When Laws Lag Behind | Value of EASM | Transformative vCISOs

👍 We hope you enjoyed your long weekend and had a great Memorial Day! (We decided to postpone this week’s issue due to the holiday.) — The Maze Editors

⚖️ Legislation and Law Enforcement Can’t Keep Up with Cybercrime

Cyberthreats are evolving, while the legal mechanisms designed to combat them remain mired in bureaucracy. The gap between the agility of cybercriminals and the sluggishness of legal response is widening, with dire consequences for victims and the broader economy. 

📖 Read the Article from NTM Advisory: When Laws Lag Behind: The Race Against Cyberthreats

🎯 EASM, Threat Intelligence, and Dark Web Monitoring are Becoming Essential 

The digital attack surface is evolving at a pace that legacy tools and approaches simply can’t match. To stay ahead, organizations must embrace a new model: one that combines attacker-centric EASM, contextual threat intelligence, and proactive dark web monitoring.

📖 Read the Article from NTM Advisory: The Value of EASM, Threat Intelligence, and Dark Web Monitoring

Compliance Updates

⏹️ FCC Moves to Ban Chinese-Owned Testing Labs from Certifying U.S. Electronics

On May 22, 2025, the Federal Communications Commission (FCC) approved a new rule aimed at closing security gaps in the U.S. consumer electronics supply chain. The order prohibits any testing laboratory owned 10% or more by entities identified as foreign adversaries. This measure comes after the FCC identified thousands of imported devices certified by labs with ties to the Chinese government or military. The new rule is expected to disrupt global testing networks, increase compliance costs, and accelerate a shift toward U.S. and allied testing facilities, with significant impacts on consumer electronics, telecom, and satellite sectors.

⏹️ States Step Up to Fill Regulatory Void Left by Federal Agencies

With the Consumer Financial Protection Bureau (CFPB) scaling back its enforcement and supervisory activities in 2025, states like New York and Pennsylvania are rapidly expanding their own consumer protection efforts. Pennsylvania has launched a centralized consumer protection hotline and is leveraging its authority under the Dodd-Frank Act to pursue federal consumer protection violations when federal agencies do not act. New York and other states are introducing legislation to strengthen state-level consumer laws, aiming to fill gaps left by reduced federal oversight. This shift means organizations must now navigate a more fragmented regulatory landscape, with state regulators accounting for 75% of all consumer protection enforcement actions and imposing significant monetary penalties so far this year

💡The Transformative Power of a vCISO

The virtual CISO (vCISO), or fractional CISO, is a flexible, cost-effective solution that gives SMBs access to top-tier security leadership and more holistic risk management. In 2025, vCISOs are becoming indispensable partners for businesses that want to thrive, not just survive, in a complex digital landscape. 

📖 Read the Article from NTM Advisory: Beyond Compliance: How vCISOs Are Transforming Risk Management for SMBs in 2025

Start learning AI in 2025

Keeping up with AI is hard – we get it!

That’s why over 1M professionals read Superhuman AI to stay ahead.

• Get daily AI news, tools, and tutorials

• Learn new AI skills you can use at work in 3 mins a day

• Become 10X more productive

Sign up and start mastering AI

👇 Free Ethics and Compliance Webinars 👇

Whistleblower Security offers a growing library of free webinars on topics including leadership, diversity, fraud, compliance, and more! If you’d like to learn more about ethical, safe workplaces with strong internal realities, this is a good place to start.

🤔 Questions or Concerns?

We’re happy to listen! Just reply to this email and we’ll be in touch!