Our desire for flexibility and instant access creates huge complexity when it comes to securing traditional IT networks. For individual users and businesses alike, conducting appropriate cyber due diligence is the key to creating a secure environment – or as cyber consultant, Christina Ayiotis puts it: “Make sure you do what you need to do to protect your data.” While businesses can tap into companies like Open Systems and Trail of Bits to assist them in developing their monitoring and cybersecurity capabilities, Raffael Marty from Forcepoint argues that we also need to build “simple systems that are usable by non-security people.”
Therein lies the rub with the recent and ongoing proliferation of new technologies and related buzzwords, like IoT, blockchain and cryptocurrencies. IT security is a technical topic that challenges our attention span – think of how many Terms and Conditions emails you get where you just scroll down to the bottom and click “Accept”. The security issue is not going away – experts like Matthias Bossardt at KPMG’s Cyber Security and Technology Risk Consulting practice warn that there is more regulation to come. His advice for how to navigate and set up relevant IT security measures both at a personal and company level is to “keep it simple, and get the basics right:” identify what needs protecting, plan for breaches, and invest in early detection capabilities. The immediate effect of protecting your data and infrastructure will be to increase the level of trust in your own actions in the cyber sphere, as well as of the actors with whom you are engaging.
Here are 3 more ways to build trust in new technology:
1. Join the push for increased transparency and global governance: “It’s not just about technology, it’s about leadership and creating the kind of culture that values security,” says Daniel Dobrygowski, who works with the World Economic Forum’s Global Centre for Cybersecurity. Technological innovation happens without borders or regulatory constraints, and we often implement new technology without thinking of the governance implications. If this innovation is to lead to a globally better future, then we need better global digital security. Lawyer Norma Krayem from Holland & Knight’s Cybersecurity and Privacy Team agrees, “We build systems with flaws.” Trust, a difficult thing to achieve globally, requires that the different actors in this space – tech folks, business leaders and state actors – build alliances in order to create governance structures that promote security. Transformational change brings responsibility and we are seeing a race between global organizations to implement cyber frameworks and regulation. The actors who will be the fastest in putting in place solid international structures will have a distinct advantage and, for the moment, it looks like the European Union is taking a strong lead.
2. Use new technology as an enabler: At ETH Zurich, the Zurich Information Security and Privacy Centre (ZISC) aids in developing new spin-off companies that all use technology to build trust enabling a whole ecosystem. As Lorenz Breidenbach explains, “Getting security right is essential for building trust in tech. Trust is in turn essential for the wide adoption of new technologies and the emergence of ecosystems around them. That is why it is exciting to have many spin-offs created at ETH Zurich working on tech that can serve as secure and trustworthy building blocks of an increasingly digital world.”
3. If in doubt, talk to a specialist: As things stand, we rely heavily on cybersecurity experts and will continue to do so for the near future. “Algorithms are getting smarter, but the experts are smarter still,” says Raffael Marty. Experts safeguard the knowledge and inject it into the algorithms that monitor our cyber systems and look for hacks. We need to exploit expert knowledge until other solutions come along – such as those that may come with artificial intelligence. Until then, the complexity and technicity of the cyber world means that companies like Open Systems and Trail of Bits, and research centers like ZISC at ETH Zurich have a key role to play in both creating security-empowered networks and producing high-end security-related research.