BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

What Should Leaders Do To Prepare For The Future Of Compliance?

Following

PayPal is letting go of around 7% of its workforce—2,000 employees. The company joins other tech giants in trimming costs to stay competitive amidst a volatile market. In a statement, PayPal’s chief executive Dan Schulman said, “We must continue to change as our world, our customers, and our competitive landscape evolve.” PayPal’s announcement follows a sizeable wave of layoffs orchestrated by tech companies, including Google’s parent company Alphabet, Amazon and Microsoft, reported the BBC.

Consequently, the loss of personnel, budget cuts, and changing regulations contribute to the increasing complexity of delivering continuous compliance for Information Security (InfoSec) and risk management. The challenge is, therefore, ensuring that organizations meet security, privacy and regulatory requirements while cost-effectively monitoring existing resources and emerging threats.

But, according to the 2022 Cybersecurity Workforce Study, despite efforts to bridge the gap, the global cybersecurity workforce shortage has grown 26.2% since 2021. This leaves an urgent need for 3.4 million more skilled professionals to ensure assets are effectively secured and protected against malicious cyber threats, which are increasingly prevalent.

Just last week, 10 million JD Sports customers were purportedly affected by a cyber-attack that leaked their data, leaving them vulnerable to potential fraud and identity theft. The Guardian reported the “incident affected shoppers at JD, Size?, Millets, Blacks, Scotts and Millets Sport brands.” Meanwhile, Royal Mail disclosed to the public that it had been attacked by a malicious group using ransomware. This criminal threat threatened to make all stolen information accessible online, hindering international parcel and letter delivery services, concluded The Guardian.

Research commissioned by Bridewell found that 42% of respondents were anxious that a possible breach in their employers’ networks was inevitable. As such, they were contemplating resigning from their jobs out of worry for the damaging impact it could have on their careers. Another study conducted by Hyperproof discovered that 85% of respondents said their risk and compliance management team spends at least 30% or greater of their time at work on repetitive tasks—a prominent contributor to stress and burnout.

With the sudden departure of overwhelmed InfoSec personnel comes the likelihood that critical project management information is lost and tasks essential to maintaining compliance aren’t completed. Craig Unger, the founder and CEO of Hyperproof, predicts that further layoffs in the tech sector will only expedite this issue, putting more pressure on InfoSec and risk management teams.

In an interview, Unger explained that early in his career—as a developer at Microsoft—he was tasked with helping to build the company’s Passport product. The service (since renamed as Microsoft Account) was critical during Microsoft’s move to Cloud technology, and Unger wanted to maintain the highest level of compliance possible after a settlement with the FTC led to heavy auditing within the organization.

“When I left Microsoft to co-found Azuqua, a company working in cloud and integration workflow, I once again was faced with compliance challenges,” said Unger. “First, we were barraged by complex spreadsheets and questionnaires relating to how we designed, built, and operated our services. Then, he added, “After filling out 200-question reports dozens of times, our startup of about 20 employees began pursuing various security certifications that also took a lot of time to complete. It made me reflect on how—whether it was a huge company like Microsoft or a startup like Azuqua—the approach to compliance was the same. The process was manual, error-prone, redundant and universally reviled.”

This is an interesting perspective because it points to the fact that security compliance is an issue for large corporations and smaller businesses. Also, it is important to note that the current compliance landscape has created an extra burden on InfoSec professionals. Finally, it’s a reminder of why leaders must invest in automated solutions and resources—such as technology, personnel and processes—to ensure they have the capacity to address cybersecurity threats quickly, effectively and cost-efficiently.

Evidently, the need for an effective solution that helps organizations of all sizes bridge the cyber-skills gap is more pressing than ever. If a cyber-skills gap persists unchecked, it will undoubtedly affect companies’ ability to remain secure and compliant in the long term. Therefore, efforts must be made to attract more people into the field while investing in solutions to help InfoSec professionals manage the risk burden. Automation and artificial intelligence may prove to be the answer to that. The hope is that pairing up-and-coming professionals with automation tools can bridge the gap between manual labor and a high level of security compliance. Hopefully, such measures will help build a more secure future. But only time will tell.

So, what should leaders do to prepare for the future of compliance?

The first step is to invest in solutions that can help streamline and automate tasks. Automation solutions can reduce manual labor, freeing up InfoSec personnel’s time for more complex tasks. In addition, organizations should focus on recruiting talented professionals with a strong understanding of risk management and cybersecurity. They should also provide them with the training and resources they need to stay up-to-date on the latest trends and best practices. Finally, organizations must recognize that managing risk isn’t a one-time event - it requires ongoing attention and effort. By taking these steps, leaders can ensure their organization is well-positioned for success in a rapidly changing environment. That said, staying ahead of the curve is crucial by regularly evaluating and re-assessing risks—especially in today’s digital world.

By taking these steps, organizations can ensure they comply with the latest regulations and standards while staying vigilant against security threats. Ultimately, this helps protect their data and operations from malicious actors and reduces the risk of a data breach. Moreover, doing so is essential for staying competitive in the long term—and will enable businesses to thrive in an ever-evolving compliance landscape.

Follow me on Twitter or LinkedInCheck out my website