Emerging technology like generative AI and the neverending onslaught of cyber threats continue to call on companies to adopt stringent cybersecurity postures. Tim Freestone and Patrick Spencer of Kiteworks explore the complexity of data privacy and compliance in 2024.
As 2024 dawns, the digital world’s complexity continues to evolve, bringing to light the multifaceted challenges of data privacy and compliance. Cybercriminals and rogue nation-states are advancing their tactics, complicating the task of safeguarding sensitive information. Supply chain vulnerabilities have emerged as a significant threat, with 15% of last year’s data breaches traced to third-party vendors. This trend necessitates a robust cybersecurity response.
The rise of generative AI and large language models (LLMs) offers innovative avenues for managing digital content. Yet, these technologies also introduce new vulnerabilities, emphasizing the need for vigilant tracking and management of sensitive data. The legal landscape is rapidly changing, with regulatory bodies enforcing stricter data privacy regulations and imposing harsher penalties for noncompliance. In response, organizations must adopt a more agile approach to content access management and compliance reporting.
AI and LLMs: A double-edged sword
The anticipated doubling in generative AI (GenAI) and LLM usage by 2024 brings new dimensions to data privacy and compliance challenges. With an estimated 15% of employees already using LLMs to handle company data, there is an increased risk of exposing sensitive information. The proliferation of these technologies broadens the threat landscape, leading to potential data leaks, reputational harm and legal issues.
Organizations are combating these risks with a shift toward content-defined zero-trust security models. These models apply granular access controls and implement data loss prevention (DLP) strategies to regulate GenAI and LLM interactions. As digital rights management (DRM) technologies advance, their adoption is expected to grow, particularly for high-risk content, to ensure secure collaboration and prevent unauthorized data dissemination. Employee training on the responsible use of GenAI and LLMs is also becoming a critical investment.
Regulatory bodies are keeping pace with these technological advances. In the U.S., a new executive order outlines fresh benchmarks for AI safety and privacy, which will likely precede more detailed legislation. Internationally, the EU’s AI Act is establishing obligations for AI systems, especially for small and medium-sized enterprises (SMEs), to ensure their safe application.
Compliance through detailed audit logs and governance tracking will become more crucial as organizations align with standards like the NIST AI Risk Management Framework Playbook, focusing on managing AI-related risks and sensitive content.
Familiar target of GDPR violation claims, the tech giant is now a guinea pig in EU’s class-action reformsRead more
Urgency to modernize file transfer and email security
There is an immediate need for modernizing managed file transfer (MFT) and email security systems. Traditional MFT solutions, often reliant on outdated technology, are exposed to significant security gaps. Cyber attacks targeting these weaknesses have already resulted in extensive data breaches, emphasizing the need for integrated, up-to-date security solutions.
In response, 2024 will see a shift toward modern MFT solutions that incorporate features like advanced threat prevention (ATP), DLP and content disarm and reconstruction (CDR). These systems aim to centralize updates and enhance defenses against complex cyber threats. Email security is also undergoing a transformation to address the leading attack vector for cyber threats. Advanced email protection gateways, embodying zero-trust policy management and single-tenant hosting, are critical for reducing associated risks and ensuring compliance with evolving data privacy standards.
By the end of 2024, Gartner estimates that privacy regulations will cover three-quarters of the global population, with company privacy budgets expected to exceed $2.5 million. This trend is not limited to the U.S., where several states enacted new privacy laws in 2023, but is evident worldwide, with the EU actively advancing significant legislation.
The NIST privacy framework, introduced in 2020, is slated to broaden its guidance on privacy risk management, coinciding with anticipated updates to the NIST cybersecurity framework that will highlight continuous risk assessments and supply chain risk management.
Data sovereignty is becoming an acute concern, with most countries regulating data collection, storage and use. This global shift presents intricate challenges for multinational corporations, influencing decisions on application deployment, especially in countries with stringent data laws. Solutions that address data sovereignty and compliance with localization laws are increasingly being adopted.
Fines for data privacy violations are also mounting, with recent years seeing substantial penalties against major corporations. This trend is likely to continue, highlighting the importance of stringent data governance and security practices.
The successful navigation of 2024’s digital landscape will require a balance of foresight, agility, and a commitment to ongoing evolution. Organizations can enhance their cybersecurity posture, maintain compliance, and leverage the opportunities presented by a rapidly changing digital environment.