Businesses in balance: Cyber-defence and maintaining data privacy

Photo: © Digital Journal

As the cybersecurity threat landscape continues to evolve, the most common root cause of cyber-attacks this year were vulnerabilities (37 percent) – both widespread and less well-known vulnerabilities in hardware devices, followed by compromised credentials. This suggests that organizations are not patching, which comes as no surprise given they have no time to do it.

While security and IT teams should be separate, that’s not the reality for most organizations, where the responsibility to protect ultimately falls on IT teams.

New research from CData shows that overburdened IT teams are leading to cybersecurity risks. IT employees spend up to 60 percent of their weeks servicing or managing data requests from other employees or teams, and more than a quarter of IT employees (27 percent) analyze data every single day of the week — and 70 percent are doing so more than half of the week.

Kris Lahiri, co-founder and CSO of Egnyte explains to Digital Journal there is a tricky balance between cyber-defence and with maintaining data privacy.

Lahiri notes these aims are not straightforward: “Organizations and individuals are beginning to navigate an increasingly complex data privacy landscape, with companies storing more personally identifiable information while adhering to modern data privacy regulations enacted nationwide and globally, with 71 percent of countries today having some legislation currently in place.”

It is down to businesses to respond, however, especially as consumers become more aware of the issue of data privacy. Here Lahiri  observes: “More customers are considering how companies will use and store their data before agreeing to do business with them, especially with the recent advancements companies are making with AI, so on Data Privacy Day, it is vital to review your data privacy policies and how to serve your customer base best.”

Artificial intelligence is the big game changer – something most businesses want, but equally a technology that comes with a new set of challenges: “As AI technology becomes more commonplace, users will try to leverage these tools with their company data, much like during the “shadow IT” era. While heavily regulated companies may create explicit blocks on these tools, a more prudent approach is to review how these technologies protect the data privacy of the data that they use. Consider adding a company-wide AI policy to complement your data privacy policy.”

At present, in the U.S., data privacy is in its infancy. However, more sophisticated laws are set to emerge, as Lahiri finds: “In the U.S., 12 state consumer privacy laws are active today, with more plans to be enacted by the end of the year. This momentum around privacy regulations is going strong, so take the time to review new data privacy regulations and how they apply to your business. Don’t wait for a formal compliance request to get your privacy practices in order – stay one step ahead.”

In terms of advice to businesses, Lahiri recommends: “Stay proactive by updating your data privacy policies and mapping your company data. Understand where your structured and unstructured data lives, how it is used, and who has access to it. By having a complete picture of the data that your organization stores, you can also see the potential risks that may arise so that you can bolster your cybersecurity defences.”