26th April, 2023 • 7A Odenplan, Stockholm, Sweden
Securing future tech
Crypto, quantum, DLT, AR/VR and the Metaverse. And what about web3?
Securing new technology, running the old
The next 20 years will be an increasingly asymmetric fight between a powerful, sophisticated and well-resourced set of attackers, and the rest of us. We now live in a hybrid world, in which our digital lives, at work and at home, are as significant as the physical, and in which we require as much protection and regulation as in the physical world.
That may sound an exaggeration, but is it? JP Morgan has opened a lounge in the popular blockchain-based world, Decentraland with a suite of permissioned Ethereum-based services. CaixaBank is running advanced POCs in quantum banking.
Investing in crypto and NFTs is now routine for everyday citizens, despite recent crashes, and so is exposure to the cybersecurity issues: In the biggest heist of 2022, over half a billion dollars worth of ether and USD coin was stolen from the Ronin Network, a blockchain that supports the non-fungible-token-based video game Axie Infinity. According to Ronin, the attackers were able to hack nodes, the computers that process network transactions. The activity went unnoticed until a user was unable to withdraw funds and filed a report. The U.S. Treasury Department later linked the heist to North Korean state-backed hacking collective Lazarus Group. This was just one of many large hacks.
As truly pervasive new technologies develop – web3 and DLT, AI and automation, and quantum computing to name just three – creating a safe digital space in which we can work, transact, and communicate securely, and which delivers critical components of public services, will require a completely different level of commitment to cybersecurity than that shown in the previous 20. And governments may need to take the lead to solve the most intractable problems of nation-state activity and dependency on unregulated BigTech monopolies.
That commitment to cybersecurity will not just be driven by technology change. Strategic cybersecurity planning is already becoming a key part of reducing your organizations’ potential for negative societal impact: cybersecurity is now part of ESG compliance.
And global regulators are increasingly interested in cybersecurity itself and not just data privacy. Just recently, the U.S. Securities and Exchange Commission (SEC) signalled a significant change in how it thinks about what constitutes a threat to companies: It now considers cyber vulnerabilities to be an existential business risk. Increased fines signal a major shift, and one that could profoundly change the way companies think about cybersecurity threats, communicate internally about these threats, and disclose breaches.