Data Privacy Day: Users Will Tip the Scales

January 26, 2024

By Thomas Wethmar - Regional Director DACH, Skyhigh Security

If you’re currently reading our blog, there’s a good chance you’re a cybersecurity expert, and as such, you likely know that January 28th has been recognized globally as Data Privacy Day for nearly two decades. But do you also know why? The date reminds us that on this day in 1981, the European Council signed the first European Data Protection Convention – then a groundbreaking treaty, which laid the international and multilateral foundation for the protection of the privacy and personal data of EU citizens. This is why the European Data Protection Day was created in 2006 and why it has successfully been adopted globally as the Data Privacy Day shortly thereafter – after all, this topic is undoubtedly not only of European but of global significance.

I think we can all agree that for modern businesses, Data Privacy Day is more important than ever. Not only because the number of cyberattacks on our data is constantly increasing but also because of the force of such attacks and the damage they cause. Furthermore, many organizations, regardless of their size or sector, face a rising struggle in keeping the data shared by their employees, customers, and partners secure.

A major reason for this is that the centralized networks of the past have often been replaced by decentralized environments with thousands of endpoints and apps—many with highly dangerous shadow IT environments where no one knows who is using which applications and where which data is stored. In these complex, opaque and open infrastructures, data loss is the new normal. The situation is about to become even more serious in the future: In AI tools such as ChatGPT, many gigabytes of sensitive data are already being uploaded daily—often without users giving any thought to the security and compliance impact.

The good news is that awareness of these dangers is increasing, and security managers are more than willing to invest in modern data protection technologies such as data leak prevention and zero trust. However, if these investments are to have the desired effect, organizations must keep three aspects in mind when implementing them:

• If businesses want to protect their users’ critical data reliably, they must ensure they have full visibility over the tools and systems employed by their users—and evaluate the risk potential of each application.
• The next step is to define concise policies regarding which apps they want to sanction and which data their users are supposed to share. These rules must be granularly enforced and continuously checked with real-time monitoring solutions.
• Dedicated data leak prevention solutions can help to prevent data losses in cloud and AI apps, for example by deactivating conversation histories and limiting user uploads. Employees should also be trained in the use of generative AI tools.

Here at Skyhigh Security, we are firmly convinced that you have to become part of the cloud to protect sensitive data in the cloud. Only a robust, cloud-native platform offers the visibility, scalability, and resilience your organization needs to keep today’s enormous amounts of data under control. On the other hand, this also implies that once a modern, hybrid platform enables you to protect your data both on-premises and in the cloud, you will be able to unlock the full potential of the cloud: This will allow you to not only better protect your data-at-rest, but also the data-in-transit and the data-in-motion that is currently being processed – enabling you to take your security to a new level.

As you can see, the cyber arms race has changed a lot since the first European Data Protection Day in 2006. The organized cybercriminals we face today are far more sophisticated, ruthless, and better equipped than the hackers and script kiddies of the early noughties—and they know exactly how to target your organization’s most valuable data for maximum damage or profit. But the organization’s security architectures are also far more robust than ever before—and they can leverage the almost limitless performance, scalability, and flexibility of cloud-native platforms to meet the attackers on an equal level.

But who will be the winner of this battle? In my opinion, the users will once again be the ones to tip the scales: If organizations manage to successfully raise awareness for privacy and data protection—and thus gain company-wide buy-in for the implementation of security innovations—then their chances to prevail are very good. Otherwise, cybercriminals are likely to gain the upper hand sooner or later.

This brings us right back to the start: The relevance of Data Privacy Day, which has always been a great opportunity to create cybersecurity awareness. Leverage the coming days to talk to your customers and coworkers about cybersecurity best practices—eventually, they will thank you for it!