It looks like we have entered the age of chaos in cybersecurity where cybersecurity incidents follow each other at an unprecedented pace, and cyber losses are ever so increasing, affecting almost every citizen globally.
The main cause is that technological advancements have enabled the butterfly effect, and amplified black swan events.
Butterfly effect
Highly digitized and interconnected cloud technology and processes supporting worldwide value chains have created enormous butterfly effects where hackers can navigate the world stage and wreak havoc with extreme ease. Where 20 years ago a hacker needed to have access to the premises of a company to get access to their data, they now only need access to one of their employee’s username and password which are readily available for a couple of bucks on the dark web, to steal enormous amounts of customer data. Extreme digitization of our daily interactions enable hackers to easily use that personal data for all kinds of criminal activities that can directly damage customers. Through data sharing and automated decision making these data breaches can even indirectly harm us through AI models going haywire and making potentially very damaging decisions.
Cyber threats spread like wildfire over the internet through highly connected networks and fully automated processes potentially resulting in the complete standstill of international transportation, financial markets, and multinational companies costing companies billions of dollars.
Data follows the money with cyber threats in its wake. Very much like during the financial crisis our systems are too interconnected making us extremely vulnerable.
Black Swan Events
Yesterday the 2024 Cost of a Data Breach Report came out and to my great fear the average cost of the data breach went up again. This year it went up by 10% amounting to USD 4.88M. Business disruptions, customer support, and remediation resulting from the breach drive up the cost. This is ignoring the longer term impact on the business from the loss of customer trust.
Cyber security incidents occur in patterns people find very hard to grasp and prepare for. On the one hand, cybersecurity incidents are heavily clustered. After long periods of seemingly no events, organisations can be hit by dense episodes of frequent security breaches overloading the security team. Second, despite most cyber losses being relatively limited, in certain cases the losses can be catastrophic, potentially endangering the survival of a company. Although these extreme losses are rare, their occurrence is increasing. Strangely, the size of these losses are unrelated to the size of the company. Even a small company can be hit by a catastrophic cybersecurity loss.
Combined this means that companies can be caught by surprise after very long periods of minor incidents by huge cyber losses they thought were impossible based on historical data.
Digitalisation as the agent of chaos
Evidently, this chaos is largely enabled by digitalisation. We moved data and workflows to the cloud and connected networks at such a large scale and at such a fast pace, we didn’t have the time to properly adapt our cybersecurity practices. Almost 30% of enterprises deploying AI had a security breach, and the Snowflake Data Breach is becoming one of the largest security breaches in history just because organisations didn’t implement MFA (and many other data security best practices).
Additionally, we’re seeing that increasing political tensions are spurring cyber attacks as nations are increasingly using cyber warfare as a means to destabilize rival countries. The hackers performing these attacks have become prime assets as proven by the latest prisoner exchange where the US released 2 hackers. Something that has never happened before.
New Privacy and Security Regulations to curtail chaos
The best way to reduce the impact of cyber incidents is with better data security. In fact, it is perfectly possible to curtail the chaos through good data security practices. Therefore, regulators are introducing new regulations with the goal of curtailing the chaos by requiring organisations across all industries and regions to improve their cyber security posture. With these regulations they hope to protect privacy and security of their residents while also protecting their regions’ overall stability. Some of the regulations and standards in the EU and US that are planned for the coming year are:
What does this mean for data platform lead?
All these regulations require organisations to improve their cybersecurity posture to prevent butterfly effects from taking effect and reduce the risk of black swan events. What is particularly interesting is that they have introduced clauses that give the supervisors the tools to hold senior leadership of companies that have been breached personally accountable.
Therefore, you can expect data security to become an important priority in the coming years. However, balancing data security with innovative initiatives such as GenAI and Self-Service Analytics is very difficult with today’s IAM technology and workflows.
How Raito helps
Raito offers a central platform to streamline all data security workflows such that data consumers get access to data in a fast and secure way. Our customers use Raito to monitor, manage and automate multi cloud data security.