Published on January 28, 2024, 2:38 pm
Data Privacy Day is a significant event that highlights the importance of safeguarding personal information. As the threat of data breaches continues to loom large, experts emphasize the need for businesses to prioritize security measures, staff awareness, and responsible use of emerging technologies. With the proliferation of IoT devices, cloud computing, remote working, and generative artificial intelligence (AI), data privacy has become an even more pressing concern.
The recent “mother of all breaches” involving over 26 billion exposed records further underscores the urgency to address data protection blunders. To combat evolving threats in 2024 and beyond, enterprises must invest in robust security measures and place a heightened focus on data privacy. Greg Clark, Director of Product Management at OpenText, suggests that understanding one’s data footprint and threat landscape is crucial when formulating effective data strategies. Implementing comprehensive data discovery tools can aid businesses in finding sensitive information, assessing risks, and establishing priorities to mitigate compliance and financial risks.
Mark Molyneux, EMEA CTO at Cohesity, emphasizes that existing security measures need to be expanded to counter specific threats encountered today. Merely fortifying walls around data and systems is no longer sufficient as cyber attackers capitalize on vulnerabilities like employee actions and software flaws. The erosion of network defenses necessitates new approaches to protect against hackers’ persistent attempts.
Attila Török, Chief Security Officer at GoTo, believes that strengthening employee awareness about data protection should be a top priority. Scaling up employee security through zero trust products, enforcing a strong acceptable use policy (AUP), and transitioning towards passwordless authentication are straightforward yet impactful methods for safeguarding company systems from cyber threats.
Beyond defending against external attacks, organizations must also ensure privacy when utilizing sensitive data. Protecting personal information becomes particularly critical when leveraging AI tools. Clark advocates for leveraging privacy-enhancing technologies (PET) to anonymize or de-identify personal or unstructured data before feeding it into AI models. Encrypting or tokenizing data helps maintain privacy and compliance with regulations, establishing trust with customers.
Martin Davies, Audit Alliance Manager at Drata, highlights the intersection of AI and data protection in 2024 and how regulatory controls such as the EU Commission’s AI Act could shape this landscape. Striking the right balance between innovation, regulation, and protection will be crucial in determining the level of data privacy practices adopted by firms. Ensuring that global regulators implement requirements for AI companies to safeguard user privacy while enabling informed decision-making is paramount.
To mitigate breaches effectively, Trevor Dearing, Director of Critical Infrastructure at Illumio, advocates for mature zero trust systems that limit the exposure of sensitive data when an inevitable breach occurs. Traditional tools like firewalls and intrusion detection systems are no longer sufficient in an ever-evolving threat landscape.
While implementing zero trust on corporate networks may present some challenges, it is essential for organizations to prioritize up-to-date security measures on employee devices. This includes installing anti-virus software, firewalls, and device encryption to fortify individual security postures within a company.
Data breaches continue to make headlines globally; however, by adopting stringent security measures, improving staff awareness, and utilizing emerging technologies responsibly, businesses can significantly enhance their data protection efforts. Prioritizing these aspects ensures compliance with privacy regulations while fostering customer trust in an increasingly digital world.