December 7, 2023

New Rules on Cybersecurity Reporting Come Into Force Next Week—Are Your Defenses Fit for Purpose?

CrowdStrike CEO George Kurtz was recently interviewed on CNBC. He declared that instances of cybercrime instigated by organized criminal gangs have been “rampant” this year, a result of hostile nation states launching an increasing number of attacks and the rise of “dark AI” being used to exploit new vulnerabilities at great speed.


  • We agree that use of AI allows attackers to quickly iterate the behaviors of their attacks allowing them to become polymorphic. This is a challenge for cloud-based Next-Generation Antivirus (NGAV) approaches, which must detect each pattern in the wild and generate a specific Indicator of Compromise (IOC) so it can be identified on the endpoint and a block sent down to each device. The time lag here can range from days to weeks, ample time for further attacks to overwhelm the ability to keep up.

  • It’s clear that the old way of doing things – continuously patching to keep up to date with the latest threats – won’t cut it in this new era. It can take cybersecurity vendors six months to make patches available, leaving everyone exposed for long periods.


Kurtz also noted that the new SEC reporting requirements on cyber incidents were forcing companies to reveal the financial impact of the problem in company filings.


  • The new SEC rules come into force next week, though companies are already reporting. An intrusion or data breach must trigger an 8K filing within four days of detection if it is deemed to have a material impact on the stock price in the eyes of investors. Executives and Board members are personally on the hook to ensure that the rules are followed.

  • But how will you determine if a breach is “material” or not? This is where we can help. We have the tools to detect whether your critical assets have been compromised and whether or not the successful attack requires disclosure via an 8K filing.  


Bottom line: Companies and government institutions responsible for the nation’s critical infrastructure cannot risk cybersecurity defenses that are not fit for purpose.


The need to protect critical device applications from this new wave of cyberthreats and intrusion techniques is one reason why our AZT PROTECT solution is being adopted by companies across multiple industry sectors – plus major intelligence agencies. This AI-powered solution shields critical devices from the full range of cyberthreats and intrusion techniques, both known and unknown, without the need for constant security patching.


Learn more about AZT PROTECT

To arrange a consult with one of our cybersecurity experts, please contact us at

Tags: cyber attack, cybersecurity, data protection