Cybersecurity Roundup: Bitglass, Kaspersky, Cisco-Jask, Microsoft-AttackIQ
The California Consumer Privacy Act (CCPA) is less than five months from going into effect, applying pressure on companies to ensure they are prepared to handle new strict requirements such as regulating how businesses collect, use and disclose data related to an individual.
Only 55% of companies plan to be ready by CCPA’s effective date of Jan. 1, with another 25% planning to be ready by July 1, the date California will begin enforcement actions.
California is the worst state for data breaches, suffering nearly 1,500 in the last 10 years and exposing nearly 5.6 billion records, so it’s no surprise that the state is implementing one of the strictest privacy acts.
To find out more about CCPA and how to prepare for compliance, we spoke with Jacob Serpa, senior product marketing manager at Bitglass, a next-generation cloud access security broker (CASB) provider.
Channel Futures: Does the CCPA create challenges/opportunities for MSSPs and other cybersecurity providers? Can you give some examples?
Jacob Serpa: As we’ve seen previously with the General Data Protection Regulation (GDPR), requirements for regulations can initially be somewhat unclear. As CCPA becomes more refined over time, some cybersecurity providers may find it challenging to keep pace with its updated requirements. Consequently, organizations that rely upon such vendors are likely to find themselves to be noncompliant fairly quickly.
As the requirements evolve, MSSPs have the responsibility to ensure that they are providing their customers with security that protects against the threats of both today and tomorrow. Cybersecurity providers must ensure that they are providing customers with the most advanced solutions; however, not every vendor is able to equip themselves with proactive security tools that can adapt to evolving threats and prevent leaks and breaches in real time.
CF: What are some of the biggest hurdles preventing companies from becoming compliant?
JS: While companies need to reserve funds for general IT purposes, they must also invest in cybersecurity tools that can protect their data — which will prevent even larger costs associated with security breaches. Recently, British Airways was given a $230 million fine for not complying with GDPR. Fines like this can be catastrophic for many organizations; as such, it is essential for companies to have the proper tools and strategies in place so that they can defend against breaches and comply with regulations. Unfortunately, barriers to maintaining cloud security still plague many organizations; for example, justifying additional security spend despite large sunk costs associated with prior investments in on-premises security.
CF: If an organization is in compliance with GDPR, are they almost there in terms of compliance with California’s law?
JS: All regulations are different and must be analyzed separately. While GDPR and CCPA are both designed to keep consumer data secure, there will inevitably be differences. Additionally, companies should not aim to do the bare minimum to be compliant with regulations; instead, they must ensure that they are doing everything they can to attain the maximum level of data security.
CF: Are there options for organizations that don’t make the deadline for compliance?
JS: There is a six-month grace period for CCPA, meaning that enforcement actions cannot be taken until July 1, 2020; however, organizations should still try to meet that deadline, as fines include …