Data privacy will be a critical enterprise focus in 2024 - and generative AI has torn up the rulebook

Data privacy has become a recurring flashpoint for both consumers and businesses alike in recent years amid a flurry of major data breaches.

Within the last month, the issue was once again thrust into the public consciousness with news of the largest data leak of all time, known as the ‘mother of all breaches’, that saw more than 26 billion records exposed.

Evolving industry trends have also given rise to more frequent discussions about data privacy through the proliferation of IoT devices, the shift to cloud, increased remote-working, and the rapid adoption of generative artificial intelligence (AI).

Corporate networks globally are growing in size and complexity, resulting in a sprawling attack surface ripe for targeting by increasingly sophisticated threat actors.

Across 2024, industry experts predict that both security threats and breaches will continue to escalate, prompting increased investment from enterprises and a sharpened focus among IT leaders on data privacy and security, according to Greg Clark, director of product management at OpenText.

Speaking to ITPro, Clark said businesses need to take both their data footprint and the threat landscape into account when developing their data strategies.

“Businesses need to understand their data footprint and threat landscape. Only then, they will be able to devise smart strategies needed for the evolving business environments of today,” Clark argued.

“Data discovery tools, especially those that go beyond data mapping or metadata scans, are essential for privacy programs as they help businesses find data, understand risk and set priorities with internal stakeholders and business owners to mitigate compliance and financial risks.”

Mark Molyneux, EMEA CTO at Cohesity, told ITPro the security measures businesses have previously employed to protect data will need to be expanded to reflect the specific threats they will face in 2024.

“Previous concepts that build additional and higher security walls around data and systems no longer do justice to this new world,” he said. “Because even the highest wall becomes permeable when employees click on the wrong things, software products have hundreds of vulnerabilities, and remote working has stretched the entire security architecture.”

“Networks, although they are shielded by thousands of individual tools in large companies, have become much more permeable to hackers,” Molyneux added.

Chief security officer at flexible-work specialist GoTo, Attila Török, suggested shoring-up employee data protection awareness should be a key objective in the year ahead.

“In 2024 businesses should be firing on all cylinders to scale up employee security, utilize zero trust products, continue to enforce a strong acceptable use policy (AUP), and move toward passwordless authentication. These are simple yet powerful ways we can improve and modernize current practices to ensure that cyber threats can’t breach company systems.”

Data privacy will meet AI ‘head-on’ in 2024

Beyond protecting data from external threats, companies also need to be aware of how to maintain privacy while using the data.

Clark emphasized the attention this requires, particularly when using AI tools, and that firms should employ privacy-enhancing technologies (PET) accordingly.

“These technologies can enable organizations with anonymization or de-identification of personal data (non-reversible masking) that has become increasingly important for protecting unstructured data before it hits the AI pipeline in large language models.

Feeding private, potentially sensitive data into public models can be a dangerous move for businesses and as such they should add further protections to avoid sensitive data being exposed in this way, Clark explained.

“Great AI requires greater data, therefore, businesses must protect the data feeding these models. Encrypting or tokenizing data is also a strategic PET to deploy inside the business to ensure personal data is used responsibly and all privacy obligations are met. Techniques like format-preserving encryption ensure analytics are secure and have referential integrity. PETs help ensure compliance with privacy regulations and build a framework for building trust with customers.”

Audit alliance manager at software company Drata, Martin Davies, said AI’s impact on data protection in 2024 could be dictated by regulatory controls such as the EU commission’s AI Act.

“2024 will be the year when Data Privacy will meet AI head-on, and getting the balance of innovation, regulation and protection right will depend on the development of regulatory control”, Davies said.

He argued regulators will bear much of the responsibility for the level of data protection we see firms adopting in 2024.

“There is a clear responsibility on the part of global regulators to implement requirements that AI companies must adhere to in order to protect the data privacy of the end user and enable them to make informed decisions about how they interact with AI tools.”

Trevor Dearing, director of critical infrastructure at data center and cloud security firm Illumio, told ITPro current threat levels mean breaches are “inevitable” and as such more mature zero trust systems are required.

“Breaches are inevitable in today’s world, so businesses must put in place measures to rapidly contain and limit the likelihood of sensitive data being exposed. Traditional tools like firewalls and intrusion detection systems no longer cut it – you can’t use the past to protect the future.”

Implementing zero trust on corporate networks may cause some headaches, however, as IEEE’s senior member and professor of cyber security at Ulster University Kevin Curran explained.

“Organizations should also make sure that employees have up-to-date security protection on their devices, such as virus checkers, firewalls and device encryption. However, how many actually do this is questionable.”

Source link