As a previous director of Federal Network Security (FNS) for the National Cyber Security Division of the Department of Homeland Security, I am highly sensitive to the great regulatory compliance struggle facing businesses and organizations. From NIST 800-171, NIST 800-53, ICS 500-27, SOX, HIPAA, FedRAMP, PCI DSS, and most recently, CMMC, the onslaught of new and future cybersecurity requirements are centered around private sector players making a serious and concerted effort to shore up the security of sensitive data. In 2023, new requirements will all but force federal contractors to transform compliance in an effort to ensure better visibility of cyber postures across the defense industrial base (DIB) and protect controlled unclassified information (CUI) shared by the DoD from breaches.
What does this mean? To start, gone are the days of the ‘fire-and-forget-until-audit’ model of control implementation. Control deficiencies identified during audits will no longer be allowed to persist indefinitely and deadlines will be enforced. In other words, security compliance is getting real, as are demands for more transparency, greater oversight, and personal accountability for company officials.
In 2022, we saw the continued growth and increasing complexity of the cyber threat landscape, as well as steady cadence of well-known brands at the center or major breach headlines and lawsuits. The U.S. also managed to retain its number one global ranking for the highest average total cost of a data breach at $9.44 million. Our advice to customers is to view data breaches as inevitable, but to get to work controlling what you can: defenses, assets, and the ability to contain and minimize impact when incidents do occur.
This past year, we partnered with more universities, federal contractors, and large enterprises than ever before to transform their compliance practice from a stodgy, paper-based, knee-jerk, box checking exercise to a continuous control monitoring and risk management function that automates the task of achieving, maintaining, and credibly demonstrating compliance.
Recently, in November, Qmulos was selected to the Deloitte Technology Fast 500™, a ranking of the 500 fastest-growing tech companies in North America, for its pioneering approach to next-gen compliance. The ability to analyze data from any source in real time to identify compliance gaps and flag potential security weaknesses really is a game changer for keeping organizations fully protected. We are immensely grateful for the recognition!
I am also happy to share that Qmulos has added three new senior executives to our leadership team in the last four months: Nick Jovanovic, Chief Revenue Officer; Theresa Feraren, Vice President of Marketing; and Russ Odom, Chief Financial Officer. Thank you to our customers, partners, and investors for supporting our momentum in 2022.
Cheers to a healthy, happy and secure 2023, and to showing the world just how important – and cool – compliance can truly be.