Today is Data Privacy Day, and with our prolific usage of the Internet and the many apps we can’t live without, we know the significance of our data. Cybercriminals are always trying to breach user information or big organizations are taking it from us by perfectly legal means. From India’s Personal Data Protection Bill to Brazil’s General Data Protection Law, the past year saw new developments and updates to privacy regulations across the globe.
While governments around the globe push to enact data protection laws, Data Privacy Day cautions that today’s cybersecurity landscape poses one of the most significant threats to privacy
Drew Bagley, VP and Counsel Cyber Policy and Privacy, CrowdStrike
Drew Bagley, VP and Counsel Cyber Policy and Privacy, CrowdStrike, says, “While governments around the globe push to enact data protection laws, Data Privacy Day cautions that today’s cybersecurity landscape poses one of the most significant threats to privacy. This is true for organizations of all sizes that are responsible for safeguarding important data in the face of innovative threat actors and an increasingly regulated environment.”
The objective of Data Privacy Day encompasses two key aspects. It aims for every user to recognize their right and capability to safeguard and oversee their personal data. Additionally, it emphasizes the importance of organizations understanding the reasons for safeguarding and securing their customers’ data, including Personally Identifiable Information (PII)
Jayaprakash Nair, Senior Engineering Leader, Data Science, Altimetrik
Jayaprakash Nair, Senior Engineering Leader, Data Science, Altimetrik, says, “The objective of Data Privacy Day encompasses two key aspects. It aims for every user to recognize their right and capability to safeguard and oversee their personal data. Additionally, it emphasizes the importance of organizations understanding the reasons for safeguarding and securing their customers’ data, including Personally Identifiable Information (PII). Achieving harmony between innovation and data protection demands collaborative efforts from industry stakeholders, policymakers, and an informed public.”
Identity is a critical threat vector that companies must address as they build their data privacy plans. This means that privacy compliance now requires defenders to pay attention to how adversaries infiltrate organizations and to assess whether they are prepared to defend against those types of attacks
Safia Kazi, ISACA Principal, privacy professional practices
Safia Kazi, ISACA Principal, privacy professional practices, says, “Protecting against data breaches is especially challenging today, when identity-based attacks are some of the most commonly employed and hardest to detect.”
In fact, 80% of cyber incidents involve the misuse of valid credentials to access an organization’s network.
AI: The New Threat
Aligning privacy and cybersecurity strategies is especially critical as generative AI tools continue to span enterprises. With every ground-breaking technology, there are new opportunities and risks organizations must be aware of and should anticipate.
“Notably, responsible AI can be a game-changer in protecting data against breaches,” says Bagley. “However, AI that lacks privacy-by-design can introduce risk. In parallel with emerging regulations, it is imperative that organizations have visibility into the types of generative AI being introduced into their environments and an understanding of the use cases. Effective data protection today combines content with context to get a real-time understanding of what data – if any – is being shared with third-party entities and what protections are in place to prevent unauthorized data exposure.”
A study conducted by PWC reveals that nearly half of the respondents fear the consequences of a cyberattack, foreseeing potential losses in customer data and revenue.
In today’s era dominated by generative AI, integrating AI with data protection is imperative for solidifying cyber resiliency, and enabling faster and more precise threat detection
Balaji Rao, Area Vice President, India & SAARC, Commvault
Balaji Rao, Area Vice President, India & SAARC, Commvault, says, “As we observe Data Privacy Day, it is imperative to reflect on the ever-growing importance of safeguarding sensitive information in our digital landscape. Currently, India ranks among the top three most targeted APAC countries for cybercrimes, with the prominent factor being the surge in Generative AI.”
“The increase in AI-powered cyber-attacks in India raises substantial concerns, highlighting the urgency for organizations to redirect their focus toward data governance and privacy. In today’s era dominated by generative AI, integrating AI with data protection is imperative for solidifying cyber resiliency, and enabling faster and more precise threat detection. The objective of Data Privacy Day is twofold: a reminder for organizations to embrace a more structured strategy regarding AI to counter new threats and for users to understand the power to protect personal data,” he adds.
As per a popular study, global consumers distrusting tech companies managing their personal data has risen to 48% in 2023.
“The surge in sophisticated data breaches and AI-powered cyber-attacks highlights the urgent need for comprehensive data security and privacy measures,” says Nair.
Are Organizations Doing Enough?
According to ISACA’s Privacy in Practice 2024 survey report, while half (51%) of India’s privacy pros say their organizations have an apt privacy budget, which, when looking at the year ahead, they expect to increase, a third of them expect a decrease in budget.
The path to forming a privacy program is not always a smooth one, with top obstacles including a lack of competent resources (44%), complex international legal and regulatory landscape (35%), management of risks associated with new technologies (35%), and a lack of clarity on the mandate, roles, and responsibilities (34%)
In seeking those competent resources, technical privacy positions are in highest demand, with legal/compliance roles coming in at a close second. However, respondents indicate there are skills gaps among these privacy professionals; they cite experience with different types of technologies and/or applications (58%) as the biggest one.
Read more:
When looking at common privacy failures, respondents in India pinpointed the non-compliance with applicable laws and regulations (44 percent), data breach/leakage (42 percent) and not practicing privacy by design (41 percent) as the main concerns.
“When privacy teams face limited budgets and skill gaps among their workforce, it can be even more difficult to stay on top of ever evolving and expanding data privacy regulations and even increase the risk of data breaches,” says Kazi. “By understanding where these challenges lie, organizations can take the necessary measures to remedy them and change course to strengthen their privacy teams and programs.”
Effective data security serves as the bedrock of data privacy and leaders must recognize that security needs to be seamlessly integrated into every facet of their operations
“There’s no doubt privacy is not just a priority but a necessity. Effective data security serves as the bedrock of data privacy and leaders must recognize that security needs to be seamlessly integrated into every facet of their operations. As we navigate the digital landscape, let us collectively uphold a resilient architecture that extends visibility, ensuring that data privacy remains a steadfast commitment, safeguarding the trust of customers and the integrity of organizations,” says Rao.
“Organizations are bound by legal obligations and are responsible for fortifying defenses and implementing proactive strategies to protect sensitive data. Prioritizing stakeholder privacy is a central focus, realized through a comprehensive, proactive, and risk-based data privacy strategy,” says Nair.
“Identity is a critical threat vector that companies must address as they build their data privacy plans. This means that privacy compliance now requires defenders to pay attention to how adversaries infiltrate organizations and to assess whether they are prepared to defend against those types of attacks. This includes asking whether there is adequate visibility into security events, credentials, and data flows,” says Kazi.
Taking Action
One of the ways that organizations are mitigating both workforce gaps and privacy failures is through training. A majority of India-based respondents (61 percent) note they are training to allow non-privacy staff to move into privacy roles, while 45 percent have increased reliance on credentials to attest to actual subject matter expertise.
With employee training, 86 percent globally indicate their organization provides privacy awareness training for employees, with 66 percent are providing training to all employees annually, and 52 percent of global respondents are providing privacy awareness training to new hires. Organizations are also taking action to strengthen data privacy by using a variety of privacy controls beyond what may be legally required, with the top three globally being identity and access management (74 percent), encryption (73 percent), and data security (72 percent).
Organizations that practice privacy by design experience some key advantages such as having more employees in privacy roles and are much more likely to see their organization’s privacy strategy aligned with organizational objectives (90% vs. 74% total).
Ultimately, such organizations are also much more likely to be confident in their organization’s privacy team’s ability to ensure data privacy and achieve compliance with new privacy laws and regulations.
The Road Ahead
Gartner foresees that by the end of 2024, 75% of the global population will fall under the umbrella of modern privacy regulations.
Read more:
“Fundamental innovations such as edge computing, cloud security, the zero-trust security model, and AI governance empower individuals, acknowledging the critical balance between technological progress and individual privacy rights,” says Nair.
“Data is the lifeblood of innovation and the key driver of transformative business strategies. Commitment to harnessing the power of data goes hand in hand with ensuring data privacy. In the age of digital acceleration, where data fuels every decision, protecting the integrity and privacy of the customer information entrusted with enterprises is pivotal,” he concludes.
