How businesses can protect their most valuable asset this Data Privacy Day and beyondhttps://cybersecureforum.co.uk/wp-content/uploads/2024/01/privacy-jason-dent-JFk0dVyvdvw-unsplash.jpg 960 640 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/81af0597d5c9bfe2231f1397b411745a?s=96&d=mm&r=g
With last weekend marking the 18th Data Privacy Day, we sat down with some of the industry’s experts to find out more about why this event is still so important and how organisations can get one step ahead when it comes to protecting their increasingly precious data. Here’s what they had to say…
Samir Desai, Vice President at GTT
“This year’s Data Privacy Day provides us with yet another reminder of just how important it is for businesses to protect their most valuable asset. However, this is something that, unfortunately, has also never been more difficult.
“The rapid adoption of cloud computing, IoT/IIoT, mobile devices and remote work has increased both the size and complexity of the networking landscape and cybercriminals are taking advantage of this. Alongside common threats – such as phishing – businesses today must defend against a whole new host of potential risks, such as how generative AI can potentially super-charge phishing attempts by making it easier and faster for bad actors to craft convincing content.
“To ensure data security for cloud-based apps while still providing reliable connectivity for hybrid workplaces and remote workers, the modern enterprise needs to invest in the right solutions. This may require further collaboration with managed security and service partners to identify and implement the right technologies to protect the ever-expanding perimeter.
“For example, a Zero-trust networking approach which also combines network security and software-defined connectivity into a single cloud-based service experience, could be transformative. It’s ‘always-on’ security capabilities means that data is protected, regardless of where resources or end-users reside across the enterprise environment.”
Ajay Bhatia, Global VP & GM of Data Compliance and Governance, Veritas
“Ironically, Data Privacy Day is a reminder that data privacy isn’t something a business can achieve in a single day at all. Far from that, it’s a continual process that requires vigilance 24/7/365. Top of mind this year is the impact artificial intelligence (AI) is having on data privacy. AI-powered data management can help improve data privacy and associated regulatory compliance, yet bad actors are using generative AI (GenAI) to create more sophisticated attacks. GenAI is also making employees more efficient, but it needs guardrails to help prevent accidentally leaking sensitive information. Considering these and other developments, data privacy in 2024 is more important than ever.”
Martin Hodgson, Director Northern Europe at Paessler AG
“As our reliance on data continues to grow, protecting it and ensuring the only those who we trust have access to it has never been more important.
“Many businesses assume their IT infrastructure is sufficiently protected by a reliable firewall and an up-to-date virus scanner. However, cyber criminals are continually developing more sophisticated methods of accessing company systems and getting hold of sensitive data. Some of these methods – such as trojans – will often only be recognised when it’s already too late.
“In order to get ahead and avoid the financial and reputational losses associated with such attacks, businesses need to invest in comprehensive security approaches which protect the entire infrastructure. Realtime IT Documentation alongside a network monitoring system – which enables a business to keep track of all devices and systems, regardless of location – can help to spot the early warnings signs of an attack and enable business to get on the front foot when it comes to protecting their increasingly valuable data.”
Mike Loukides, Vice President of Emerging Tech at O’Reilly:
“How do you protect your data from AI? After all, people type all sorts of things into their ChatGPT prompts. What happens after they hit “send”?
“It’s very hard to say. While criminals haven’t yet taken a significant interest in stealing data through AI, the important word is “yet.” Cybercriminals have certainly noticed that AI is becoming more and more entrenched in our corporate landscapes. AI models have huge vulnerabilities, and those vulnerabilities are very difficult (perhaps impossible) to fix. If you upload your business plan or your company financials to ChatGPT to work on a report, is there a chance that they will “escape” to a hostile attacker? Unfortunately, yes. That chance isn’t large, but it’s not zero.
“So here are a few quick guidelines to be safe:
- Read the fine print of your AI provider’s policies. OpenAI claims that they will not use enterprise customers’ data to train their models. That doesn’t protect you from hostile attacks that might leak your data, but it’s a big step forward. Other providers will eventually be forced to offer similar protections.
- Don’t say anything to an AI that you wouldn’t want leaked. In the early days of the Internet, we said “don’t say anything online that you wouldn’t say in public.” That rule still applies on the Web, and it definitely applies to AI.
- Understand that there are alternatives to the big AI-as-a-service providers (OpenAI, Microsoft, Google, and a few others). It’s possible to run several open source models entirely on your laptop; no cloud, no Internet required once you’ve downloaded the software. The performance of these models isn’t quite the equal of the latest GPT, but it’s impressive. Llamafile is the easiest way to run a model locally. Give it a try
“I’m not suggesting that anyone refrain from using AI. So far, the chances of your private data escaping are small. But it is a risk. Understand the risk, and act accordingly.”
Attila Török, Chief Security Officer at GoTo:
“As new ways of working and engaging with tech continue to expand the vulnerability landscape and create new pathways for hackers, you’d be hard-pressed to find an IT leader whose number one concern wasn’t cybersecurity.
“Bolstering cyber hygiene to stave off threats and protect sensitive data is a top agenda item, especially in a working world where hybrid, dispersed and remote-centric teams are commonplace. In “2024 businesses should be firing on all cylinders to scale up employee security, utilise zero trust products, continue to enforce a strong acceptable use policy (AUP), and move toward passwordless authentication. These are simple yet powerful ways we can improve and modernise current practices to ensure that cyber threats can’t breach company systems.
“Cybersecurity is a top priority for all businesses—small and large. CTOs, working with CISOs, are responsible for protecting their business, customers, and employees from cyberattacks and data breaches. In 2024, CTOs must continue implementing robust security measures and invest in new cybersecurity technologies, including zero-trust architectures (ZTAs).”
Keiron Holyome, VP UKI and Emerging markets, BlackBerry Cybersecurity
“AI continues to be a game-changer in data privacy and protection for businesses as well as individuals. We have entered a phase where AI opens a powerful new armoury for those seeking to defend data. When trained to predict and protect, it is cybersecurity’s most commanding advantage. But it also equips those with malicious intent. Its large scale data collection in generative business and consumer applications raises valid concerns for data and communication privacy and protection that users need to be alert to and mitigate.
“A big question at the moment is how legislation can be pervasive enough to offer peace of mind and protection against the growing generative AI threats against data privacy, while not hindering those with responsibility for keeping data safe. BlackBerry’s research found that 92% of IT professionals believe governments have a responsibility to regulate advanced technologies, such as ChatGPT…though many will acknowledge that even the most watertight legislation can’t change reality. That is, as the maturity of AI technologies and the hackers’ experience of putting it to work progress, it will get more and more difficult for organisations and institutions to raise their defences without using AI in their protective strategies.”