In more than half (57%) of organisations, the IT department bears the load of compliance assurance, the study reveals. “There are processes, organisational ard technical components. A given organisation may be beholden to multiple regulatory frameworks and governing bodies – each with its own ever-changing rules and requirements. On top of that, amidst the chaos of getting these controls into place, many organisations struggle to keep up with changing regulations.”In many cases, this is complicated by the fact that different people within the organisation are responsible to various regulators.“GDPR, for example, falls under the data protection officer’s remit, PCI or the Digital Operational Resilience Act (DORA) regulation might fall on business application owners, while NIS2 may come under an organisation’s CIO or CISO remit,” says Romain Deslorieux, director strategic partnerships for cloud protection at Thales. Major distractionHowever, at a time when many organisations are also struggling to ensure adequate cybersecurity, often with overworked staff, aren’t compliance efforts likely to have an impact?“The burden of compliance can be distracting,” says Erfan Shadabi, cybersecurity expert at comforte AG. “Instead of proactively fortifying their defenses and staying ahead of cyberthreats, organisations may find themselves allocating significant time and resources to meet regulatory obligations.”Compliance and security are not the same thing.“While being compliant with certain regulatory frameworks does tend to improve a business’s security posture through documentation and good security practices, being compliant is by no means a guarantee of security,” says Hofmann. “There is also an argument to be made that IT departments that are focusing heavily on complex compliance requirements may mistakenly miss security basics.” Read More Enews6-latest 0 comment 0 FacebookTwitterPinterestEmail STEVE MANSFIELD-DEVINE previous post 4 ways at-risk IT employees can navigate automation and potential job loss next post Agility that breaks records, smashes boundaries You may also like Moving IT to the forefront of the business... September 4, 2023 Agility that breaks records, smashes boundaries September 3, 2023 4 ways at-risk IT employees can navigate automation... September 3, 2023 The cybersecurity spiral of failure (and how to... September 3, 2023 Webinar: ML-at-Scale ’23 September 3, 2023 HPE Developer Meetup: DevOps Alert: Tool Sprawl. Complexity.... September 2, 2023 Tech companies demanding an end to remote work September 2, 2023 What’s the difference: AI vs. ML vs. DL? September 2, 2023