29 January 2024
In today's tech-driven age, our digital footprint shapes our lives profoundly. With every click, share, and transaction, we contribute to a vast web of data that intertwine our personal and professional worlds. Amid this digital revolution, the importance of safeguarding our data and privacy has never been more crucial.
On this Data Privacy Day 2024, we delve into the world of data protection, gathering insights from tech and security experts. In a world where our online and offline lives merge seamlessly, ‘take control of your data’ isn't just a catchphrase; it's a call to action for all.
Exploring the challenges and threats to data privacy in the digital age
Reflecting on the challenges and risks related to data privacy in 2024, Will LaSala, field CTO, OneSpan says, “in today's digital world, data sharing has grown complex, often without user awareness of its use. Technological advancements like AI freely use data, exposing it to security risks. Embracing individual data management and tools like digital wallets can enhance sensitive information security.”
Discussing the risks associated with GenAI and data privacy, Gerry Grealish, VP of marketing at Cradlepoint, part of Ericsson, comments, “while GenAI websites boost productivity they require proactive risk management. Inputting data, including source code, sensitive info, and PII, can lead to leaks. Large Language Models, trained on the internet, may produce harmful content, leading to misinformation and legal concerns if unchecked. Generative AI Data Loss Prevention, offers a solution for harnessing GenAI’s potential while safeguarding against data loss, malware threats, and compliance challenges.”
Building the importance of data privacy especially in the context of AI, Sebastian Schmerl, regional vice president, security services EMEA, Arctic Wolf, notes, “AI is a challenge and an opportunity for data protection. Cyber criminals have been using it to generate phishing emails personalised to recipients. The success of these attacks is why the EU AI Act stipulates that developers, providers and operators of AI systems embed data protection and privacy in the conception, operation and management of new products and services."
Discussing the significance of data protection and the need for testing to avoid data breaches, Sohail Iqbal, VP and CISO at Veracode, says, “applications have become primary targets for cybercriminals seeking to steal data. Code flaws at the core of these applications pose a significant risk. Testing and data security measures are critical to reduce the risk of damaging breaches and protect sensitive information.”
Patrick Harding, chief product architect, Ping Identity stresses transparency, trust, and ethical data management for customers: “customers want to know their data is being protected and not exploited. Currently, only 10% fully trust organizations with their identity data. It’s up to organisations to prioritise transparent data management through clear opt-in/out options to build trust and reduce privacy law compliance for enterprises.”
Highlighting the ethical aspects of data management and data protection, Kevin Macnish, head of ethics and sustainability consulting, Sopra Steria continues, “recent research shows 75% of UK citizens want stronger data protection beyond legal compliance. With governing bodies emphasising the fusion of data protection and ethics, privacy goes beyond solely securing data; it calls for organisations to integrate ethical data management to address broader issues than just biased data. Ethical data practices are not just morally right but also beneficial for business.”
Unveiling the complex web of cybersecurity challenges and solutions
Discussing Identity threats, credential stuffing attacks, and the need for cybersecurity measures, Sander Vinberg, senior threat researcher, F5 Labs says, “malicious actors seek to compromise consumers’ digital identities and steal sensitive information. F5 Labs' Identity Threat Report highlights a concerning prevalence of credential stuffing attacks, especially concerning telecommunication and technology sectors. Deploying anti-bot tools and cryptography-based MFA is essential to thwart cyber-attacks and enhance customer data protection.”
Nick Walker, EMEA regional leader, NetSPI highlights privacy regulations, social engineering attacks, and the importance of security education. “Privacy regulations like GDPR, HIPAA, FERPA and CPRA exist, but the proliferation of social engineering attacks like vishing and deepfakes makes employees and consumers particularly vulnerable to hackers, underscoring the need for robust security education. Regular penetration testing helps organisations spot vulnerabilities from infrastructure, software, or hardware changes."
Talking about stricter cybersecurity practices, breach reporting, and risk management, James Alliband, senior cybersecurity strategist, Carbon Black says, “as cybersecurity practices face increasing scrutiny with more stringent regulations and detailed reporting of breaches, CISOs must advocate for cyber threat risk management and transparency to be integrated into the broader organisational culture and governance – and elevated as top business priorities – not just concerns for security teams.”
Navigating the transformative power and challenges of AI in today’s digital landscape
Discussing the role of AI, data governance, and improving data for AI, James Fisher, chief strategy officer, Qlik emphasises the importance of trust and responsible data handling, “amidst the AI boom, GenAI offers transformative potential. But concerns regarding responsible use, data privacy, and individual consent persist. Building trust in GenAI requires addressing misinformation and deepfake risks, while enhancing data quality with robust data governance and origin and validity testing to ensure reliable AI-generated insights.”
Addressing the use of AI in cloud operations and the importance of secure cloud usage, Drew Firment, vice president of enterprise strategies, Pluralsight comments, “data privacy and sovereignty must become prominent as cloud computing providers expand more efficient AI-driven cloud operations (AIOps). Common cloud security faults with data breaches can be remediated with increased investment in cloud security training for both developers and operations, to ensure the cloud is being used securely and data is being kept safe.”
David Higgins, EMEA technical director at CyberArk looks at AI’s impact on cyber threats and the importance of security awareness training. He says, “AI is transforming the nature of cyber threats, giving bad actors the ability to generate convincing phishing campaigns. Our recent Threat Landscape report, reveals that security leaders identify security awareness training as one of the top three most effective components of a defence-in-depth strategy to combat phishing. Businesses must remember that security awareness training is key for individuals to identify and mitigate AI-driven threats effectively.”
Navigating this expansive sea of data illuminates the complex landscape of data privacy, cybersecurity, and ethical data management. There’s a clear collective responsibility to protect data, foster trust, and champion ethical practices. In an ever-connected world, these principles are not just obligations but essential foundations for a safer digital future.