Kennedy estaba nervioso al filmar la escena de las reglas, porque se dio cuenta de lo importante que era para los temas principales de la película, la obsesión mediática. Craven sintió que la actuación de Kennedy fue bastante buena en la primera toma, pero eso no fue lo suficientemente bueno para Kennedy, ya que sintió que podría haberlo hecho mejor. Kennedy pidió una segunda toma, lo que debió parecer un gran favor por parte de un actor de unos 20 años con pocos créditos cinematográficos. Kennedy recuerda la solicitud:
“Lo hice una vez y a Wes le gustó. Dijo: 'Creo que lo entendí'. Yo dije: 'Oh, hombre, realmente me encantaría otra toma'”. Wes dijo: “¿Estás seguro?”. Y yo dije: “Sí, creo… Hay más que puedo hacer”. Así que hice una segunda toma, y Wes dejó que la cámara rodara, y luego hice una tercera toma. Y luego Wes dijo: 'Corta,'. Genial, imprime.' Wes dijo: '¿Cómo te sientes?' Y yo dije: 'Me siento bien'. Y él dijo: “Bueno, quiero decirte que probablemente voy a usar la tercera inyección”.
El tercer plano es el que vio el público en el montaje final de la película. ¿La lección aquí? Craven se lo explicó claramente a Kennedy. El actor recuerda:
“Nunca tengas miedo de pedir otra toma”, dice, “confía siempre en tus instintos”. Esa fue una gran lección para mí: no tener miedo. Esta escena realmente me ha ayudado a lo largo de mi carrera. Nunca tuve miedo de pedir otra toma, consultar con el director realmente me ayudó con eso.
El pobre Randy, desafortunadamente, fue asesinado por… Un nuevo asesino en la película “Scream 2” de 1997. Aunque pudo aparecer en “Scream 3” gracias a un mensaje pregrabado enviado antes de su muerte. Conocer las reglas no pudo salvarlo.
Continuing the long American tradition of wealthy corporate overlords making union-busting comments, Amazon CEO Andy Jassy went on a media blitz in 2022 to warn of the workplace-altering terrors of labor unions. (Surely, it’s an unfortunate happenstance that his urgent PSA coincided with an uptick in organizing efforts at Amazon.) Sadly for Mr. Jassy, the US still has a National Labor Relations Board (NLRB), and CNBCreports that the board ruled Wednesday that his anti-union comments broke federal labor laws.
Jassy popped up on CNBC in April 2022 to say that if employees voted for and joined a union, they would become less empowered and could expect things to become “much slower” and “more bureaucratic.” In an interview with Bloomberg, he added, “If you see something on the line that you think could be better for your team or you or your customers, you can’t just go to your manager and say, ‘Let’s change it.’”
He capped off his union-busting trifecta at The New York Times DealBook conference, where the CEO said that a workplace without unions isn’t “bureaucratic, it’s not slow.”
NLRB Judge Brian Gee said Jassy violated labor laws by suggesting employees would be less empowered or “better off” without a union. However, Gee said the CEO’s other comments about worker-employer relationships changing were lawful. According to the judge, the difference is that the more aggressive quotes “went beyond merely commenting on the employee-employer relationship.”
Gee added that the comments “threatened employees that, if they selected a union, they would become less empowered and find it harder to get things done quickly.” The judge recommends that Amazon “cease and desist” from making similar comments in the future. The company is also required to post and share a note about the judge’s order with all of its US employees.
In December, Jassy’s Amazon shares were valued at $328 million, making him one of America’s wealthiest CEOs.
In a statement to CNBC, an Amazon spokesperson said the judge’s ruling “reflects poorly on the state of free speech rights today.” Because, hey, what kind of free country do we even have if a retail magnate can’t tell low-income workers scary bedtime stories about the perils of voting to empower themselves in the workplace?
TikTok appears to be quietly showing some users an option to purchase “coins” on the web instead of through in-app purchases, circumventing the commission that Apple receives on digital purchases.
As noted by David Tesler (via TechCrunch) TikTok has been offering a limited number of TikTok app users an option to purchase coins on TikTok.com instead of in the app. “Try recharging on tiktok.com to avoid in-app service fees,” reads the text. “You can save the service fee and get access to popular payment methods.”
TikTok might get banned from the app store next week
Why? It looks like they’re circumventing apple fee by directing users to purchase coins via external payment methods pic.twitter.com/VG8ihvsRmv
— David Tesler (@getdavenow) April 30, 2024
Following through and opting to purchase from TikTok.com brings up an interface for using payment options such as PayPal or a credit/debit card. “Save around 25% with a lower third-party service fee,” the app suggests. The purchase workflow can be completed entirely in the TikTok app with no requirement to use in-app purchase.
TikTok’s coins are used as a way for users to provide “Gifts” to creators. Users pay real money for a certain number of coins, and those coins are used for little gift emoji that can be provided to creators. TikTok says that gifts are used to determine the number of “diamonds” awarded to content creators, and diamonds can be redeemed for money. A TikTok coin is worth about half a diamond, and 100 diamonds is worth 50 cents, so TikTok is collecting quite a bit of money during the conversion.
Apple requires in-app purchase to be used for digital goods and services, and TikTok’s “coins” presumably count as a digital good. If TikTok is indeed offering customers a way to purchase coins without in-app purchase as suggested by the screenshots from Tesler, then TikTok is breaking Apple’s App Store rules.
TikTok coins would likely be considered tips, and Apple has forced other major social networks like Facebook to use in-app purchase for a creator tipping feature. What TikTok is doing is actually similar to the direct purchase options that Epic Games added to the Fortnite app back in 2020, a move that ultimately led to the banning of the Fortnite app and a multi-year legal battle.
Most TikTok users are only able to purchase coins through the in-app purchase interface, and the option to purchase direct from TikTok with a credit or debit card is allegedly a feature showing up only for a small number of users. The option is perhaps being limited to those who have spent a lot of money on coins in the past.
EU antitrust officials on Monday identified iPadOS, Apple’s operating system for iPads, as a significant digital gatekeeper under the EU’s new tech regulations, which carry strict requirements to promote fair competition and expand options for consumers.
The European Commission concluded that iPadOS plays a crucial role for business users accessing the market and that Apple holds a significant and sustained market position. The Commission has given Apple a six-month deadline to fully comply with the obligations set by the Digital Markets Act (DMA).
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the “biggest” update in the iPhone’s history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more….
There are widespread reports of Apple users being locked out of their Apple ID overnight for no apparent reason, requiring a password reset before they can log in again. Users say the sudden inexplicable Apple ID sign-out is occurring across multiple devices. When they attempt to sign in again they are locked out of their account and asked to reset their password in order to regain access. …
Apple used to regularly increase the base memory of its Macs up until 2011, the same year Tim Cook was appointed CEO, charts posted on Mastodon by David Schaub show. Earlier this year, Schaub generated two charts: One showing the base memory capacities of Apple’s all-in-one Macs from 1984 onwards, and a second depicting Apple’s consumer laptop base RAM from 1999 onwards. Both charts were…
On this week’s episode of The MacRumors Show, we discuss the announcement of Apple’s upcoming “Let loose” event, where the company is widely expected to announce new iPad models and accessories. Subscribe to The MacRumors Show YouTube channel for more videos Apple’s event invite shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Apple CEO Tim…
In his Power On newsletter today, Bloomberg’s Mark Gurman outlined some of the new products he expects Apple to announce at its “Let Loose” event on May 7. First, Gurman now believes there is a “strong possibility” that the upcoming iPad Pro models will be equipped with Apple’s next-generation M4 chip, rather than the M3 chip that debuted in the MacBook Pro and iMac six months ago. He said a …
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of “Let Loose” and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more …
Your wireless carrier won’t be able to throttle streaming video for much longer. Image: Fox/Cult of Mac
There’s a good chance watching video on your iPhone is about to get better. Net neutrality rules passed by the FCC this week reportedly forbid U.S. wireless carriers from lowering the quality of streaming video to throttle the amount of data its consumes.
So if you watch Apple TV+, Netflix, etc. on your iPhone, your carrier is no longer allowed to reduce the video quality.
Wireless carriers currently throttle streaming video
Wireless carriers have a limited amount of wireless bandwidth to offer their customers. When the FCC killed net neutrality in 2017, they began stretching it by throttling streaming video for some customers.
Top-tier wireless service plans might not put limits on video quality, but Verizon’s starter plan, for example, draws the line at 480p. AT&T’s low-cost plan limits video to 2 Mbps.
Those days are almost over.
Net neutrality forbids throttling streaming video
The U.S. Federal Communications Commission voted to restore net neutrality on Thursday. That means internet providers, including wireless carriers, are not allowed to single out certain types of data for special treatment.
Ryan Singel teaches about net neutrality at Stanford Law School, and he explained to Marketplace what the rule change means for mobile streaming video.
“If you go and look at the pricing plans for Verizon and AT&T and T-Mobile, if you are not on their most premium plan, the video quality you get on your mobile connection is throttled. Like you get lower quality video, regardless of how much data you have. So those kinds of things will no longer be legal and I expect that the FCC will move rather quickly to prevent that.”
Cult of Mac checked and the websites of major wireless carriers still indicate they throttle wireless video. But if Singel is correct, that’ll change once the FCC steps in to order a change.
Spotify has not been able to get Apple to approve an EU app update that added information on subscription pricing and links to the Spotify website, and it turns out that’s because Spotify has not agreed to the terms of Apple’s Music Streaming Services Entitlement.
A recent antitrust ruling from the European Commission fined Apple nearly $2 billion and mandated that Apple “remove anti-steering provisions” for music apps in the European Economic Area (EEA). As a result, Apple updated its App Store rules with a Music Streaming Services Entitlement that allows music apps in the EEA to inform users of other ways to purchase digital music content or services and to add website links for purchasing digital music subscriptions.
That might sound like a win for apps like Spotify, but Apple requires developers who use the entitlement to pay a 27 percent fee (reduced for subscriptions older than one year and for small businesses) on all website purchases referred by Apple. So if Spotify puts a link in its app and a user clicks it and subscribes, Spotify would owe Apple a 27 percent commission (three percent less than the App Store purchase fee).
Spotify does not currently pay Apple any money, and it does not want to. Directly after the European Commission’s ruling, Spotify on March 5 submitted an EU app update that had information on subscription pricing and links to its websites for customers to make purchases. This was prior to when Apple had announced its entitlement plan.
Apple ignored Spotify’s app update, and Spotify complained on March 14 that Apple had not “acknowledged or responded” to its App Store submission. Spotify at the time called on the European Commission to force Apple to approve its app update.
Apple kept ignoring Spotify’s submission, until today, when Spotify submitted a new version of its app. Spotify said on X (formerly Twitter) that the update has no links and includes just the “bare minimum” on pricing and a mention that subscriptions can be purchased from Spotify, which it claims is acceptable under the European Commission’s ruling.
Spotify left out a small detail, though. It turns out that Spotify did not request a Music Streaming Services Entitlement and did not agree to Apple’s new terms for the entitlement. The App Store Review Team sent Spotify a letter (via AppleInsider) that says the entitlement is required even though there is no link because Spotify’s submission has a call to action to purchase a Spotify subscription on its website.
We are reaching out to let you know about new information regarding your app, Spotify – Music and Podcasts, version 8.9.33.
As you may be aware, Apple created a new Music Streaming Services Entitlement (EEA) for iOS and iPadOS music streaming apps offered in EEA storefronts. The entitlement allows music streaming apps to use buttons, external links, or other calls to action to direct customers to a purchase mechanism on a website owned or controlled by the developer. You must accept its terms before adding any of these capabilities to your app. Please find more information about the entitlement here.
We note that your current submission includes a call to action to purchase a Spotify subscription on your website. As such, you must accept the terms of the Music Streaming Services Entitlement (EEA) and include the entitlement profile in your app for submission. To be clear, this entitlement is required even if your app does not include an external link (nor does it require that you offer an external link). We will, however, approve version 8.9.33 after you accept the terms of the Music Streaming Services Entitlement (EEA) and resubmit it for review.
If you have any questions about this information, please reply to this message to let us know.
Apple says that if Spotify agrees to the terms of the Music Streaming Services Entitlement, it will approve the latest Spotify app update. Without a link to the Spotify website, Spotify would presumably not have to pay Apple a commission because there would be no way for Apple to track clicks from its app to Spotify, but there may be some other part of the entitlement that Spotify is reluctant to agree to.
Apple does not plan to let Spotify include a link to the Spotify website without paying the required 27 percent fee, but adding subscription pricing information without a link does seem to be permitted per the language of Apple’s letter to Spotify.
Spotify has confirmed that it does not plan to opt in to Apple’s EU App Store business terms, which are separate from the Music Streaming Services Entitlement and are part of the changes that Apple implemented as required by the Digital Markets Act.
Because Spotify does not want to agree to the EU App Store business terms, it is limited on the features that it can add to its app in the EU. To offer the Spotify app directly from its website in the EU, Spotify would need to agree to the terms and would have to pay a 0.50 euro Core Technology Fee for users that download the app.
Spotify does not let customers sign up for a Spotify subscription in the app as of right now, so it does not have to pay anything. Web-based distribution and linking out to the Spotify website both have associated fees, and Spotify is aiming for a solution where it does not have to pay anything. Spotify’s full statement on its update, from Chief Public Affairs Officer Dustee Jenkins:
Despite Apple’s attempts to punish developers with new fees, we remain committed to giving consumers real choice in our app at no increased cost. That’s why we have submitted a new update to Apple. It features basic pricing and website information – the bare minimum outlined under the European Commission’s ruling in its music streaming case.
By charging developers for communicating with consumers through links in-app, Apple continues to break European law. It’s past time for the Commission to enforce its decision so that consumers can see real, positive benefits.
Though Spotify has a clear path to get its app update approved, the company claims that Apple is breaking European law by charging the 27 percent fee for links and it calls on the European Commission to “enforce its decision.”
The European Commission has waved through new ‘right to repair’ legislation that aims to make it easier for consumers to get their broken devices fixed, even if products are out of warranty.
The EU already requires companies to offer a two-year minimum warranty on common household appliances and electronics, such as smartphones, TVs, washing machines, and vacuum cleaners, but the new rules impose additional requirements.
According to the legislation, if a consumer chooses to have their device repaired under warranty, the warranty must be extended by a year. Consumers may also borrow a device while theirs is being repaired, and if it cannot be fixed, they have the right to opt for a refurbished unit as an alternative.
When a product’s warranty expires, companies are still required to repair devices at a “reasonable price,” so as not to intentionally discourage consumers from repairing them. Manufacturers will also be prohibited from using “hardware or software related barriers to repair,” including preventing the use of second-hand, compatible, and 3D-printed spare parts by independent repairers as long as they conform to EU laws.
Additionally, manufacturers will be unable to refuse to repair a product solely for economic reasons or because it was previously repaired by someone else. Companies will be required to publish information about their repair services, including indicative prices of the most common repairs.
“Consumers’ right to repair products will now become a reality,” said EC rapporteur René Repasi. “It will be easier and cheaper to repair instead of purchase new, expensive items. This is a significant achievement for Parliament and its commitment to empower consumers in the fight against climate change. The new legislation extends legal guarantees by 12 months when opting for repair, gives better access to spare parts and ensures easier, cheaper and faster repair.”
The legislation will come into effect after formal approval by the Council, with the directive set to activate 20 days after its publication.
Europe’s Right to Repair group welcomed the legislation, calling it “a step in the right direction,” but said “the scope of products covered remains very narrow,” and would introduce loopholes. The coalition noted that the rules only cover consumer products, and not anything purchased by businesses or industrial goods. It also criticized the lack of guidance on what constituted a “reasonable price” for spare parts.
Apple is likely to be impacted by the legislation, especially with regard to its controversial “parts pairing” requirement that prevents third-party replacements of certain device components. Currently, if an iPhone part is replaced with a like-for-like replacement by an unofficial third party, it may not be recognised by the iPhone’s system software. The wording of the new EU rules suggests this will no longer be allowed.
Meanwhile in the U.S., more than two-dozen states are working on individual right-to-repair legislation. California’s Right to Repair Act will become law this July, requiring manufacturers to make repair materials available for all electronics and appliances that cost $50 or more.
In response to customer feedback and amidst mounting scrutiny from the industry and now regulators, Broadcom CEO Hock Tan has announced a significant backpedal on the company’s pricing model.
The move comes as the European Union has initiated an investigation into complaints about the company’s pricing practices following its November 2023 acquisition of VMware.
Since then and under its new leadership, VMware’s portfolio has seen significant changes, including the termination of perpetual licenses which left a bitter taste in the mouth of many long-standing customers.
In an announcement, Tan highlighted the company’s intention to shift towards simplicity and cost-effectiveness, noting that VMware’s and its customers’ previous pricing structure was complex and costly.
Tan also acknowledged that the company’s move toward a subscription-based model had left perpetual license customers unsupported. However, in an effort to pacify disgruntled users, Broadcom has now confirmed that it will provide “free access to zero-day security patches for supported versions of vSphere,” with more products set to receive a similar treatment in time.
The CEO said that this was to recognize that “fast-moving change[s] may require more time,” indicating that customers had expressed concerns about balancing expenditures between capital and operating spending.
Still, Broadcom remains committed to transitioning VMware to a subscription-based company, claiming that work started in 2018, long after many rivals had already done so.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Besides committing to backing VMware services with “billions of dollars in new investment,” Tan also announced that VMware Cloud Foundation (VCF) would see dramatic price reductions.
A spokesperson for the European Union stated (via Reuters): “The Commission has received information suggesting that Broadcom is changing the conditions of VMware’s software licensing and support.”
Now, according to the report, EU antitrust regulators are enquiring with Broadcom about changes to newly VMware’s licensing conditions.
Of the nearly two billion people living in countries that are holding elections this year, some have already cast their ballots. Elections held in Indonesia and Pakistan in February, among other countries, offer an early glimpse of what’s in store as artificial intelligence (AI) technologies steadily intrude into the electoral arena. The emerging picture is deeply worrying, and the concerns are much broader than just misinformation or the proliferation of fake news.
As the former director of the Machine Learning, Ethics, Transparency and Accountability (META) team at Twitter (before it became X), I can attest to the massive ongoing efforts to identify and halt election-related disinformation enabled by generative AI (GAI). But uses of AI by politicians and political parties for purposes that are not overtly malicious also raise deep ethical concerns.
GAI is ushering in an era of ‘softfakes’. These are images, videos or audio clips that are doctored to make a political candidate seem more appealing. Whereas deepfakes (digitally altered visual media) and cheap fakes (low-quality altered media) are associated with malicious actors, softfakes are often made by the candidate’s campaign team itself.
How to stop AI deepfakes from sinking society — and science
In Indonesia’s presidential election, for example, winning candidate Prabowo Subianto relied heavily on GAI, creating and promoting cartoonish avatars to rebrand himself as gemoy, which means ‘cute and cuddly’. This AI-powered makeover was part of a broader attempt to appeal to younger voters and displace allegations linking him to human-rights abuses during his stint as a high-ranking army officer. The BBC dubbed him “Indonesia’s ‘cuddly grandpa’ with a bloody past”. Furthermore, clever use of deepfakes, including an AI ‘get out the vote’ virtual resurrection of Indonesia’s deceased former president Suharto by a group backing Subianto, is thought by some to have contributed to his surprising win.
Nighat Dad, the founder of the research and advocacy organization Digital Rights Foundation, based in Lahore, Pakistan, documented how candidates in Bangladesh and Pakistan used GAI in their campaigns, including AI-written articles penned under the candidate’s name. South and southeast Asian elections have been flooded with deepfake videos of candidates speaking in numerous languages, singing nostalgic songs and more — humanizing them in a way that the candidates themselves couldn’t do in reality.
What should be done? Global guidelines might be considered around the appropriate use of GAI in elections, but what should they be? There have already been some attempts. The US Federal Communications Commission, for instance, banned the use of AI-generated voices in phone calls, known as robocalls. Businesses such as Meta have launched watermarks — a label or embedded code added to an image or video — to flag manipulated media.
But these are blunt and often voluntary measures. Rules need to be put in place all along the communications pipeline — from the companies that generate AI content to the social-media platforms that distribute them.
What the EU’s tough AI law means for research and ChatGPT
Content-generation companies should take a closer look at defining how watermarks should be used. Watermarking can be as obvious as a stamp, or as complex as embedded metadata to be picked up by content distributors.
Companies that distribute content should put in place systems and resources to monitor not just misinformation, but also election-destabilizing softfakes that are released through official, candidate-endorsed channels. When candidates don’t adhere to watermarking — none of these practices are yet mandatory — social-media companies can flag and provide appropriate alerts to viewers. Media outlets can and should have clear policies on softfakes. They might, for example, allow a deepfake in which a victory speech is translated to multiple languages, but disallow deepfakes of deceased politicians supporting candidates.
Election regulatory and government bodies should closely examine the rise of companies that are engaging in the development of fake media. Text-to-speech and voice-emulation software from Eleven Labs, an AI company based in New York City, was deployed to generate robocalls that tried to dissuade voters from voting for US President Joe Biden in the New Hampshire primary elections in January, and to create the softfakes of former Pakistani prime minister Imran Khan during his 2024 campaign outreach from a prison cell. Rather than pass softfake regulation on companies, which could stifle allowable uses such as parody, I instead suggest establishing election standards on GAI use. There is a long history of laws that limit when, how and where candidates can campaign, and what they are allowed to say.
Citizens have a part to play as well. We all know that you cannot trust what you read on the Internet. Now, we must develop the reflexes to not only spot altered media, but also to avoid the emotional urge to think that candidates’ softfakes are ‘funny’ or ‘cute’. The intent of these isn’t to lie to you — they are often obviously AI generated. The goal is to make the candidate likeable.
Softfakes are already swaying elections in some of the largest democracies in the world. We would be wise to learn and adapt as the ongoing year of democracy, with some 70 elections, unfolds over the next few months.
In 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity disclosure rules. These regulations mandate the disclosure of “material” threat and breach incidents within four days of occurrence, along with annual reporting on cybersecurity risk management, strategy, and governance.
The introduction of the new SEC cybersecurity requirements represents a critical milestone in the continuous fight against cyber threats. In 2023, chief information security officers (CISOs) revealed that three out of four companies in the United States were vulnerable to a material cyberattack. Consequently, cybercrime remains one of the foremost risks confronting US-based companies. Additionally, in the same year, nearly seven out of ten organizations in the United States experienced a ransomware attack within the preceding twelve months.
Cyberattacks pose significant risks to businesses, primarily in terms of financial damage. In 2024, cybercrime is projected to cost the United States alone more than $452 billion. Additionally, the loss of sensitive data is a consequential outcome of cyberattacks. In 2023, the United States ranked third globally in the percentage of companies reporting the loss of sensitive information.
Furthermore, data compromise incidents affected approximately 422 million individuals in the country in 2022, totaling 1,802 incidents. The US is recognized among the countries with high data breach density. Beyond financial and data loss implications, businesses are also wary of reputational damage, significant downtimes, and the potential loss of current customers, all of which can affect a company’s valuation and overall standing.
William Belov
Rise of awareness
Having in mind growing risks and new SEC rules, companies are strengthening their defenses, shows a recent report by Infatica, a provider in the proxy service market. According to the company’s data, the demand for proxy services searches has jumped by 106,5% over the last year. The reason behind this trend is proxies’ ability to imitate cybersecurity attacks. Therefore, using this technology companies can test their defenses.
The growing interest in proxy servers is not limited to seeking enhanced security measures alone. Searches for “free web proxy server” have risen by 5,042.9%, indicating a widespread pursuit for accessible solutions that offer anonymity. Meanwhile, the demand for “proxy server list” and “anonymous proxy server” has also seen significant upticks of 80.6% and 414.3%, respectively, highlighting the importance of reliable and discreet online operations.
While the SEC’s cybersecurity rules primarily target publicly listed companies, many of these firms depend on smaller third-party software and supply chain providers. A cyberattack at any juncture within this chain could result in significant consequences. This is why non-public entities are compelled to bolster their defenses too.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Major gap
As businesses ramp up their activities, significant gaps remain evident. A staggering 81% of security leaders acknowledge the impact of the new rules on their businesses. However, only 54% convey confidence in their organization’s ability to comply effectively. Surprisingly, merely 2% of security leaders have initiated the process of adhering to the new rules. Approximately 33% are still in the early stages, while a striking 68% feel overwhelmed by the new disclosure requirements.
Among the myriad challenges, determining the materiality of cybersecurity incidents stands out, with 49% of respondents highlighting its complexity. Additionally, 47% struggle with enhancing their disclosure processes, further complicating compliance efforts.
Here are several advices on how to prepare for complying with SEC cybersecurity rules:
1. Consolidate your cybersecurity risk data
With the new regulations mandating the disclosure of incidents upon discovery and comprehensive reports on cybersecurity strategy quarterly and annually, organizations must prioritize centralizing cybersecurity risk assessment and incident data. Consolidating this data into a single repository, rather than scattered across spreadsheet software or lost in email inboxes, increases the likelihood of meeting SEC deadlines and reduces the time spent gathering information from different departments and stakeholders for incident disclosure.
2. Acquire cyber risk quantification capabilities
Traditionally, organizations have used qualitative methods such as ordinal lists or red-yellow-and-green severity charts to assess the significance of cybersecurity incidents or other risk events. While the SEC recommends considering these assessments for incident materiality determination, quantifying cyber risk offers a more accurate insight into the financial impact of an incident. Understanding the quantified financial impact of cyber risks enables organizations to take necessary steps to mitigate costly risks or, ideally, prevent them altogether. This approach reduces the overall volume of disclosures required.
3. Optimize your incident management processes
It’s an opportune moment to conduct a comprehensive review of your organization’s incident management processes to ensure they are proficient in identifying, addressing, and reporting cybersecurity incidents. Streamlining and refining these processes facilitate the interception of cyber risks before they escalate into significant issues and enable swift reporting when necessary.
4. Enhance your cybersecurity and cyber risk governance
Ensuring compliance with the SEC’s new regulations involves adequately informing your board of directors about your organization’s cybersecurity risk management practices. Implementing robust reporting and communication processes is essential to regularly update leadership on cyber risk management efforts and any incidents experienced by the company. Furthermore, it’s crucial to articulate how these incidents may impact or are already affecting the organization’s strategy and finances.
5. Secure your third-party relationships
The updated regulations emphasize the importance of assessing cyber risk beyond the confines of your organization. Meeting the requirements for reporting on third-party cyber risk assessment and secure vendor selection underscores the necessity of establishing an effective third-party risk management program. Indeed, supply chain attacks aimed at smaller contractors and vendors frequently rank among the primary causes of cybersecurity incidents at larger organizations.
6. Improve a cyber risk culture within your teams
Digital transformation has significantly impacted nearly every organization, particularly in the years following the COVID-19 pandemic, which accelerated the shift of work and life online. Consequently, there has been a surge in employees connecting to organizational networks from various locations and devices, significantly expanding our cybersecurity attack surfaces. This shift underscores the critical importance of fostering a culture of cybersecurity risk awareness where cybersecurity is seen as everyone’s responsibility, not just the purview of the information security team. The more awareness of the threat posed by cyber risks that an organization can instill in its members, the stronger its overall cybersecurity posture will be, reducing the time needed to disclose incidents to the SEC.
While SEC regulations pose challenges, they also present opportunities. Following rules, can decrease the cybersecurity of the companies, enhance investor confidence, attract capital investment, and contribute to long-term business sustainability.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
