Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/25/2012
02:14 PM
50%
50%

We've Got Regulatory Fatigue

Many organizations are worn out by ever-changing laws and regulations

Thinking back to my college days and the grind to get through finals each term, I recall how I would typically get to a point where I'd think, "It doesn't matter what grade I get -- I just want this to be over." Of course, I did care about my grades. But I also occasionally experienced a genuine mental and physical fatigue. In the end, I would suck it up and push through the exhaustion each term, rest during the break, and repeat.

By successfully repeating enough of these cycles, I was awarded my degree. As much as I enjoyed school, I was honestly ready to move onto work and leave school behind when I graduated. I had academic fatigue. It was time to start the next phase of my life, beginning a career and learning new things in new ways.

As I work with our clients and talk with business peers about their clients, it has become clear that most organizations suffer from a similar kind of fatigue: regulatory fatigue. The ever-changing and constantly growing list of laws and regulations that may apply to an organization is not only a financial tax on the business. If not handled well, then it can be an emotional burden, too.

Think about it. What happens when we become mentally fatigued? Many things, including loss of focus, struggles to set appropriate priorities, and even apathy of what is required of us sets in.

I've had clients with regulatory fatigue tell me flat out, "I know compliance is important, but at some point I can't spend any more time and money on compliance. I've got a business to run, and if the business fails, it won't matter whether we are compliant."

As a business owner, I get what they are saying, but I also think they miss a bigger point. What concerns me most when I hear this type of comment are the two common mistakes I believe this attitude reflects. The first is the mistaken belief that compliance tasks by definition are overwhelming -- a single massive project that takes over a business. The second mistake is when a leader mentally shuts down any consideration of practical options. With only two mistakes, a business leader can create an extremely dangerous situation for the organization.

I often say you should never argue with people who know they are right. It is pointless and wastes everyone's time. Fatigued business or technical leaders who have made these two classic mistakes about compliance don't want to hear any more about it. They're more than simply tired -- they are also tired of hearing about it. Getting the point across about both the importance and benefits of smart compliance can be difficult at best in these circumstances, and sometimes even impossible.

Despite the difficulty in breaking through this regulatory fatigue, it is important to stress that compliance does not have to beat down your operations to the point of mental or financial exhaustion. The key to avoiding regulatory fatigue is using a methodical, practical approach. Integrate compliance into your routine operations, rather than treating it as a heavy add-on. Focus on a culture of security and compliance, not an oppression of your team with rules and complex tasks. Use compliance efforts to improve your business in every area, not only one or two.

Despite my occasional intellectual fatigue years ago in school, I've embraced a personal philosophy of deliberately learning something every day. We can break through, or altogether avoid, fatigue and be better business people and better organizations when we do.

Glenn S. Phillips, the president of Forte' Incorporated, works with business leaders who want to leverage technology and understand the often hidden risks within. He is the author of the book Nerd-to-English, and you can find him on Twitter at @NerdToEnglish.

Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
byoder911
50%
50%
byoder911,
User Rank: Apprentice
7/27/2012 | 10:23:12 PM
re: We've Got Regulatory Fatigue
I agree that the avalanche of regulations is making people just give up on trying to comply with them all, and I agree that it is a big problem. -What I don't agree with is that our only choice is to ignore the laws and hope that nobody notices (and usually nobody will...if you imagine that it is mind-numbingly difficult to comply with this complex web of laws for one company, imagine what it would be like to try to know whether any of millions of businesses out there is complying with all of them, -it's an impossible task) or to obey meticulously. -

The only way they can get away with all of this abuse is with our cooperation to police ourselves. -Why exactly should we allow ourselves to be bullied by these idiots? -Why not fight them instead? -We can fight them by ignoring them to some degree, but we can fight them by political means too, by for example hiring lobbyists and conducting public educational campaigns about how damaging these things are, and we can fight them by denouncing them as what they are...violations of our right to be left alone when we aren't hurting anybody. -If we don't stand up for our rights who will?
jputman381
50%
50%
jputman381,
User Rank: Apprentice
7/31/2012 | 4:57:16 PM
re: We've Got Regulatory Fatigue
These "bullies" don't just sit around dreaming about "how can we make life miserable for business".- They are generally reacting (after much prodding by the aggrieved!) to horrible holes and atrocious abuses that have made (and have the potential to make) MANY more people's lives miserable.- If no one ever murdered (or planned to murder) anyone, then we wouldn't have "regulations" against murder.- To be sure, some regulations can seem heavy handed or could be ill informed and poorly executed / drafted ... but perhaps no more so than the behaviors, decisions, and events that lead to the regulations being contemplated in the first place.-

As for the "right to be left alone", would that not extend to everyone?- Or is it the only for the privileged few!?- So that for instance, information about consumers would have to be purged (so it could never be leaked or stolen) based on their "right to be left alone".-

But perhaps it is time to ban the EULA's that have so far shielded some products from the warranty obligations they should at least by now rightly assume (no one can any longer with a straight face honestly claim that software and data processing are too nascent as businesses to bear up under the warranty laws and liability exposure under which all other products exist!).- In which case, sure - let's quash those EULAs and simultaneously dispense with most regulations - letting the legal gunslingers battle it out in the courts (without artificial liability and class action restrictions).
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVE-2020-15008
PUBLISHED: 2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...