Data Privacy Day: AI & Cloud 43 Years On From Convention 108

Founded in 2006, Data Privacy Day on the 28th January every year commemorates the founding of the Council of Europe’s data protection convention — known as Convention 108 — on the 28th January 1981. The convention, which was the first legally binding international instrument in the data protection field, is in place to influence and shape the protection of privacy and of data protection in Europe and beyond.

“The worldwide celebration of the Data Protection Day shows a global recognition that the right to privacy and specifically the right of the individual with regard to the processing of their personal data are of fundamental importance in today’s digitised world,” celebrates Elsa Mein, Chair of the Consultative Committee of Convention 108.

“The Data Protection Day is an opportunity and an international effort to raise awareness on the right to data protection and privacy. It is also a day where we can use the opportunity to appreciate a Convention that has been opened for signature 43 years ago and continues – at a global level - to lay the foundation for the autonomy and human dignity in a globalised and digitised world.”

Now, 43 years after Convention 108 was launched, what does Data Privacy Day mean to leaders in our industry?

AI and ML development and reliance 

“The end of privacy as we know it might be closer than you think. The world is increasingly relying on more AI and machine learning technologies. This reliance could result in privacy becoming less and less of an option for individuals, as AI’s capabilities in surveillance and data processing become more sophisticated,” says Rick Hanson, President at Delinea.

“2023 marked a significant leap in the authenticity of deepfakes, blurring the lines between reality and digital fabrication, and that is not slowing down any time soon. Our digital identities, extending to digital versions of our DNA, can be replicated to create digital versions of ourselves, which can lead to questioning who actually owns the rights to our online personas. 

“Unfortunately, advancements in AI technologies are evolving more swiftly than current regulations can keep pace with. In 2024, we can expect stricter data protection requirements across more countries and regions. But until these regulations evolve and can keep pace, it is important to reduce our risk and protect our privacy however possible.  

“One of the best ways to do this is to continuously check each application including what data is being collected and processed, and how it is being secured. Use a password manager or password vault to securely store credentials, and leverage multi-factor authentication (MFA) to ensure credentials don’t get exploited by forcing whoever the user is to prove its identity beyond just a username and password. In the event that a data privacy breach does occur, it is also important to have a cyber insurance policy in place to ensure you’ll have the means to continue to operate and recover.”

Hanson has been President of Delinea since 2022, working alongside his role as advisor for Strata Identity. Previously, he served as Chief Operating Officer at Onapsis and Chief Revenue Officer at Brightcove, where he led global sales, professional services, channel, customer success, tech support, and field operations.

“Just as GDPR set the new data privacy standard more than five years ago, GenAI regulation will establish standards for decades to come,” believes Sylvain Cortes, VP Strategy at Hackuity.

“If you cut through the latest investor buzzwords and media doom-and-gloom, the AI threat is simple: at its core, Artificial Intelligence amplifies our data (in)security.

“Wavestone's CISO Radar 2024 highlights many of these emerging threats, from hijacking AIs to expose their inner secrets, to manipulating their data ingestion. But peel back the layers, and you'll find that these attacks are often exploiting flaws that have existed in organisations' architectures for years, now at unprecedented scale.

“AI's a match to the current cyber wildfire, but does it deserve more blame than the kerosene we've been ignoring for more than a decade? That's the sort of question legislation like the EU's Artificial Intelligence Act and even less AI-centric regulation like DORA are seeking to answer and remediate.

“Not a week goes by without the latest data leak dominating the news cycle. Expect the privacy fallout to keep pace and for AI to remain attackers' – and defenders' –- number 1 ally”

Cortes has been with Hackuity since 2022, having previously created Identity Days, supported Hackers Without Borders and developed strategy and spoken for Tenable. 

Cloud data breaches

"As sensitive data is increasingly pushed to the cloud and stored in global data centres, data sovereignty and data security remain key issues facing CISOs and security teams this year,” says Kevin Breen, Director of Cyber Threat Research at Immersive Labs.

“With the top cause for cloud data breaches being human error, it’s more important than ever to ensure that both security and DevSecOps teams continue to keep pace with the evolving threat landscape and continuously measure organisations' cyber capabilities and fill the skills gaps to better address such threats. This goes beyond knowing the tools and techniques threat actors are employing; it’s equally critical to know how to deploy and secure customer and personal data. This applies to both the architects behind data security and employees themselves. 

“First, as third-party SaSS and PaSS platforms that hold organisations' data come under pressure to ensure information is properly stored and controlled, it’s vital for architects and security professionals to work closer together to ensure a secure environment is designed from the outset. Security is paramount as ransomware continues to be a large data privacy factor as organisations are plagued with double extortion attempts. Just this past year, Caesars Entertainment paid $15 million to ransomware gangs specifically to avoid customer data being published online.  

“Second, in 2023, Haveibeenpwned identified around 40 websites that suffered significant data breaches resulting in tens of millions of data records and PII being made available to threat actors around the globe. This should sound alarms for organisations to not only keep their own data secure, but also be aware of how staff and users are impacted by data breaches on other sites. Poor password hygiene is a common contributing factor in cyber incidents where credential stuffing and phishing attacks can expose corporate data as well as personal users." 

Breen has been at Immersive Labs since 2017, having previously spent nine years in the British Army, specialising in malware.

“If around one in every two businesses experienced a data breach in the last year, it is not a big leap to assume that over time every organisation will experience a data breach. If nothing else, every organisation should approach its data security and compliance as if that were the case,” shares Siroui Mushegian, CIO at Barracuda Networks.

“Regardless of the size of your organisation, you can’t go wrong by getting the basics right. These include a robust approach to authentication and access, with multi factor authentication as standard and ideally moving towards a Zero Trust approach.

“Your IT infrastructure should feature defence-in-depth, AI-powered security technologies that cover and provide full visibility into your entire attack surface and every entry point, from devices to APIs, cloud assets, and more. Ideally this should be backed by 24/7 security operations and monitoring so that you are ready to respond to, mitigate and neutralise any threat before it moves further along the cyber kill chain.

“Alongside this, you need to continuously back up your data. Ensure that all backup data is encrypted, both while at rest and in motion. Apply the gold standard of 3:2:1 — three backup copies, using two different media, one of which is kept offline. Employee engagement and training is critical. All employees should understand why cybersecurity matters, the latest threats and scams to look out for, and what to do if they spot something suspicious.”

IT leader Mushegian has been at Barracuda since 2023, having previously held positions including Vice President of Information Technology at BlackLine, CTO at WNET and VP Head of IT Program Delivery and Business Operations at the NBA. 

**************

Make sure you check out the latest industry news and insights at Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Cyber Magazine is a BizClik brand 

**************