Grappling with Ethics and Changing Societal Focus. In this second installment of our Framing the Industries series, we are focusing on the topic of cybersecurity which has far-reaching effects on large and small tech players as well as an important ethical impact on our society.
“To what extent should one trust a statement that a program is free of Trojan horses?” asked Ken Thompson in his 1983 Turing Award acceptance lecture entitled Reflections on Trusting Trust. In reference to the tale about the subterfuge of the Trojan War, whereby soldiers hid in a wooden horse to enter the city of Troy, Thompson’s speech popularised the term Trojan in computing to describe malicious computer programs which mislead users of their true intent.
Think back a few years, when cyberattacks on Ukraine showed the IT world that the horses of today have capabilities of a different magnitude. On 27 June 2017, the malware entitled NotPetya spread in true snowball fashion: from Ukrainian banks to laptops of the major pharmaceutical company Merck, all the way to the servers of the world’s largest shipping container company, Moller-Maersk Group.
The malware paralyzed entire operational process and supply chains, shutting down SMEs, conglomerates and banks alike. It is estimated that the total damages added up to $10 billion as reported in a sobering story by Wired.
The debate on cybersecurity is more present than ever. During a speech at the 2018 International Conference of Data Protection and Privacy Commissioners, Apple CEO Tim Cook emphasized that modern technology has created a “data-industrial complex,” in which stockpiles of data need to be protected and kept secure.
Defining Cybersecurity and Forecasting the Industry
The meaning of cybersecurity is ambiguous and varies across sectors. However, in a review of authoritative definitions, Schatz, Bashroush and Wall (2017) define cybersecurity as “the approach and actions associated with security risk management processes followed by organizations and states to protect confidentiality, integrity and availability of data and assets used in cyberspace”. Specifically, “the concept includes guidelines, policies and collections of safeguards, technologies, tools and training to provide the best protection for the state of the cyber environment and its users”.
To get an overview of the segments of the cyber industry, see the table compiled by PwC, on the basis of a research conducted by Gartner:
As more and more businesses aim to secure their network from malicious attacks such as the NotPetya malware that cost billions in collateral, the cybersecurity industry is growing in numbers. Gartner provides a data set forecasting worldwide security spending by segment, on the basis of which the following graph demonstrates the growth of the industry:
Gartner estimates that worldwide spending on security will reach up to $124 billion–a number expected to grow as our economic activity becomes increasingly digitized and interconnected. Furthermore, the forecast provided by Gartner sheds light on a number of key trends affecting future cybersecurity spending including:
At least 30% of organizations will spend money on GDPR-related consulting and implementation services through 2019
For more than 40% of organizations, risk management and privacy concerns within digital transformation initiatives will drive additional security service spending through 2020
Services (subscription and managed) will represent at least 50% of security software delivery by 2020.
A Matter of Ethics: Stoicism Applied to Cybersecurity
The NotPetya “malware fiasco uniquely demonstrates the danger that cyberwar now poses to the infrastructure of the modern world,” writes Andy Greenberg for Wired. Our dependency on digital soft- and hardware opens up a certain vulnerability to which we have yet to find a safety mechanism and defensive strategy.
The increased number of connected devices along with the advantages of automation, change the world economy system to become digitized. Already today, we are in a world where data is the new gold. In return, companies aim to defend themselves against an ‘invisible’ threat to protect and secure that data. However, up until now the strategy is to invest in ‘protections’ sold by companies who cannot guarantee full security. To capable hackers, such preventive measures are as porous as Swiss cheese - the NotPetya affair being just one example amongst other successful intrusions.
Instead of funneling capital into a preventive rather than defensive stratagem–as a society and economy – we have reached a tipping point in which corporations need to fundamentally rethink the concept of cybersecurity. Cyber criminals end up defining the game while we are just playing it: we react and create solutions based on their rules, conditions and abilities.
Sometimes when we are faced with a massive societal challenge, it helps to refer back to other times and schools of thought. In the school of Hellenistic philosophy, stoicism teaches the following principle: in every situation a number of things are in one’s control while others are out of one's control. The question to ask is what is in your control?
Applying the concepts of Stoic philosophy to cybersecurity would suggest the following: change the focus to what you can control instead of what cyber-criminals control and you will be more in command of the game of cybersecurity. Based on logic, by controlling the attack and the outcome, one can better protect a business.
Security by Design: Developing a Cybersecurity Strategy
Security and risk management is critical to any digital business initiative. Indeed, while advancing in an economy that is increasingly digitized and automated, security remains a prevailing topic for companies looking to become more competitive and drive growth for their business.
Returning to Ken Thomspon’s 1983 Turing Award acceptance lecture: while being doubtful of the security of software, he adds that “perhaps it is more important to trust the people who wrote the software.”
At Next Big Thing AG (NBT), we are laser-focused on the intersection of IoT, blockchain, and security. The ethics of cybersecurity are a driver that led NBT to incorporate security as one of our foundational pillars along with democratization in price, zero configuration and emotions technology evokes. Jasmin Skenderi, CTO of Next Big Thing AG explains further;