A Year in Data Security: Five Things We’ve Learned From 2024

comforte1

A Year in Data Security: Five Things We’ve Learned From 2024

As the dust settles on another hectic 12 months, business and IT leaders should enjoy a well-earned break. But not for long. The end of one year offers a fantastic vantage point from which to view the macro trends that may go on to shape the next. With this in mind, these are the five things we’ve learned about cybersecurity in 2024.

1- AI is changing the game – for good and bad

AI is transforming the fortunes of companies across the globe, from retailers to financial services firms, helping them make better-informed business decisions and work more productively. But it’s also a boon for threat actors, supercharging efforts to steal data by improving and scaling phishing emails, enhancing the selection of targets, and much more. AI and analytics tools are also an increasingly popular target for cybercriminals. The data on which they’re trained could be stolen or poisoned to sabotage business processes. Organisations must ensure any AI projects are built on solid foundations by securing this data as a starting point.

2- Breaches are threatening to spiral out of control

Unfortunately, thanks in part to the cybercrime uplift provided by AI and automation, data breaches have a more deleterious impact on organisations than ever. The latest estimates claim that over a billion individuals were impacted by corporate data breaches in Q2 2024, a 1,170% annual increase. And average breach costs globally surged 10% year-on-year (YoY) to reach nearly $4.9m in 2024. It’s partly down to technological advances by the cybercrime community. But also the continued failure to follow best practices around password security, vulnerability patching, user awareness, multi-factor authentication, and other cyber-hygiene basics. Unless these are addressed, things will continue to get worse. Data-centric security can help, but organisations must also repair the foundations to minimise breach risks.

3- Shadow data must be illuminated 

Another factor contributing to the seemingly inexorable surge in data breach costs is the explosion of shadow data in enterprises. IBM found that over a third (35%) of breaches over the past year involved data outside the control of the IT/security department. These incidents cost over 16% more than the average, took 26% longer on average to identify, and 20% longer to contain. Shadow data is everywhere and thrives amid the complexity of modern IT environments. Organisations must find a better way to illuminate it, for example, using AI-powered data discovery and classification tools which will automatically and continually locate enterprise data no matter where it resides—even in third-party data stores like cloud environments.

4- Compliance complexity demands best practices

The past year saw the compliance burden pile up for global organisations. From the EU AI Act and the Digital Operational Resilience Act (DORA) to PCI DSS 4.0 and new cybersecurity regulations for firms operating in New York State, stretched teams are at breaking point. Fortunately, these diverse regulations and standards aren’t as heterogeneous as they first appear. In fact, many contain the same kind of best-practice requirements for data protection. IT and compliance leaders facing another year of incoming rules and regulations would do well to remember this. And that data-centric security, including the application of format-preserving encryption or tokenization, can sometimes help reduce the scope, cost, and complexity of compliance. By automating continuous data discovery and classification, applying strong data protection, implementing robust access controls and monitoring, and wrapping it all in a watertight data governance strategy, there is a way forward.

5- Data security can be an enabler

According to one study, half of global business decision-makers still consider cybersecurity “a necessary cost but not a revenue contributor,” while 38% see it as a barrier rather than a business enabler. Yet if 2024 has taught us anything, it should be that data security is about more than mitigating the risk of a serious breach. In fact, it can help preserve competitive advantage and bolster brand reputation, support important digital transformation initiatives, and even open the door to new markets by ensuring enterprises comply with local privacy laws.

New rules introduced in 2024 like NIS 2 stress the importance of boardroom accountability and input when it comes to cyber strategy. This is absolutely correct. Cyber risk today is fundamentally also a business risk, and cybersecurity can be a fantastic growth enabler. That’s why it must be managed with direction from the very top. If they’re not engaged yet, boards certainly will be as we move into 2025.

Learn how to discover, classify, and protect all sensitive data.

Click the button below to download the solution brief for our Data Security Platform.

Author

  • Thomas Gloerfeld

    Thomas Gloerfeld is Director of Partner Development & Marketing NonStop Solutions at comforte and has been associated with the NonStop community for 25 years. Before joining comforte, he held various management positions at ACI Worldwide in Germany and the UK. In his role at comforte he closely monitors topics such as data security, risk and compliance.

Be the first to comment

Leave a Reply

Your email address will not be published.


*