The SEC Won’t Let CISOs Be: Understanding New SaaS Cybersecurity Rules>
The Hacker News –
The U.S.
Securities and Exchange Commission (SEC) has extended its cybersecurity mandates to include public companies using Software as a Service (SaaS).
These requirements have shifted the attention to SaaS security and the risks associated with SaaS-to-SaaS connections, without making any distinction between data breaches that occur with on-premise, cloud, or SaaS environments.
The SEC has cited a substantial rise in cybersecurity incidents and recognizes the essentiality of disclosing material risks from cybersecurity threats.
The increasing prevalence of SaaS cybersecurity incidents despite organizations rating their SaaS cybersecurity maturity as moderate to high stands as a focal point.
This trend has prompted the SEC to extend its regulatory oversight.
Moreover, the SEC regulations also specify prevention measures and boards and management’s role in cybersecurity risk and threat oversight.
The SEC’s aim is to enhance investor confidence, ensure regulatory compliance, and foster a proactive cybersecurity culture with a focus on cybersecurity hygiene.
To address the risks, companies need to adopt better cybersecurity practices, understand their SaaS-to-SaaS connections, and prioritize SaaS system security.
A SaaS security posture management (SSPM) tool can help monitor configurations, permissions, and SaaS-to-SaaS connections and alert security and IT teams of potential threats and configuration drifts, aiding in thorough and factual disclosures within a four-day window.
Ultimately, the focus on improving SaaS security remains vital in protecting data markets and investors.
Link: https://thehackernews.com/2024/01/the-sec-wont-let-cisos-be-understanding.html