5 ก.พ. 2024
In 2024, maintaining IT compliance is more complex and difficult than ever. In this article, we examine three compliance challenges businesses should be planning for, including cybersecurity threats, tightening regulatory demands, and the influence of artificial intelligence (AI).
Cybersecurity is hardly a new issue. However, the escalating frequency and financial impact of cyberattacks have made it much more important. According to a recent report by KPMG, businesses across all industries see cybersecurity as their biggest compliance challenge.
Lax cybersecurity practices and a failure to adhere to regulatory standards expose businesses to serious consequences. Financial losses resulting from ransomware payments or fraudulent transactions are often amplified by reputational damage and disruption to business operations. Legal and regulatory consequences stemming from noncompliance with data privacy laws or industry regulations can also lead to legal penalties, fines, and lawsuits.
As we move into 2024, new technologies and evolving workplace practices will add additional layers of cybersecurity complexity for businesses. In particular, two key factors will contribute to an increased risk of cyberattacks:
The first factor that will put businesses at risk of cyberattacks is the continued rapid adoption of cloud-based applications.
While cloud-based applications have undeniably helped businesses improve their operations, they have also opened a host of new opportunities for cybercriminals, who readily exploit their vulnerabilities. In fact, research from Netskope reveals that a startling two-thirds of malware downloads specifically target cloud-based applications.
A factor contributing to the vulnerability of cloud applications is the tendency of employees to download and use them without seeking official approval from their organization. The use of software or hardware by employees without the IT department’s knowledge or oversight is known as shadow IT.
The concealed nature of shadow IT creates a significant cybersecurity threat. Unlike sanctioned apps, those downloaded by employees bypass essential cyber protocols designed to safeguard an organization’s network. Making the issue worse is the fact that many of these unauthorized applications also lack robust security features, rendering them prime targets for cybercriminals.
As the use of cloud applications continues to surge, so does the prevalence of shadow IT – Gartner reports that 38 percent of technology purchases are now directed and controlled by business leaders rather than IT departments.
To improve cybersecurity and enhance compliance, businesses must invest in tools dedicated to managing third-party cloud-based applications and minimizing the risks associated with shadow IT.
Another risk comes from the adoption of remote and hybrid models. Increasingly, these models are being supplemented by ‘bring your own device’ (BYOD) policies. The BYOD approach allows employees to use personal devices for work purposes.
BYOD helps employees working outside the office remain flexible while also allowing them to use the technology they feel most comfortable with. Businesses also stand to benefit from reduced operating costs.
While BYOD holds some advantages, it also necessitates stringent compliance checks when devices connect to corporate networks. Unfortunately, the absence of proper oversight can lead to unsecured personal devices accessing business networks. Unregulated personal devices are another form of shadow IT and serve as an entry point for malicious actors seeking access to sensitive company data.
Given that remote and hybrid work, along with BYOD practices, will continue to be the norm in 2024 and beyond, businesses must make use of tools that facilitate these trends and reduce the risk of negative consequences.
In 2023, we saw substantial regulatory shifts in terms of cybersecurity incident reporting. For example, the Securities and Exchange Commission (SEC) in the United States now mandates publicly traded companies to provide prompt and detailed reports of incidents within four business days of discovery.
Looking ahead to 2024, we expect that government bodies will continue to implement measures calling for the swift and accurate disclosure of cybersecurity incidents. This escalation in transparency requirements places a greater responsibility on companies to enhance their threat-hunting capabilities and fortify their incident response plans.
The European Union (EU) is also ushering in a wave of new legislation. Among these regulations, the Network and Information Security Directive 2 (NIS-2) establishes measures for maintaining a high common level of cybersecurity, while the Digital Operational Resilience Act (DORA) is designed to address regulatory gaps in the European financial sector. Another significant addition is the Cyber Resilience Act, which states that products featuring digital elements (both software and hardware) are eligible for market release only if they meet essential cybersecurity requirements.
With these new regulations taking effect in the coming months, it is imperative for business leaders to proactively ensure that their enterprises are fully compliant. Given the escalating fines for data privacy violations and the looming threat of criminal liability, the implementation of stringent data governance and security practices is paramount.
From streamlining workflows to improving decision-making, AI is having a transformative impact on the way businesses operate. However, along with its enormous potential for advancement, AI also brings a range of significant risks.
The influence of AI on cybersecurity and compliance is a prime example of this duality. Currently, AI is being used by security providers to improve their defenses, while cybercriminals are also using it to exploit vulnerabilities more effectively.
AI tools bolster cybersecurity and compliance by enhancing threat detection and response capabilities. Using machine learning, these sophisticated algorithms can identify even the subtlest deviations from normal behavior, allowing them to predict potential threats with great accuracy.
On top of that, because AI cybersecurity tools gather and analyze real-time data, they allow companies to respond more swiftly to a potential breach. Response speed can have a huge impact on mitigating the damage of an attack.
AI tools are also able to automate routine cybersecurity tasks, including threat detection, incident response, and patch management. Task automation reduces human error and allows cybersecurity professionals to focus on the strategic aspects of cyber defense.
On the flip side, AI is also being used to launch more sophisticated attacks on businesses. Bad actors are increasingly using generative AI and large language models (LLM), such as ChatGPT, to scale attacks with unprecedented speed and complexity.
Not only are AI-driven attacks more efficient but they are also more difficult to detect. For example, ChatGPT is being used by hackers to write ‘polymorphic’ malware, a type of malware that can more easily avoid antivirus or antimalware software. At a more basic level, LLMs are also being used to generate more convincing and error-free text for phishing emails.
According to Deloitte, as more cybercriminals begin using AI, security organizations and CISOs may be challenged in 2024 by an influx of AI-enabled bad actors.
Looking ahead, the coming year will demand a focus on both leveraging the capabilities of AI for cybersecurity and preparing for the rise of more intricate AI-propelled threats. Embracing these challenges and opportunities will be crucial for safeguarding digital assets and remaining compliant.
In 2024, evolving regulations, rapid technological advancements, and heightened cybersecurity threats willl make compliance a challange for all businesses.
For those seeking to improve their compliance capabilities, a comprehensive IT Asset Management (ITAM) solution can help safeguard against cyber threats and ensure adherence to regulatory protocols.
For expert advice on implementing a comprehensive asset management and discovery solution, reach out to a member of our team.