Emerging technologies like blockchain and AI should be seen as an opportunity and a threat, according to Professor Lisa Short, director and co-founder of Hephaestus Collective, whose rousing opening keynote addressed attendees of Infosecurity Magazine's Autumn Online Summit - EMEA 2021.
Short began by describing the vast digital shift that has taken place in recent years, noting that advancements in technology mean “revolutions” are now occurring in less than a generation. For example, the development of technologies like AI, blockchain and IoT has meant that in the past two years, tech changes that previously would have taken seven years are now being achieved in just six months.
She also provided some startling statistics around the rate of information being created and published since the advent of social media and user-generated content. Short observed that from the beginning of recorded history to 2003, the entire written works of humanity amounted to five exabytes of data. Since 2003, this same amount of data has been created every two days on average.
These trends provide enormous benefits — as highlighted by the ability to shift to remote working during the COVID-19 pandemic. However, there are reasons for concern. Technologies such as GPT-3 are now capable of recording our habits and knowledge “and influence our thoughts,” making the digital world very “pervasive.” Currently, over half the world’s population are internet users, and this is quickly growing.
Short added it is estimated that by 2023, 70% of all enterprise workloads will be in the cloud, meaning there will be a “lot of material going into a pervasive digital space that is in fact not our computer, it’s on somebody else’s.”
This rapid digitization increases the risk of data breaches. The cost is predicted to surpass $6tn in 2021 and $10.5tn in 2025. Short pointed out this cost, which is just one aspect of infosecurity, is higher than every natural disaster globally in a year and is “considered a bigger threat to humanity than nuclear weapons of mass destruction.” The entire sector spend on cybersecurity, including ransomware costs, is believed to have reached $1tn per annum.
She highlighted that many security experts cite the pace of technology adoption as a significant contributing factor to the increasingly dangerous cyber-threat landscape. This view is because “many of the latest tech-powered business strategies — such as storing massive amounts of data — introduce exponentially more risk.”
Short, therefore, believes a mindset shift is needed, which views advanced technologies as an opportunity to enhance safety and trust online rather than a threat. As Short put it, “invest more in what we have to gain than what we spend to lose.”
"Invest more in what we have to gain than what we spend to lose"
This investment must aim to enhance digital trust, most notably by “prioritizing education of people and establishing a culture within businesses and the economy about digital health and trust being a way of life rather than a choice.”
Blockchain and other emergent technologies can help provide governance and assurance over the digital world, if used properly, according to Short. The key to this is fully understanding these technologies and their underlying philosophy. Short emphasized this does not necessarily mean knowledge of the technicalities, such as coding, but rather what it is, how it works and why it helps. These fall into four philosophical concepts:
- Ontology — what is it
- Epistemology — what is it helping us know and understand
- Axiology — how is it changing behavior
- Methodology — strategy and justification of deployment
Short said, according to estimates, achieving this understanding is critical, as blockchain technology can boost global GDP by $1.76tn over the next ten years. Additionally, if just 1% of SMEs adopt, deploy, and understand this technology, this could offer a further boost of $1.42tn. This requires an “inward-facing look at our own self, our businesses and the economy,” which is something organizations typically fail to do, handing over responsibility for areas like cybersecurity to others.
Unfortunately, there is currently a severe lack of knowledge of blockchain across society and the economy; Short said less than 3% of academics, government decision-makers, and board members and leaders have any science and tech expertise, and less than that with knowledge of blockchain. This lack of insights leads to poor outcomes. One example she gave was the UK Financial Conduct Authority banning crypto derivatives and exchange-traded notes to retail investors, which led to these funds simply being taken out of the UK economy.
There is also a significant lack of knowledge of the cybersecurity industry, which contributes to false information and social engineering being spread around blockchain.
Short pointed out that “the front door keys to the digital world are digital identity,” and blockchain offers “amazing potential” in this respect, especially regarding its encryption and evidentiary capabilities. For example, blockchain-enabled a digital trail to be followed to help recover 80% of the funds paid to the DarkSide ransomware gang following the attack on Colonial Pipeline earlier this year.
Other opportunities technologies like blockchain and IoT offer include turning non-performing assets into corporate intelligence and sharing assets without moving data around. “We can cyber-harden the resilience and go straight to the core by making sure we anchor to blockchain and cryptographically encode data,” thereby preventing malicious actors from accessing the data in the first place. Short added: “These technologies have profound abilities to value create and protect assets rather than stopping people getting into the business.”
Short concluded by stating it is the responsibility of the cyber industry to keep up with the pace of technology development and not fear it, thereby providing accurate information over its potential. “It is up to us as an industry to ensure that we give the correct information, that we do bust those myths. If we don’t understand, we seek an understanding,” she outlined.