Insights

January 24, 2025

Changing Regulations: How to Navigate The Changing Political Winds of Cybersecurity

How to Navigate The Changing Political Winds of Cybersecurity


Written by: Aaron Pries, Technology Consultant

Keeping up to date in today's fast-paced and hyperconnected world of technology feels like an impossible task. To make things more challenging, major revolutions in governmental regulations seem to occur almost every four years. Initially, we at Xamin planned to write an article about Biden's executive order to bolster cybersecurity in the United States. However, as of January 21st, it's unclear whether this executive order is still in place, as it was removed from the White House website. Compounding this confusion is news of the Trump Administration reportedly rescinding virtually all executive orders previously issued by Biden.

Adding to the complexity, a letter was sent to the Department of Homeland Security (DHS) indicating that all acting advisory boards, including the Cyber Safety Review Board (CSRB), are under review. The CSRB was actively investigating state-sponsored cyber threats against the United States, including "Salt-Typhoon," a Chinese state-sponsored hacking group responsible for breaches in at least nine telecommunications networks over recent months.

What Does This All Mean?

Regardless of the latest developments in politics and cybersecurity, one thing remains resoundingly clear: It’s better to overprepare your security than to underestimate the risks. How can organizations achieve this? By adopting one of the many cybersecurity frameworks that the U.S. Government has developed to advise and bolster cybersecurity infrastructure.

The National Institute of Standards and Technology (NIST) has published its widely recognized Cybersecurity Framework (NIST CSF) to provide organizations with a structured, flexible, and risk-based approach to improving cybersecurity and managing corporate risk. Many industries are required to follow and report on NIST CSF compliance. However, far too many companies still fail to utilize NIST guidelines or frameworks because they are not mandated by law. Instead, they rely on a patchwork of basic tools such as multifactor authentication, password policies, and antivirus software—an approach that’s akin to "winging it."

Client Stories: Beyond the "Checkbox" Solutions

A few years ago, we were approached by a prospect in urgent need of cybersecurity assistance for their company. They sought us out specifically because of our extensive experience in the financial and banking sectors—industries known for their rigorous regulatory requirements. Although this client wasn’t in a highly regulated field, they wanted to hold their organization to the same high standards as the banks in their region.

Their frustration stemmed from the prevalence of "checkbox solutions" in their industry. These solutions involved companies performing surface-level assessments, minimally inspecting infrastructure, and issuing generic "all-clear" reports. This approach was insufficient for them. They needed a partner who would dig deeper and provide a comprehensive evaluation of their cybersecurity posture.

When we engaged with them, we brought our meticulous approach to the table, conducting our signature 137-point cybersecurity assessment. This thorough review covered every aspect of their infrastructure, identified vulnerabilities, and pinpointed inefficiencies. The findings revealed two decades of suboptimal practices, overlooked vulnerabilities, and even spending inefficiencies that had gone unnoticed.

The client was thrilled with the level of detail and care we put into our work. By addressing the underlying issues and implementing sustainable solutions, we not only improved their cybersecurity but also helped them achieve the level of scrutiny and security they aspired to—matching the standards of highly regulated industries. This partnership reinforced the value of going beyond checkbox compliance and delivering tailored, meaningful results.

Conclusion: Shoot First Ask Later

No matter how small or unregulated your industry may be, it’s a smart strategy to maintain robust risk management practices using a reputable cybersecurity framework. Doing so not only ensures you are sufficiently covered with effective risk controls and helps visualize vulnerabilities but also prepares your organization for the inevitable tightening of security regulations that may eventually fall into your lap as politics evolve and the cybersecurity landscape continues to change. Proactive adoption of these frameworks positions your business to adapt and thrive, no matter what challenges lie ahead.

Connect with Xamin