Nine technology industry experts across cybersecurity, cloud computing, data analytics and fraud protection discuss what Data Privacy Day 2022 (28 January) means for the sector.
After a volatile 2021 for cybersecurity and fraud risks, we could expect similar threats to continue into 2022. But ignoring some of the high-profile cyber terrorism threats to governments, amid rising political tensions in Europe in particular, there’s a lot that data privacy professionals will need to consider when it comes to addressing the threats that face individuals and enterprises every day.
With many of our interactions being touched by a digital element today, whether at work, while shopping, travelling or booking appointments, enterprises and organisations have become inundated with data. But it’s not always clear what the privacy risk to this might be.
With this in mind, let’s explore what some experts in the tech industry think about the state of data privacy for 2022.
Widespread Data, Wider Risks
With data more commonplace, it does put enterprises and individuals at risk.
Indeed, this is echoed by Rick McElroy, Principal Cybersecurity Strategist, VMware, who points out: “We’re all familiar with the concept of The Great Resignation, but what organisations need to be hyperaware of is its significant impact on insider threats. The number of employees that have left a company but still have access to the network or propriety data – whether accidentally or purposefully – has significantly increased. Malicious actors know this and will start to target these employees to either carry out cyberattacks or plant ransomware.”
Similarly, Matthew Peake, Global Director of Public Policy, Onfido, argues: “Account opening processes often force us to hand over personal information to the companies we interact with. Between the online services that many of us sign up for, these companies know our mother’s maiden name, our first pet’s name, our first school, and a plethora of other personal facts about our private lives. We have come to assume that revealing this information is necessary to guarantee the security of our online accounts.”
Karen Worstell, Senior Cybersecurity Strategist at VMware, notes: “As we settle into a new era of anywhere work, enterprises must understand that data privacy practices rest on a foundation of strong cybersecurity controls. Data Privacy Week is a time for organisations to set goals for implementing best practices that improve data protection and cybersecurity. These include robust vulnerability management, implementing multifactor authentication, threat hunting, and network micro-segmentation, among others.”
Cybercriminals Are Only Getting Smarter
No one likes to heard bad news, but the reality is that cybercriminals have become more adept and skilled in their nefarious trade.
Chris Butler, Lead Principal Consultant, Resilience and Security, Sungard, points out: “In 2021, 39% of UK businesses reported suffering some cybersecurity breach. It remains one of the highest board-level concerns and sits at the top of enterprise risk registers. Large investments are being made into stronger data protection and backup policies to ensure the speedy recovery of business operations following an attack, particularly if that attack involves ransomware.”
Indeed, according to Simon Mullis, CTO at Venari: “End-to-end encryption is often touted as a silver bullet in reducing the consumer risk of enterprise data breaches, with 62% of the top 1,000 global websites now supporting the latest version of TLS 1.3. But cybercriminals are now also reaping the benefits of the total encryption of network traffic to conceal malware communications and exfiltrate data undetected.”
What Can Enterprises Do to Protect Themselves?
It’s not all doom and gloom, however. There are actions that organisations can take proactively.
Graeme Cantu-Peak, CISO, Matillion, argues: “All big cloud players have security and regulatory compliance measures in place. So instead of asking, ‘is my data secure in the cloud?’, cloud users should ask themselves, ‘am I using the cloud securely?’ For example, in your enterprise cloud strategy, you should mandate that data is properly encrypted during every step of the data journey, and that necessary security controls are in place.”
Additionally, David Warburton, Principal Threat Research Evangelist EMEA, F5, suggests: “More businesses need to look into ‘privacy by design’. Think about what data is needed, how long it needs to be kept, and how it is protected. If the data is no longer required, you also need to know when to delete it. Today, applications are increasingly spread across different locations and cloud providers, so data privacy must always be front of mind.”
How Can Technology Help?
Rather than leave readers with bad news, the experts do offer a sense of hope and believe technology can be of great assistance.
Adam Mayer, Senior Manager at Qlik, says: “Analytics programmes can help IT teams visualise who has access to what information and if that remains relevant to their role. This helps businesses introduce real intelligence into the management of data privacy to reduce the risk of human error and streamline processes for IT teams.”
Finally, Shakeel Itoola, Chief Information & Data Officer, Demand Science, points out that with the right technology in place, there’s no reason that data privacy regulations need to be a burden.
Itoola explains: “Governments around the world are cracking down on how data is used. This increased regulation and awareness have been important and necessary in today’s digital age. But, it has created new challenges for businesses, who often rely on data insights to inform their decisions.
“This does not mean the end for business use of data. Instead, they should focus on using contextualised data, becoming more prevalent within several industries. Contextualised data combines generic data with synthetic data, creating training data for AI models to accurately manage real-time behaviours, provide personalised experiences, and manage pipeline activities.”