Building a secure organization in the age of AI, an analysis

The South Africa’s Information Regulator reports at least 100 cyber security breaches a month from local companies.  Between October 2022 and June 2023, the regulator received 1021 data breach notifications, averaging 113.4 incidents every month.

This is a solid indicator of the value of data and of the threats to it.  Business leaders have to embrace emerging tech but also find a balanced approach that accommodates private data while delivering innovative services.

Emerging technology will also have a crucial role to play when it comes to harnessing data on a large scale.

From Lenovo, Dean Wolson General Manager in their Infrastructure Solutions Group points out how emerging technology has a crucial role to play when it comes to harnessing data on a large scale.

“Every second, every person on Earth generates an estimated 1.7 megabytes of data, and this is growing with each passing year. Technologies such as artificial intelligence (AI) and edge computing will be crucial to taming data of this size and delivering the intelligent, personalised services consumers desire. The future of data privacy is tied closely to these emerging technologies, with edge computing helping to control where data is processed, and AI offering both opportunities and challenges in privacy terms. Emerging technologies such as anonymization, federated learning, and homomorphic encryption may also help business leaders to put privacy first.”

He says business leaders failing to navigate data privacy will be met by harsh financial penalties and a lack of consumer trust.

Businesses that are serious about upholding privacy must couple themselves closely with security experts, regulators, and third-party partners in order to incorporate privacy into everything they do.

He says both AI and edge computing will change the way the world thinks about personal data protection.  “Edge computing, with its decentralised processing ability, offers significant potential to boost privacy. By allowing data to be processed closer to the source, it means, for example, that a camera system can record footage, but only forward anonymized data to the cloud for processing and storage. By reducing the need to transmit and store potentially sensitive data, edge computing can minimize the risk of leaks.”

Business leaders must introduce AI into their systems with care. While it holds the potential to boost cybersecurity by detecting anomalies, it also highlights legitimate concerns about the potential misuse or leakage of sensitive data.

“For example, generative AI systems often have no way to ‘delete’ information, potentially posing problems in terms of the right to be forgotten. Business leaders must ensure that their adoption of AI incorporates robust security features and that strict data hygiene is enforced around identifying data to ensure AI can be used safely. Used carefully, artificial intelligence holds vast potential to boost user experience, but business leaders need to ensure privacy is central to their AI strategy,” Wolson adds.

Putting the user first

Clarity and transparency are essential when it comes to user privacy. Business leaders must ensure that customers are clear about when their data is being collected, and equally clear on how it will be used. This is essential both for compliance with regulations, and to build user trust.

User education is also crucial. Business leaders should respect the intelligence of consumers and furnish them with the information necessary to make their own informed decisions about data. Data privacy policies must be transparent, and individuals must be empowered to access, correct, and request deletion of any data that the organization holds, according to Wolson.

To make this all work smoothly he says, it’s essential to establish and regularly update comprehensive data governance policies, ensuring that these align with the requirements of privacy laws such as the Protection of Personal Information Act (POPIA).

Building a privacy-first organization

Building a privacy-first organization requires conversations with everyone from employees to third-party organizations.

Creating a culture of data security requires employees to be well-informed on the basics of privacy and storage, such as using strong passwords and recognizing the hallmarks of a phishing attack. This should be combined with incident response planning and regular audits to ensure that the entire organization is poised to deal with incidents and that employees have a full understanding of the importance of data security.

This according to Wolson should be coupled with ensuring that data remains secure, and this often requires difficult conversations to be had.

Cybercriminals are always looking for the ‘weak link’ in the chain, whether that is a legal company, an accountant, or a software supplier, and any security lapse by a third party will reflect badly on any company using their services, Wolson says.

“With regulations changing around the world, it also pays to seek expert advice to ensure compliance, and to bolster awareness of emerging cyber threats. Collaboration with legal and cybersecurity experts can help business leaders to navigate an ever-changing landscape, and help customers to maintain their own high data privacy standards.”

Businesses should also be aware of emerging technologies to help balance data analytics and individual privacy.

Also read: The HUAWEI Metaline Antenna: How the HUAWEI MateBook D 16 takes wireless connectivity to the next level