2024 Futurecast: Cybersecurity, Privacy and AI

Cameron G. Shilling
Director, Litigation Department & Chair of Cybersecurity and Privacy Group
Published: Business NH Magazine
January 11, 2024

Cyber persists as a critical focus for businesses in 2024 and beyond. Three issues dominate. First, the global cyber-criminal enterprise grows ever more sophisticated. Businesses must rapidly adopt advanced safeguards to mitigate that risk. Second, expansive privacy laws increasingly impact organizations everywhere. Proactively complying with those laws promotes efficient and thoughtful solutions, compared to scrambling to do so in a fire drill. Finally, artificial intelligence (AI) will shift fundamental paradigms of society. Business leaders should embrace the opportunity to learn about this technology and start to strategize about how to capitalize on the power of AI to catapult their organizations into the future.

The cyber-criminal enterprise is opportunistic and lethal. Big business is no longer the only target, or even the primary one. Organizational efficiencies permit the criminal enterprise to focus on medium and small businesses, which possess valuable information and meaningful liquid assets, and are more vulnerable. Cyber-attacks to exfiltrate sensitive information generate healthy ransoms, particularly from organizations with cyber insurance. Similarly, gaps that persist in business email systems present abundant opportunities for funds transfer fraud.

The lethality of that enterprise emanates from its sophistication. Hackers engineer technology to defeat safeguards that, until recently, were advanced. For example, they now can extract from a computer the MFA token used to access email and server networks, requiring yet more advanced protections, like conditional access. Another example is fileless malware installed on laptops, which can be detected only by advanced AI-applications on those devices. Even an organization that believes it has strong defenses may find itself prone to sophisticated attacks, and businesses that have not yet seriously invested in advanced safeguards need to do so urgently.

While businesses are waist or neck deep in security issues, the privacy wave is cresting or, for many, has crashed already. Privacy laws exist in thirteen states and many prominent countries, including European Union members, United Kingdom, Canada, and China. Those laws apply cross-border to certain businesses that have personal information about residents of those jurisdictions. In addition, privacy bills are pending in many other state legislatures, including New Hampshire, which ultimately will create de facto national regulation.

Fortunately, achieving privacy maturity is quicker, cheaper, and less onerous than remediating security gaps. To do so, a business should follow three steps: (1) conduct an assessment to identify points-of-entry of personal information and ensure the use of that information complies with privacy laws; (2) draft an appropriate privacy policy, and deliver notice of it and, if needed, obtain consent from individuals about whom the business has personal information; and (3) implement a privacy rights request process and an internal management structure and procedure to fulfill such requests made by individuals. Proactively addressing privacy promotes a more efficient and effective result than doing so emergently, such as at the demand of customers, vendors, creditors, investors, or other constituents.

AI is not just useful to write a college essay. Businesses that believe AI is far from widespread application or inapplicable to them underestimate the power of the technology and speed of its implementation. AI already animates, or soon will be integral to, many systems that businesses use every day, such as ERP, accounting, CRM, and email systems. Maximizing the utility and profitability of AI in these applications requires an understanding of and aptitude with the technology. Additionally, AI presents exponential potential for every organization that analyzes or generates information as a part of its operations.

Now is the time for business leaders to make an early investment in AI, learn how the technology works, and encourage employees interested in AI to explore its possibilities. Form a group of champions to identify potential business applications for AI and start creating a plan and strategy to harness the technology. Just like computers and the Internet power commerce now, AI will do so in the near future.