Expert Comments: Data Privacy Day
January 2024 by cyber security experts
With Data Privacy Day around the corner, Delinea, Barracuda and Immersive Labs have commented on the end of privacy as we know it with advancements in AI technologies, how to protect your organisations with a robust Zero Trust approach, and more.
Rick Hanson, President at Delinea
“The end of privacy as we know it might be closer than you think. The world is increasingly relying on more AI and machine learning technologies. This reliance could result in privacy becoming less and less of an option for individuals, as AI’s capabilities in surveillance and data processing become more sophisticated.
2023 marked a significant leap in the authenticity of deepfakes, blurring the lines between reality and digital fabrication, and that is not slowing down any time soon. Our digital identities, extending to digital versions of our DNA, can be replicated to create digital versions of ourselves, which can lead to questioning who actually owns the rights to our online personas.
Unfortunately, advancements in AI technologies are evolving more swiftly than current regulations can keep pace with. In 2024, we can expect stricter data protection requirements across more countries and regions. But until these regulations evolve and can keep pace, it is important to reduce our risk and protect our privacy however possible.
One of the best ways to do this is to continuously check each application including what data is being collected and processed, and how it is being secured. Use a password manager or password vault to securely store credentials, and leverage multi-factor authentication (MFA) to ensure credentials don’t get exploited by forcing whoever the user is to prove its identity beyond just a username and password. In the event that a data privacy breach does occur, it is also important to have a cyber insurance policy in place to ensure you’ll have the means to continue to operate and recover.”
Kevin Breen, Director of Cyber Threat Research at Immersive Labs
"As sensitive data is increasingly pushed to the cloud and stored in global data centres, data sovereignty and data security remain key issues facing CISOs and security teams this year. With the top cause for cloud data breaches being human error, it’s more important than ever to ensure that both security and DevSecOps teams continue to keep pace with the evolving threat landscape and continuously measure organisations’ cyber capabilities and fill the skills gaps to better address such threats. This goes beyond knowing the tools and techniques threat actors are employing; it’s equally critical to know how to deploy and secure customer and personal data. This applies to both the architects behind data security and employees themselves.
First, as third-party SaSS and PaSS platforms that hold organisations’ data come under pressure to ensure information is properly stored and controlled, it’s vital for architects and security professionals to work closer together to ensure a secure environment is designed from the outset. Security is paramount as ransomware continues to be a large data privacy factor as organisations are plagued with double extortion attempts. Just this past year, Caesars Entertainment paid $15 million to ransomware gangs specifically to avoid customer data being published online.
Second, in 2023, Haveibeenpwned identified around 40 websites that suffered significant data breaches resulting in tens of millions of data records and PII being made available to threat actors around the globe. This should sound alarms for organisations to not only keep their own data secure, but also be aware of how staff and users are impacted by data breaches on other sites. Poor password hygiene is a common contributing factor in cyber incidents where credential stuffing and phishing attacks can expose corporate data as well as personal users."
Siroui Mushegian, CIO at Barracuda Networks
“If around one in every two businesses experienced a data breach in the last year, it is not a big leap to assume that over time every organisation will experience a data breach. If nothing else, every organisation should approach its data security and compliance as if that were the case.
Regardless of the size of your organisation, you can’t go wrong by getting the basics right. These include a robust approach to authentication and access, with multifactor authentication as standard and ideally moving towards a Zero Trust approach.
Your IT infrastructure should feature defense-in-depth, AI-powered security technologies that cover and provide full visibility into your entire attack surface and every entry point, from devices to APIs, cloud assets, and more. Ideally this should be backed by 24/7 security operations and monitoring so that you are ready to respond to, mitigate and neutralize any threat before it moves further along the cyber kill chain.
Alongside this, you need to continuously back up your data. Ensure that all backup data is encrypted, both while at rest and in motion. Apply the gold standard of 3:2:1 — three backup copies, using two different media, one of which is kept offline. Employee engagement and training is critical. All employees should understand why cybersecurity matters, the latest threats and scams to look out for, and what to do if they spot something suspicious.”