Compliance and Risk Management in 2022: Top 10 Stories

2022 brought fresh approaches to security training and increased government involvement in stemming cyber threats.

The Biden-Harris administration introduced the Bureau of Cyberspace and Digital Policy among other initiatives. Across the pond, the UK rolled out laws that seek to eliminate state-linked disinformation. These government activities occurred against the backdrop of the Great Resignation, which has caused businesses to grapple with potential threats posed by departing employees. 

Here are ITPro Today’s top 10 articles about compliance and risk management in 2022.

1. Uber’s Former Security Chief Convicted of Data Hack Coverup

Former Uber Technologies security chief Joe Sullivan was convicted of covering up a large data breach from 2016. The trial unearth a series of other scandals that took place at Uber.  

2. State Department Announces Bureau of Cyberspace and Digital Policy

The U.S. State Department launched the Bureau of Cyberspace and Digital Policy in April. The initiative spoke to the growing importance of cybersecurity in national policy, economy, and defense. 

Further Reading: Wall Street Banks Quietly Test Cyber Defenses at Treasury’s Direction

3. Why Providers Are Retooling Cybersecurity Awareness Training

Cybersecurity awareness training is commonplace in today’s workplace, but many employees struggle to retain crucial information. IT leaders have opted for a fresh approaches.

Further Reading: Information Security Fundamentals Every IT Pro Should Know

4. Top U.S. Websites Run Afoul of European Data Privacy Law

Research from regulatory compliance technology provider Zendata found that leading U.S. websites did not comply with the EU’s General Data Protection Regulation. Find out how these websites miss the mark and the potential ramifications of noncompliance. 

5. UK to Force Internet Companies to Curb Foreign ‘Disinformation’

The UK in July said its Online Safety Law will requires owners of social media and search engine apps to screen content for state-linked disinformation.

Further Reading: Canada Proposes New Rules to Protect Personal Information

6. Walmart Security Chief Criticizes Data Breach Prevention Strategies

When it comes to data breach prevention, the onus is often put on cybersecurity awareness training and the actions of individual employees. Walmart’s chief security architect argues that the solution must come from a larger cultural change. 

interop_human_security_engineering_model_winkler_0_0

7. White House Unveils Cybersecurity Strategy to Keep IoT Devices Safe

The White House introduced many cybersecurity initiatives this year, among them a labeling system for commonly used IoT devices. The system rates devices for resiliency against cybersecurity threats. 

Further Reading: How To Get Started With IoT Device Security

8. 4 Types of Insider Threats Every IT Pro Should Know

While most security is focused on outside attackers, it’s important to acknowledge that some threats come from inside an organization. This article lays out four common insider threats and how companies can address them.

Further Reading: Insider Threat Prevention Best Practices for the Remote Work Era

9. Digital ID Technology Promises Stronger Security

The password still reigns supreme as the primary method for verifying identities online. Info-Tech Research Group analyst Ian Mulholland explains the future of digital ID technology. 

Further Reading: How Kroger Consolidated Its IAM Tools

10. Great Resignation Sparks Insider Risk Management Concerns

The Great Resignation has seen a record number of employees leaving their jobs, and, as a result, has raised cybersecurity concerns about departing employees. Can business executives and security pros work together to mitigate insider risks?

Further Reading: IT Burnout, Budget Cuts Concern Tech Leaders Heading into 2023

What are your predictions about compliance and risk management in 2023? Share your predictions in the comments!