Digital Transformation and Security - "Alexa, protect me!"
The damage caused by cybercrime worldwide is estimated at between USD 1.3 and 2 trillion, a sum equivalent to Spain’s gross domestic product. In order to fathom this huge amount, one needs to consider the sheer enormity of the Internet. Originally intended as a means of sharing information and linking computer networks, today it is a global communication platform.
In a world that is becoming “smarter” with each passing day, more and more services and processes that used to be performed physically are now being conducted via the Internet. Consequently, digital mobility is becoming an increasingly important part of our lives both at home and on the job: the number of appliances and normal activities reliant on the Internet is growing unabated. Estimates are that in five years’ time, the so-called “Internet of Things” will network more than 76 billion devices.
This is the fourth episode of our series «Digital transformation - The path to the future». The series draws on five drivers to explain how digitalisation is changing business models and how investors can benefit from this evolution. Find the introduction and the overview to the series here.
So it should come as no surprise that, without protection and the prudent handling of sensitive data, the open architecture of the global Internet makes it very easy for strangers to gain access and control over a device, data or entire IT systems. But if a device is protected, the intruder needs only some kind of key in order to get in, this in the form of so-called viruses or trojans. Alluring e-mails or banner ads on Internet pages serve as a common means for installing such malware: one click and the drama unfolds. Here, damage to or loss of control over the device is the lesser evil; the really serious consequences come from access blockers accompanied by ransom demands, the theft and misuse of passwords for bank or social media accounts, or, worse yet, attacks on the infrastructure of hospitals, power plants, refineries and the like.
Malware as a business model
The criminal backbone for these ransom demands and the blockage of IT systems is roughly comparable to an industrial value chain. And needless to say, the majority of attacks are aimed at pilfering financial assets. Hackers have discovered that cryptocurrencies are an ideal way to extort money without being recognised. According to the European Police Office (Europol), 4% of cybercrime is settled with Bitcoin. The US company Cisco estimates that this currently constitutes about half of all Bitcoin transactions and expects this figure to rise to 70% by 2021. The regulators are aware of that: In 2017, the BTC-e trading platform for cryptocurrencies was shut down on request by the US Justice Department. Approximately 3% of all Bitcoin trading took place on it. It turned out that some USD 4 billion of criminally obtained money was “laundered” i.e. legalised, via this platform.
The highly controversial “Dark Web” is an example of just how conspicuously the boundaries between the legal and illegal world have become blurred. Originally developed by the US military in 1990 to enable unrecognised communication via the Internet, the dark web uses data servers that are not connected to the "World Wide Web". Special platforms enable almost completely anonymous access. Thus it can be said that the Dark Web fulfils many of the premises for the successful realisation of “honest” digital transformation. Unfortunately, though, it was usurped quite quickly by criminal actors. In 2016, the scientists Daniel Moore and Thomas Rid examined more than 5,200 websites in the Dark Web and found that almost 30% were used for clearly criminal purposes. More recent studies estimate this proportion to be in excess of 50% today.
A digital cat-and-mouse game
That said, one could easily conclude that the shadow world knows how to make better use of the opportunities offered by digitalisation than many conventional industries do. And yet the world wants to become ever “smarter”. Digital data transmission is expanding at breakneck speed and the new 5G mobile phone standard will really put the pedal to the metal. Inasmuch as the ability to store data centrally via the Internet is a pivotal factor for digital business models, it becomes absolutely clear why the topic of cyber security is of utmost importance.
In terms of technology, artificial intelligence is being used increasingly by both sides of this issue. While the fraudsters seek out the chinks in the armour of the given IT system and thus the vulnerabilities, the combatant tries to anticipate a possible fraud by identifying certain behavioural patterns of the invader. Here, “false positives” and the related misleading reports are quite frequent and costly. However, many major high-tech companies already offer solutions to safeguard computer systems and data storage media. For instance, Hewlett Packard recently acquired “Bromium”, which provides a solution that protects each user application individually. This significantly reduces false alarms and, in an emergency, ensures that not the entire network but only individual applications fail.
Along with the surge in cybercrime, a new business field is opening up for the insurance industry. Companies can now insure themselves against digital fraud or online attacks, whereas the insurers first require that additional protective measures be taken. For example, Germany’s Allianz Group is cooperating with Cisco as well technology giant Apple. With its “Ransomware Defense”, Cisco offers protection for open operating systems, including Windows from Microsoft or Android from Google. The solution is part of an integrated portfolio of safety measures and includes enhanced e-mail security, internal and external network protection, as well as a functionality that detects infected websites. Apple takes a different route by offering a closed provider platform. Apple’s operating system is installed on its own devices and is accessible solely by qualified third parties, thus making it easier to protect. Apple not only ensures stronger protection for industrial digitalisation but also safeguards the data of private users.
The industrialisation of private data
In contrast to companies, private users are behind the curve when it comes to the protection of their data and identity. Many people have no qualms about their data being used by third parties. They consider their own movement profile and purchasing behaviour to be of relatively little importance, claiming that they usually ignore Internet advertising to the greatest extent. However, the hunt for much more sensitive information has already begun. Through its recent acquisition of fitness bracelet manufacturer Fitbit, Google has gained access not only to data on users’ pulse rate, sport activities and movement data, but also recordings of their sleep patterns dating back almost a decade. These people have no idea what Google intends to do with the data. Today, this datastream captures central areas of users’ life, and the evaluation and exploitation of the data are directly tied to the specific person. So you can imagine what happens when personal health-related data is manipulated by unauthorised third parties and in consequence improper medication is administered, or access to crucial medical treatments is prevented by criminal malware until ransom money has been paid. This type of heist can cost not only money, but lives. In the quest to counter such attacks, technological protection is just one part of the solution. More than anything else, the way personal data is dealt with needs to be rethought and adapted.
Digital transformation also means investing in digital security. This awareness is becoming increasingly widespread in the business world, whereas private users still pay little attention to the protection of their personal data. Providers of platforms like the one Apple has built are beginning to offer solutions and raise people’s awareness of the threats that exist in the digital domain. Thus the coming years will be increasingly marked by the discussion concerning the ownership and ultimate application of user data. In addition to regulatory measures and more conscientious users, technical solutions to protect digital identities will certainly play an important role in this regard.
Please ask your personal client advisor for more information
Responsible for this content
Bernd Hartmann, Head CIO Office
Harald Brandl, Senior Equity Strategist
Important legal information
This document was produced by VP Bank AG (hereinafter: the Bank) and distributed by the companies of VP Bank Group. This document does not constitute an offer or an invitation to buy or sell financial instruments. The recommendations, assessments and statements it contains represent the personal opinions of the VP Bank AG analyst concerned as at the publication date stated in the document and may be changed at any time without advance notice. This document is based on information derived from sources that are believed to be reliable. Although the utmost care has been taken in producing this document and the assessments it contains, no warranty or guarantee can be given that its contents are entirely accurate and complete. In particular, the information in this document may not include all relevant information regarding the financial instruments referred to herein or their issuers.
Additional important information on the risks associated with the financial instruments described in this document, on the characteristics of VP Bank Group, on the treatment of conflicts of interest in connection with these financial instruments and on the distribution of this document can be found at https://www.vpbank.com/Disclaimer_en.pdf