The Year of Enforcement
The August 23rd, 2022, Telarus Tuesday call welcomed Tracy Fox, National Channel Sales Director, Foresite. Foresite explained why 2022 is being called “The Year of Enforcement”, including little-known requirements that most customers don’t even know they have to meet to protect data and some true stories of what happens when they fail. The entire recording can be viewed here.
About Foresite
Make cybersecurity and risk management simple, affordable, and scalable with Foresite Cybersecurity. Organizations of all sizes can quickly and easily connect their entire security stack for better ROI and deeper insights, including real-time risk scoring against 260+ global compliance frameworks.
Their Products, including ProVision Open XDR and Foresite Integrated Risk Management, were built by experienced cybersecurity professionals using CISO logic and the latest AI and machine-learning techniques.
Their Solutions provide concierge security support with point-in-time evaluations, GRC consulting, and 24×7 SOC-as-a-Service operations.
Their Partners include some of the world’s leading MSPs and technology solutions providers.
WHAT ARE THE DRIVERS?
- Data privacy legislation in all US states
- DOJ Fraud Acy enforcement – pays whistleblowers
- FTC- Security Safeguard Rule – Broader application and data protection required by December
- HIPAA – 12-month “lookback” after a breach or during audits
- Commercial insurers denying coverage and claims lacking “reasonable” controls
Coming in 2023
- PCI DSS 4.0 requirements
- NIST 800-171/Cybersecurity Maturity Model Certification (CMMC) enforcement starts
Threat Scenario Example
The Department of Justice Civil Cyber-Fraud Initiative was used by a former IT staffer of a manufacturer subject to data security requirements in their government contracts. The claim was that the company had lied about its adherence to compliance requirements and sought damages of over $19 billion, three times the sum of every invoice the company had been paid. Although no breach occurred, the U.S. District Court rejected the company’s argument that the government did not suffer any damages. Less than 24 hours after the jury was selected, the company agreed to a $9 million settlement, plus attorney’s fees.
The False Claims Act includes a financial incentive for company insiders/whistleblowers to uncover and report fraud. If their disclosure results in the recovery of funds by the United States, the whistleblower will be entitled to 15-30% of the funds recovered.
Risk Can Be Minimized
Proactively aligning to a recognized cyber framework to uncover and remediate gaps minimizes risk and can provide “Cybersecurity Safe Harbor.”
- NIST Cyber Security Framework
- NIST 800-171/Cybersecurity Maturity Model Certification (CMMC)
- NIST 800-53
- CIS Controls
- FedRAMP
- FISMA
- GLBA
- HIPAA
- ISO
- PCI DSS
Security Operations Platform: Foresite ProVision
Their platform provides access to cybersecurity and compliance solutions, from cyber testing, compliance assessment and tracking, threat monitoring, management of the client’s firewalls and endpoint solutions for an initial response, and even forensic help when needed.
Key Questions to Ask Prospects & Clients
- How do you detect and validate potential cyber threats 24/7/365?
- How do you track your compliance to data protection requirements?
- Have you confirmed if cybersecurity safe harbor could protect you in a data breach?
- What resources do you have to negotiate with hackers, perform forensics and confirm if data has been exfiltrated?
- Could failure to maintain compliance or take “reasonable” precautions invalidate your cyber breach claim?
For more detailed information discussed in the call, please watch the recording on YouTube! The entire recording is available here.
To learn more about Foresite, visit foresite.com.