Tim Freestone, Chief Strategy and Marketing Officer at Kiteworks, discusses new strategies to protect data privacy in 2024.
Unfortunately, managing data privacy and compliance risks becomes increasingly difficult yearly. Cybercriminals continue to evolve their strategies and approaches, making it more difficult than ever to identify, stop, and mitigate the damages of malicious attacks.
Managing the privacy and compliance of sensitive content communications is a difficult undertaking for many businesses. Many common tools reside in siloes and were developed a decade or more ago. This has led to several serious data breaches this year.
So, what are the key issues to look out for in 2024?
Risk of AI LLMs
Despite bans and restrictions, the number of employees and third parties using generative Artificial Intelligence (GenAI) Large Language Models (LLMs) will massively increase as the competitive advantages become too significant to ignore. This will expand the threat surface and potentially sensitive content to be inadvertently or intentionally exposed.
Even with advances in security controls, data breaches stemming from GenAI LLM misuse will rise in 2024.
High-profile examples threatening customer trust and drawing regulatory scrutiny are likely. This will force data privacy to be a central part of GenAI LLM strategies. Organisations slow to adapt will face brand reputation damage, lost revenue opportunities, potential regulatory fines and penalties, and ongoing litigation costs.
A need for a modern MFT approach
Managed file transfer (MFT) tools are used for the digital transfer of data in an automated, reliable, and secure manner internally and with third parties using governance tracking and controls for regulatory compliance. However, many are based on decades-old technology that has inherent security deficiencies. For the past several years, we have witnessed a spiralling escalation of cyberattacks on the software supply chain by rogue nation-states and cybercriminals.
Two major MFT tools experienced zero-day exploits in 2023. In both instances, multiple zero-day vulnerabilities were targeted—a remote code execution (RCE) in the case of Fortra GoAnywhere that impacted over 130 organisations and a SQL injection in the case of MOVEit that affected over 2,000 organisations and 62 million individuals.
If the two MFT attacks in 2023 are any indication, rogue nation-states and cybercriminals will continue to exploit zero-day vulnerabilities in legacy MFT solutions in 2024.
Better protection of emails
Email remains the number one attack vector. Malware attacks instigated through email shot up 29% in the past year, while phishing attacks also grew 29%, and business email compromise (BEC) spiked 66%. So much so that more than eight in ten data breaches now target humans as their first line of access using social engineering strategies.
Like legacy MFT solutions, legacy email systems lack modern security capabilities. Until organisations embrace an email protection gateway where email is sent, received, and stored using zero-trust policy management with single-tenant hosting, email security will remain a serious risk factor in 2024 and beyond.
Shifting regulatory standards
Regulatory bodies will have to continue evolving data privacy regulations in 2024. They will also likely ratchet up fines too.
Recent major fines, like those against Marriott and British Airways under GDPR, were largely due to lapses in data security.
This precedent indicates regulators will come down hard on companies that negligently expose personal data. This means businesses will, more than ever, need to track and control content access and generate audit log reports to demonstrate compliance.
Data privacy is a global concern. Gartner predicts that personal data for three-quarters of the world’s population will be covered by data privacy regulations by the end of 2024, and the average annual budget for privacy in a company will exceed $2.5 million.
Expansion of privacy regulation efforts across dozens of jurisdictions will occur over the next two years.
Rising importance of data sovereignty
Data localisation is a growing trend that will make data sovereignty a challenge for organisations in 2024. Many emerging privacy laws require organisations to control the country where data resides, which can be a significant challenge for multinational businesses. Yet, at the same time, data democratisation, the practice of making data accessible and consumable for everyone in an enterprise, regardless of technical skill, is a trend that will impact data sovereignty.
Data sovereignty empowers organisations to maintain compliance with local and international data regulations, which minimises legal risks, establishes a reputation for responsible data handling, and helps companies avoid hefty fines. By prioritising data sovereignty, organisations can build trust with customers and stakeholders, enhance brand reputation, and avoid costly legal issues.
Emergence of DRM to protect sensitive content
Challenges surrounding the handling of large files containing sensitive content will become increasingly pressing for organisations in 2024. These growing file sizes necessitate robust solutions for secure handling and storage.
Digital rights management (DRM) adoption will accelerate as organisations aim to protect sensitive content and comply with expanding regulations. For 2024, data classification and DRM policy management will drive organisations to institute data protection using least-privilege access and watermarks for low-risk data, view-only DRM for moderate-risk data, to safe video-streamed editing that blocks downloads and copy and paste for high-risk data. Highly regulated industry sectors such as healthcare and finance will be the biggest adopters.
A rapidly transforming landscape
The landscape of sensitive content communication is rapidly transforming due to technological innovations and increasing regulatory measures. In 2024, businesses will be under heightened strain to protect confidential data amidst escalating cyber threats and to ensure adherence to burgeoning international regulatory standards. It is time for organisations to look at alternatives.
By adopting zero-trust architectures, detailed security models based on content, strong access management, integrated DRM, DLP, and other leading-edge security measures, organisations can mitigate risks and uphold compliance. For 2024, organisations should hit reset on their sensitive content communication strategies and work to ensure they have the right technologies in place to protect all their file and email data communications.
What are the main data privacy trends to look out for in 2024?
The pivotal trends that will influence the security and regulatory compliance of sensitive content in 2024 include:
- Advanced AI technologies, including generative large language models, present new challenges for data privacy and compliance that require stringent governance, comprehensive security measures, and ethical AI utilisation;
- Upcoming regulations will enforce novel standards for personal data management that organisations will need to implement effectively;
- The spread of data localisation mandates necessitates the redesign of apps and cloud setups to meet data sovereignty requirements;
- Increasing fines and penalties for breaches in data privacy calls for enhanced governance and security frameworks to prevent infractions;
- Advancement of DRM is essential for the ongoing protection of confidential information.
- Assimilation of sophisticated security technologies, including cloud-based data loss prevention, advanced threat protection, and content disarm and reconstruction, into sensitive content infrastructures helps bridge security voids;
- Consolidating solutions for communication channels like email, file sharing, managed file transfer, and web forms into a cohesive PCN streamlines security and regulatory adherence; and
- Emerging applications across various sectors generate exceptionally large files, challenging the capacity of traditional systems.