The digital landscape is evolving rapidly, presenting security leaders with unprecedented challenges. As threats increase in volume and complexity, exacerbated by geopolitical tensions and cyber warfare, a proactive and strategic approach to anticipate and mitigate potential attacks is crucial.
At the same time, the regulatory environment is expanding in response to these growing threats. Initiatives like the Cyber Resilience Act, Network and Information Security 2 (NIS2) Directive and the Digital Operational Resilience Act (DORA) are pushing organisations to meet higher security standards. However, the complexity of these regulations makes compliance a significant challenge.
Evolving threats and the need for protection
The current threat landscape, coupled with new regulatory measures, underscores the need for robust data protection strategies. Emerging technologies such as quantum computing further heighten the urgency. Although still in its experimental stages, advancements like Google’s Willow chip highlight quantum’s potential to render traditional encryption obsolete. This makes the adoption of quantum-resilient security measures essential for protecting sensitive data against future vulnerabilities.
Data privacy and security should be approached with the same mindset as insurance policies. Both protect against potential risks before they occur. Just as insurance mitigates financial loss in unforeseen events, data privacy measures defend against breaches, misuse, and cyber risks. The objective is not just reacting to incidents after they occur but ensuring safeguards are in place to minimise impact and maintain control over how data is used.
Embracing Privacy Enhancing Technologies (PETs) to remain compliant
The Digital Operational Resilience Act (DORA), which came into effect this month, was introduced to formalise and strengthen the EU’s financial services sector and ensure a unified approach to managing ICT risks. Although cyber security technologies have advanced considerably over recent years, so too have the volume and sophistication of cyber attacks. The traditional security measures that financial institutions have deployed are no longer sufficient to protect and mitigate against these attacks.
Traditionally, cyber security measures have focused on protecting data at rest or in transit. However, DORA emphasises the importance of securing data in use – when sensitive information is actively processed, such as customer data in banking systems. Current solutions, no matter the budget that has been spent, are not entirely bullet proof and that’s why the adoption of emerging privacy-enhancing technologies (PETs) should always be under consideration. PETs are at varying levels of maturity, with some requiring significantly more technical expertise than others to integrate with existing operational systems.
One such example is Fully Homomorphic Encryption (FHE) – a technology that enables secure computing with always-encrypted data – that can be used alongside PETs like federated learning or differential privacy, to enhance the protection of data in use. FHE allows encrypted data to be processed without decryption – which means that even if a breach of data were to occur, the value of the compromised data is severely limited in value to an attacker.
If deployed in silos, PETs will not be silver bullet solutions to rising threats and ever-changing regulations. However, security leaders can deploy a combination of these emerging technologies.
The path ahead
Security leaders can best navigate the multitude of new national and multinational regulations by adopting a proactive and adaptive approach to both compliance and protection. This involves integrating advanced privacy-enhancing technologies into their security frameworks to address evolving threats and meet regulatory requirements. Collaboration with regulators, peers, and technology providers is also crucial to align strategies with emerging standards and best practices.
Adopting next-generation security technologies and compliance measures is still in its early stages, but the direction is clear. As organisations face an increasingly interconnected and volatile landscape, adopting methods to secure data and systems is becoming an operational necessity. Anticipating threats, embracing innovation, and fostering collaboration will empower organisations to remain compliant, resilient, and ahead of the curve in an unpredictable world.
Dr Nick New is CEO at Optalysys,
With a PhD in Optical Pattern Recognition from Cambridge, Nick has a strong foundation in optical technology. At Optalysys, he is pioneering advancements in silicon photonics and FHE.