While regulatory compliance is valuable and necessary for enterprises, cyberthreat experts say a compliance-centric security strategy may leave organizations with few resources to ward off emerging cyberthreats.
Regulatory compliance is a necessity for nearly all organizations, but security industry experts say enterprise security programs consumed by compliance may risk falling behind the fast-paced world of cyberthreats.
Wednesday during a panel discussion at the 2015 SecureWorld Boston conference, a number of vendors spoke about the state of emerging threats, including "typosquatting" URLs taking users to malware-laden websites, domain shadowing, shadow IT and mobile malware. Yet all the panelists emphasized how regulatory compliance may have a negative effect on security, specifically in terms of how quickly security can adapt to threats.
Thomas Bain, vice president of marketing and security strategy for Waltham, Mass.-based security vendor CounterTack Inc., noted that regulatory compliance can serve as a mechanism to augment an information security budget, but that compliance processes should be seen as a solid foundation for a security program rather than an answer to all of an organization's security concerns.
"Compliance is a good way to get a security product into a budget," said Bain, "but compliance mandates don't tend to be prescriptive; it's more about having a framework."