What OP is saying is instead of having some sort of legal liability attached or outside directives being handed to them, they would rather implement on their own or push their own standards.
A notable example is SEC mandates on breach disclosures, which will most likely be dead now. Those were a major forcing function to make companies realize security is important. Otherwise, paying a ransom and doing the bare minimum to not get cut by Chubbs or AXA is the norm.
I agree with JumpCriscross on his read of this situation. It ain't great. At least I'm well off enough to weather the negative impacted by a lot of the chaos. Sucks for everyone else.
> The coordination definitely seems to be more of amzn (and similar) employees providing technical expertise to congress and regulators
It's bidirectional. CISA, FBI, and others often get intel or actively take down a botnet or offensive actor, and will percolate this information to security teams at larger organizations before percolating en masse.
For example, when this one APM/data collection tool that almost every DevOps team ik was using was pwned early last year, CISA notified CISOs days before they officially announced it in the news.
A notable example is SEC mandates on breach disclosures, which will most likely be dead now. Those were a major forcing function to make companies realize security is important. Otherwise, paying a ransom and doing the bare minimum to not get cut by Chubbs or AXA is the norm.
I agree with JumpCriscross on his read of this situation. It ain't great. At least I'm well off enough to weather the negative impacted by a lot of the chaos. Sucks for everyone else.
> The coordination definitely seems to be more of amzn (and similar) employees providing technical expertise to congress and regulators
It's bidirectional. CISA, FBI, and others often get intel or actively take down a botnet or offensive actor, and will percolate this information to security teams at larger organizations before percolating en masse.
For example, when this one APM/data collection tool that almost every DevOps team ik was using was pwned early last year, CISA notified CISOs days before they officially announced it in the news.