World Reimagined

World Reimagined: A Different Perspective on How to Handle Threats to Data Privacy

Abstract rendering of cybersecurity and technology
Credit: NicoElNino - stock.adobe.com

For most of us, our lives are increasingly shifting towards the digital world, making our financial security and privacy vulnerable to bad actors from all over the world. Threats to data privacy are also getting more and more sophisticated and creative.

Just this past week, a new flaw was found on Apple’s (AAPL) iMessage application by The Citizen Lab, the University of Toronto’s cybersecurity research center. This vulnerability made it possible for a mobile phone to be infected by spyware simply by receiving a text. Yes, just by receiving a text, not clicking, not responding, not forwarding, and not even looking at it suspiciously. Just by receiving a text, a spyware could have been loaded onto your phone.

Apple has had to patch 15 such “zero-click exploits” this year alone, but they are certainly not alone. Google (GOOG) recently announced its plans to spend over $10 billion in the next five years to strengthen cybersecurity and Microsoft (MSFTpromised to invest $20 billion to create a better suite of cybersecurity tools. Cybersecurity Ventures estimates that in 2021, cybercrimes will result in around $6 trillion in damages, with that figure expected to reach $10.5 trillion by 2025.

Bad actors keep coming up with increasingly novel ways to gain access, and in response, cybersecurity firms are continuing to build bigger and stronger virtual walls around data. The problem remains, though, that once inside a company, access to sensitive data is often easy to obtain and that sensitive data tends to exist in more than one place, making security even more challenging. This is what gives these nefarious actors so many opportunities. They just need one person to have a moment of inattention.

The type of data available is also getting increasingly personal. Earlier this month, the national identity card and vaccine certificate details of Indonesia’s President Joko Widodo were leaked online. It seems that no matter what the good guys do, they can’t identify, let alone protect all the vulnerabilities in the digital universe. Perhaps then, the solution is not in building bigger and stronger cyber walls but to look at the problem from a different angle.

We recently spoke with Brett Shockley, CEO of the privately held Journey, on global challenges in cybersecurity and privacy, and how his company is looking at these issues in a unique way.

Brett said that the internet was missing two key layers: a transaction/financial layer and an identity layer. The work being done in crypto and digital currencies is addressing the first omission, but the identity layer continues to be costly for both businesses and individuals. In the physical world, identity verification is challenging enough. Brett gave us a great example. A young woman needs to present her ID to a bouncer at a nightclub to verify her age. That bouncer only needs to know if she is old enough. That is a simple binary piece of information, yes or no. He does not need to know her actual birthdate. He does not need to know her home address, which is provided right there next to her date of birth, and the fact that she needs corrective lenses. If this bouncer is one of the bad guys, he now has a whole lot of sensitive information about her that he should not have.

Identity verification in the digital world is even more complex and potentially dangerous. Here are just a few examples.

Setting up a new financial account online often involves giving an individual all kinds of personal information over the phone, which they often repeat out loud, and could, for all you know, be writing down for their personal use. Not only is your data in peril from the person on the other end, but also from anyone listening to them or to you. Much like the bouncer in the earlier example, most of the information that this person needs consists of simply a yes or no. Yes, you are the person you claim to be. Yes, that is your correct home address and so on.

One of our colleagues recently needed to use a notary in one country while she was in another, so a digital notary was employed. The process involved emailing images of a driver’s license to a notary who was working from home. The list of vulnerabilities in this process is a bit too nerve-wracking to even contemplate.

For employers, the explosion in work-from-home has introduced even more challenges. How can the employer know that the person they interview via Zoom (ZM) is the same person they’ve done the background check on and is now the same person doing the remote work from hour to hour.

All of this comes down to the question of digital identity verification. Various countries are putting in efforts to resolve this missing layer of the digital world, ranging from India’s Aadhaar to the European Union’s Digital ID, and while helpful, those don’t resolve many of the aforementioned issues, such as ensuring that the person hired to do the job is actually doing it. 

This brings us back to Brett and secure identification. Imagine opening a financial account without ever giving Carol at the call center any of your personal identification directly. Imagine Carol literally having nothing but your first name. The rest of the information is provided through your mobile phone or browser using encryption technology and, as Journey puts it, a “Zero-Knowledge” network, which means that Carol has zero access to any sensitive information. All she knows is that yes, Bob is verified to be Bob (through facial recognition) and lives at that address and has that social security number, but Carol doesn’t know Bob’s last name, his exactly address, nor his social security number. Imagine the massive reduction in cyber threats such a network would provide. Journey has not only imagined it, but they’ve also solved how and are partnering with companies such as Avaya (AVYA) and others to deliver such solutions.

As for the questions: Is the Carol that is working for that call center from her home the same Carol that was interviewed over Zoom? And is Carol the one and only person continually looking at her screen while working and not farming out that job to others? Journey can answer that question regularly and unobtrusively without violating Carol’s privacy. 

The bottom line is data needs to be viewed as not just an asset but also as a liability, and the management of that liability needs to be intrinsic in every business process rather than the all-too fallible cybersecurity moat around the entire company. Companies need to carefully think through what customer data they actually need on hand and what kind of information they want to train their customers to provide. Companies like Journey are building the vital identity layer that we need to support the exponential growth in data with the proliferation of 5G and beyond, ubiquitous sensors, AR/VR and autonomous devices.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Lenore Elle Hawkins

Lenore Elle Hawkins has, for over a decade, served as a founding partner of Calit Advisors, a boutique advisory firm specializing in mergers and acquisitions, private capital raise, and corporate finance with offices in Italy, Ireland, and California. She has previously served as the Chief Macro Strategist for Tematica Research, which primarily develops indices for Exchange Traded Products, co-authored the book Cocktail Investing, and is a regular guest on a variety of national and international investing-oriented television programs. She holds a degree in Mathematics and Economics from Claremont McKenna College, an MBA in Finance from the Anderson School at UCLA and is a member of the Mont Pelerin Society.

Read Lenore's Bio

Chris Versace

Christopher (Chris) Versace is the Chief Investment Officer and thematic strategist at Tematica Research. The proprietary thematic investing framework that he’s developed over the last decade leverages changing economic, demographic, psychographic and technology landscapes to identify pronounced, multi-year structural changes. This framework sits at the heart of Tematica’s investment themes and indices and builds on his more than 25 years analyzing industries, companies and their business models as well as financial statements. Versace is the co-author of “Cocktail Investing: Distilling Everyday Noise into Clear Investing Signals” and hosts the Thematic Signals podcast. He is also an Assistant Professor at NJCU School of Business, where he developed the NJCU New Jersey 50 Index.

Read Chris' Bio

Mark Abssy

Mark Abssy is Head of Indexing at Tematica Research focused on index and Exchange Traded Product development. He has product development and management experience with Indexes, ETFs, ETNs, Mutual Funds and listed derivatives. In his 25 year career he has held product development and management positions at NYSE|ICE, ISE ETF Ventures, Morgan Stanley, Fidelity Investments and Loomis Sayles. He received a BSBA from Northeastern University with a focus in Finance and International Business.

Read Mark's Bio