As of 19 January 2024, the US is poised to implement a ban on the popular social media platform TikTok. Unless a significant legal intervention occurs, this move is likely to go ahead, potentially marking the start of a profound shift in the digital landscape. While the ban may cause inconvenience for individual users, the cybersecurity implications for organisations could be far more significant.
At present, many unanswered questions remain about how the ban will be implemented, as there is no precedent for the US government blocking a major social media platform. Much of the enforcement strategy is still unclear, leaving organisations uncertain about its potential impact.
For CISOs, this uncertainty raises critical concerns about the broader cybersecurity landscape. These include implications for data privacy, increased supply chain risks, and evolving geopolitical challenges, all of which require careful consideration and strategic planning
Although the TikTok ban is unlikely to affect a business-critical application, it does highlight considerations for other critical applications that may face a similar ban in the future. As recently exemplified by the EU’s DORA, which comes into effect on 17 January 2024, there is an increasing need for CISOs to not only focus on their organisation’s cybersecurity but also on the resilience of their external partners, particularly when dealing with foreign-owned technologies.
The US TikTok ban is not an isolated incident. Austrian advocacy group Noyb recently named Chinese-owned companies, TikTok, Shein, Xiaomi, WeChat and Aliexpress in a privacy complaint, accusing them of unlawfully sending EU user data to China. These actions against improper handling of data serve as timely reminders that supplier risk is no longer confined to traditional IT services. It now encompasses complex geopolitical and data privacy that can have far-reaching consequences.
As the TikTok ban date approaches, here are some key areas CISOs should focus on to safeguard their organisations:
Organisations should adopt a proactive approach to reviewing and updating data storage, transfer, and access practices. This is an opportunity to develop and strengthen data governance frameworks, ensuring they address the risks of partnering with foreign-owned third-party vendors, who may not be subject to the same stringent standards. Strengthening governance is critical to ensuring compliance with evolving security standards and mitigating potential threats.
It’s essential for CISOs to evaluate their technology ecosystem and conduct comprehensive vendor risk assessments. Organisations should create strategies to manage supply chain risks, ensuring their digital infrastructure remains resilient to geopolitical shifts and sudden regulatory changes. A proactive approach, including diversifying technology partners, can help organisations better mitigate emerging threats. An additional benefit of vendor diversity is that it reduces the risk of a single issue impacting all systems, thereby ensuring greater resilience.
Considering the rapidly changing global political climate and evolving cybersecurity regulations, CISOs must review and update their incident response strategies. This will ensure adequate action can be taken when threats materialise and organisations need to react. Given the growing scrutiny of foreign technology in critical national infrastructure, organisations must bolster their security posture to prepare for regulatory changes.
Although the future remains uncertain, the TikTok ban may signal a broader geopolitical shift, potentially accelerating the decoupling of technology ecosystems, as observed between the US and China. Developments like these could disrupt existing technology partnerships and raise costs for organisations, particularly those dependent on foreign technology. CISOs must stay informed about these geopolitical changes and adapt their technology strategies accordingly. Understanding the potential impact on supply chains will enable organisations to better prepare for a more fragmented technology landscape.
Educating senior leadership on the strategic importance of cybersecurity and the potential risks posed by these developments will help ensure cybersecurity remains a strategic priority, safeguarding both current operations and long-term growth.
Adarma provides customised cybersecurity solutions to assist businesses in achieving future-ready cyber resilience. We protect organisations in the FTSE 350, including those in CNI and other regulated sectors. We offer effective threat detection and incident response, acting as an extension of your team to enhance your security posture and optimise your security investments for maximum risk reduction.
Our approach enables organisations to decrease cyber risks by implementing effective threat intelligence, exposure management, and detection and response capabilities. We offer tailored threat intelligence, technological solutions, and strategic consultations catering to our customers’ specific security requirements and business goals. Our expertise guarantees a balanced approach between security and operational efficiency, safeguarding our customers’ most crucial infrastructure and data.
If you would like to learn more about how Adarma can support your organisation’s cyber resilience, please get in touch with us at hello@adarma.com.
To hear more from us, check out the latest issue of ‘Cyber Insiders,’ our c-suite publication that explores the state of the threat landscape, emerging cyber threats, and most effective cybersecurity best practices.
You can also listen to our new podcast, which explores what it’s really like to work in cybersecurity in today’s threat landscape.
Stay updated with the latest threat insights from Adarma by following us on X and LinkedIn.
![adarma_logo_twgt-black[11615449]](https://adarma.com/wp-content/uploads/2022/10/adarma_logo_twgt-black11615449.png){kind=logo}
