1 00:00:05,940 --> 00:00:08,939 Speaker 1: Welcome to Kobe Time, a podcast series on Markets and 2 00:00:08,949 --> 00:00:12,090 Speaker 1: Economies from DVS Group Research. I'm Pam Rebek, chief economist, 3 00:00:12,260 --> 00:00:17,709 Speaker 1: welcoming you to our 123rd episode. Today's episode is a 4 00:00:17,719 --> 00:00:19,719 Speaker 1: function of popular demand. 5 00:00:20,090 --> 00:00:24,260 Speaker 1: Uh whether at work or at home concerns on cybersecurity 6 00:00:24,270 --> 00:00:27,879 Speaker 1: are on the rise and elevated to say the least. 7 00:00:28,079 --> 00:00:31,299 Speaker 1: Uh Here in Singapore stories on cyber scams, ransomware are 8 00:00:31,309 --> 00:00:35,099 Speaker 1: rife and perhaps they are an underestimate given that many 9 00:00:35,110 --> 00:00:36,549 Speaker 1: of such crimes go under reported. 10 00:00:36,889 --> 00:00:39,799 Speaker 1: Uh and there is cyber threat at the corporate and 11 00:00:39,810 --> 00:00:42,950 Speaker 1: government levels, which is a whole different ball game. So 12 00:00:42,959 --> 00:00:45,419 Speaker 1: let's talk about all this with an expert. I'm really 13 00:00:45,430 --> 00:00:48,849 Speaker 1: pleased to have Nicholas re from control risk with me. 14 00:00:48,860 --> 00:00:52,439 Speaker 1: He's a partner there uh with control risk, digital risks, 15 00:00:52,450 --> 00:00:57,069 Speaker 1: America's and global threat intelligence practices. Nicholas specializes in the 16 00:00:57,080 --> 00:01:00,200 Speaker 1: provision of threat intelligence to public and private sector organizations 17 00:01:00,240 --> 00:01:03,349 Speaker 1: as well as leading and delivering complex threat intelligence and 18 00:01:03,360 --> 00:01:04,309 Speaker 1: security projects. 19 00:01:04,790 --> 00:01:10,010 Speaker 1: Nick regularly advises fortune 100 executives on digital transformation, cybersecurity, 20 00:01:10,019 --> 00:01:13,789 Speaker 1: emerging tech risks and threat intelligence matters. Nick Race. Welcome 21 00:01:13,800 --> 00:01:14,720 Speaker 1: to Kobe Time. Thank 22 00:01:14,730 --> 00:01:16,260 Speaker 2: you very much. It's a pleasure to be here. 23 00:01:16,269 --> 00:01:16,510 Speaker 1: You 24 00:01:16,519 --> 00:01:19,029 Speaker 1: just happen to be in Singapore. That's happen to want 25 00:01:19,040 --> 00:01:20,940 Speaker 1: to do this thing. So, I'm really grateful that you 26 00:01:20,949 --> 00:01:21,709 Speaker 1: could make the time. Yeah. No. 27 00:01:21,720 --> 00:01:24,099 Speaker 2: And I really appreciate the invite. I know the firm 28 00:01:24,110 --> 00:01:26,459 Speaker 2: has been a long listener to the podcast and there's 29 00:01:26,470 --> 00:01:28,769 Speaker 2: been lots of people that have been very excited about this. 30 00:01:28,779 --> 00:01:30,470 Speaker 2: So I'm glad to meet you and glad to be 31 00:01:30,480 --> 00:01:30,970 Speaker 2: in Singapore. 32 00:01:30,980 --> 00:01:31,769 Speaker 1: Fantastic. 33 00:01:32,089 --> 00:01:35,819 Speaker 1: Nick. Maybe we can start by going over the three 34 00:01:35,830 --> 00:01:40,269 Speaker 1: kinds of cyber threats, you know, the state sponsored ransomware 35 00:01:40,279 --> 00:01:42,849 Speaker 1: and the whole idealistic quote unquote activism 36 00:01:42,860 --> 00:01:43,339 Speaker 1: stuff. 37 00:01:43,349 --> 00:01:45,639 Speaker 2: Yes, I think that's a good place to start. And 38 00:01:45,650 --> 00:01:47,389 Speaker 2: for a lot of listeners, I'm sure this is going 39 00:01:47,400 --> 00:01:50,360 Speaker 2: to be something they're relatively familiar with because it's been, 40 00:01:50,500 --> 00:01:52,930 Speaker 2: you know, over the past decade, something that's now made 41 00:01:52,940 --> 00:01:56,080 Speaker 2: the mainstream news media. We're starting to hear about these 42 00:01:56,089 --> 00:01:57,790 Speaker 2: things and we can talk about the 43 00:01:57,903 --> 00:02:01,024 Speaker 2: political aspects, we can talk about the financial aspects. But 44 00:02:01,033 --> 00:02:04,783 Speaker 2: when we think about threat actors, we usually classify them 45 00:02:04,793 --> 00:02:07,583 Speaker 2: in those three categories. So at the very, very top 46 00:02:07,594 --> 00:02:11,934 Speaker 2: of capabilities and sophistication usually linked to states, whether military 47 00:02:11,944 --> 00:02:17,164 Speaker 2: or civilians, we have those intelligence units, those apts as 48 00:02:17,173 --> 00:02:20,373 Speaker 2: they're often called advanced persistent threat groups that are very, 49 00:02:20,383 --> 00:02:23,464 Speaker 2: very highly resourced and that usually will work on the 50 00:02:23,473 --> 00:02:23,634 Speaker 2: back 51 00:02:24,018 --> 00:02:27,127 Speaker 2: or at the behest of a government, they will do 52 00:02:27,138 --> 00:02:31,968 Speaker 2: things like large scale espionage operations, disruptions linked to conflict. 53 00:02:31,977 --> 00:02:34,367 Speaker 2: And that's certainly something that we're looking at more and 54 00:02:34,377 --> 00:02:38,507 Speaker 2: more as we come into this geopolitical arena in 2024 55 00:02:38,518 --> 00:02:41,566 Speaker 2: that's going to be very challenging for businesses. And we 56 00:02:41,578 --> 00:02:44,566 Speaker 2: also see some of these groups leverage these capabilities for 57 00:02:44,578 --> 00:02:47,427 Speaker 2: financial gains. And that's something that in the banking industry, 58 00:02:47,438 --> 00:02:49,447 Speaker 2: we've talked for a long time about no 59 00:02:49,591 --> 00:02:54,090 Speaker 2: Korea very famously has deployed state level capabilities to target 60 00:02:54,102 --> 00:02:58,131 Speaker 2: financial institutions and the financial ecosystem as a whole. But 61 00:02:58,141 --> 00:03:02,472 Speaker 2: that's the broad family of sort of nation state level operations. 62 00:03:02,481 --> 00:03:05,792 Speaker 2: And then we have next to this is organized criminality 63 00:03:05,802 --> 00:03:09,891 Speaker 2: and sometimes heavily disorganized criminality because it's not just very, 64 00:03:09,901 --> 00:03:12,932 Speaker 2: very well resourced and capable groups. It's also at times, 65 00:03:13,272 --> 00:03:15,332 Speaker 2: people who just want to make a quick buck 66 00:03:15,436 --> 00:03:18,796 Speaker 2: and who have discovered that cyber is a great way 67 00:03:18,805 --> 00:03:21,636 Speaker 2: to do this. It's a very low risk operation. You 68 00:03:21,645 --> 00:03:25,076 Speaker 2: rarely get arrested on the streets for doing a cyber crime. 69 00:03:25,085 --> 00:03:28,655 Speaker 2: And certainly that's both a function of law enforcement resources 70 00:03:28,666 --> 00:03:32,175 Speaker 2: and the multi jurisdictional and transnational nature of the risk 71 00:03:32,186 --> 00:03:35,906 Speaker 2: for organizations. But it's also because of the ease of 72 00:03:35,916 --> 00:03:38,936 Speaker 2: anonymisation online. And that's been a big trend over the 73 00:03:38,945 --> 00:03:41,175 Speaker 2: past few years. You know, Cryptocurrency 74 00:03:41,279 --> 00:03:44,369 Speaker 2: have helped a lot in the space. But more broadly, 75 00:03:44,380 --> 00:03:48,339 Speaker 2: we've seen these criminal groups of various degrees of sophistication 76 00:03:48,350 --> 00:03:51,729 Speaker 2: share one thing in common. They're motivated by financial gain. 77 00:03:51,839 --> 00:03:55,339 Speaker 2: So whether we're talking about ransomware extortion, the ability to 78 00:03:55,350 --> 00:03:59,119 Speaker 2: encrypt lock systems and data and extort money or data 79 00:03:59,130 --> 00:04:03,410 Speaker 2: breaches which often are accompanied by extortion. We are looking 80 00:04:03,419 --> 00:04:06,460 Speaker 2: at financially motivated groups and then at the bottom of 81 00:04:06,470 --> 00:04:07,020 Speaker 2: the capability 82 00:04:07,123 --> 00:04:10,184 Speaker 2: spectrum. But increasingly over the years, I've been in this field, 83 00:04:10,194 --> 00:04:12,893 Speaker 2: we've seen that shift quite a bit upwards in terms 84 00:04:12,904 --> 00:04:18,114 Speaker 2: of skills is the activists, the cyber activist groups, those 85 00:04:18,123 --> 00:04:21,164 Speaker 2: have been in popular culture represented a lot by anonymous 86 00:04:21,174 --> 00:04:24,503 Speaker 2: and we've seen a sort of guy fawkes mask for 87 00:04:24,514 --> 00:04:26,334 Speaker 2: those of you that are avid on the TV side. 88 00:04:26,343 --> 00:04:29,493 Speaker 2: Mr Robot had a great depiction of this type of, of, 89 00:04:29,503 --> 00:04:32,894 Speaker 2: of sort of group, but usually they're ideologically motivated. 90 00:04:33,260 --> 00:04:36,799 Speaker 2: Now, one of the interesting trend and you know, for 91 00:04:36,809 --> 00:04:39,599 Speaker 2: some of those our listeners who might have worked on 92 00:04:39,609 --> 00:04:41,910 Speaker 2: Wall Street during the times, the sort of occupy Wall 93 00:04:41,920 --> 00:04:45,558 Speaker 2: Street movement saw a lot of activity. Exactly. And a 94 00:04:45,570 --> 00:04:48,969 Speaker 2: lot of groups targeting big banks, but usually we see 95 00:04:48,980 --> 00:04:52,750 Speaker 2: a lot of environmentally motivated groups. We have a plethora 96 00:04:52,760 --> 00:04:56,440 Speaker 2: of different ideologies. I think the shift in recent years 97 00:04:56,450 --> 00:05:02,420 Speaker 2: has been much more politically ideological motivations that veer on 98 00:05:02,428 --> 00:05:02,839 Speaker 2: state 99 00:05:03,303 --> 00:05:07,493 Speaker 2: level sponsorship or support. And this is what we've seen. 100 00:05:07,505 --> 00:05:11,165 Speaker 2: Certainly in the Middle East, the law we've seen across 101 00:05:11,174 --> 00:05:14,484 Speaker 2: parts of eastern Europe where these groups become difficult to 102 00:05:14,494 --> 00:05:17,815 Speaker 2: discern whether or not they are actually individuals or small 103 00:05:17,825 --> 00:05:20,644 Speaker 2: groups or if they are being asked to run these 104 00:05:20,654 --> 00:05:22,505 Speaker 2: operations by governments. 105 00:05:23,144 --> 00:05:25,434 Speaker 1: Let me go back to the government in a second. 106 00:05:25,445 --> 00:05:29,515 Speaker 1: Which is so, yes, there are capabilities that governments apply 107 00:05:29,524 --> 00:05:32,565 Speaker 1: to espionage and we know most countries do it. 108 00:05:32,950 --> 00:05:37,738 Speaker 1: Um, there's also this whole layer of snooping that governments 109 00:05:37,750 --> 00:05:38,970 Speaker 1: owe to their own people. 110 00:05:39,529 --> 00:05:43,459 Speaker 1: And we've been hearing about certain software packages that certain 111 00:05:43,470 --> 00:05:46,589 Speaker 1: countries commercialize and sell and you hear all sorts of 112 00:05:46,600 --> 00:05:49,029 Speaker 1: unsavory governments picking up those things. So, tell us a 113 00:05:49,040 --> 00:05:50,230 Speaker 1: little bit about that. Yeah, 114 00:05:50,238 --> 00:05:50,578 Speaker 2: it's 115 00:05:50,589 --> 00:05:55,000 Speaker 2: been a maybe a good decade now that we've seen 116 00:05:55,010 --> 00:05:58,118 Speaker 2: crop up these companies that have specialized private sector companies, 117 00:05:58,130 --> 00:06:04,118 Speaker 2: technology companies that have specialized in designing and developing toolkits capabilities, 118 00:06:04,130 --> 00:06:04,850 Speaker 2: malware 119 00:06:05,065 --> 00:06:10,346 Speaker 2: at times to essentially conduct espionage operations and have commercialized 120 00:06:10,356 --> 00:06:13,856 Speaker 2: it to law enforcement agencies across the world and for 121 00:06:13,867 --> 00:06:16,856 Speaker 2: a range of different purposes, sometimes legitimate purposes. And we 122 00:06:16,867 --> 00:06:21,677 Speaker 2: do see counter terrorism operations or particularly in countries with 123 00:06:21,687 --> 00:06:25,207 Speaker 2: the resources to build their own cyber capabilities as limited 124 00:06:25,337 --> 00:06:29,957 Speaker 2: valid use cases for criminal investigations. The challenge though is 125 00:06:29,967 --> 00:06:30,596 Speaker 2: that in some 126 00:06:30,694 --> 00:06:33,282 Speaker 2: jurisdictions and depending on the nature of the government, we've 127 00:06:33,294 --> 00:06:36,593 Speaker 2: also seen abuse of this capability and part of this 128 00:06:36,604 --> 00:06:39,514 Speaker 2: abuse has been used to target journalists, freedom of the press, 129 00:06:39,523 --> 00:06:43,032 Speaker 2: but also freedom of religion and at times even minorities 130 00:06:43,044 --> 00:06:47,003 Speaker 2: within certain countries, I think the real challenge is making 131 00:06:47,014 --> 00:06:49,104 Speaker 2: a distinction and this is what we talk a lot 132 00:06:49,113 --> 00:06:52,343 Speaker 2: in the threat into our world is making a distinction 133 00:06:52,354 --> 00:06:56,223 Speaker 2: between motives and capabilities, having the capability to do so 134 00:06:56,550 --> 00:06:59,501 Speaker 2: like snoop on an iphone, which most governments will have 135 00:06:59,510 --> 00:07:03,710 Speaker 2: a capability to do is only legitimate when it is 136 00:07:03,721 --> 00:07:06,460 Speaker 2: used by a purpose that is lawful. And I think 137 00:07:06,471 --> 00:07:09,580 Speaker 2: that's where a lot of even the regulatory framework has 138 00:07:09,591 --> 00:07:12,941 Speaker 2: been evolving very quickly. Over the years when most of 139 00:07:12,950 --> 00:07:17,621 Speaker 2: our privacy regulations were built back before 2017 18, with 140 00:07:17,631 --> 00:07:20,670 Speaker 2: the Chinese cybersecurity law in the European Union's general data 141 00:07:20,680 --> 00:07:26,180 Speaker 2: protection regulation, data privacy law had been written in 1990. 142 00:07:26,470 --> 00:07:28,649 Speaker 2: You know, we were talking before starting about the iphone 143 00:07:28,660 --> 00:07:32,170 Speaker 2: release in 2007. Look at the pace of evolution and 144 00:07:32,179 --> 00:07:34,290 Speaker 2: how difficult it is to stay on top of these 145 00:07:34,299 --> 00:07:36,899 Speaker 2: capabilities for regulators. And I think that's going to be 146 00:07:36,910 --> 00:07:40,269 Speaker 2: a constant economy in the near future in our societies 147 00:07:40,339 --> 00:07:44,679 Speaker 2: and in our democracies, how do we balance the capabilities 148 00:07:44,690 --> 00:07:47,829 Speaker 2: our governments have with the motives and the intent to 149 00:07:47,839 --> 00:07:51,799 Speaker 2: use these capabilities through legislation and through democratic processes? 150 00:07:52,019 --> 00:07:54,970 Speaker 1: What's your sense of GDPR? Now, whenever I go to 151 00:07:54,980 --> 00:07:56,049 Speaker 1: a website, there's a little 152 00:07:56,575 --> 00:07:59,165 Speaker 1: box that comes up. Do you accept the cookies or not? 153 00:07:59,175 --> 00:08:01,105 Speaker 1: That is it really changing things? So 154 00:08:01,115 --> 00:08:01,126 Speaker 2: I 155 00:08:01,135 --> 00:08:04,656 Speaker 2: think it has and there's been really interesting case law 156 00:08:04,665 --> 00:08:08,295 Speaker 2: in Europe where some of the fundamental principles of GDP 157 00:08:08,305 --> 00:08:11,446 Speaker 2: are notably the right to be forgotten, which really came 158 00:08:11,455 --> 00:08:15,286 Speaker 2: from a single activist based in Spain who sort of 159 00:08:15,295 --> 00:08:19,165 Speaker 2: was really upset about when he entered his name on Google. 160 00:08:19,175 --> 00:08:22,665 Speaker 2: The results that came in were either too old and 161 00:08:22,675 --> 00:08:25,635 Speaker 2: were misrepresentation of who he was or were in 162 00:08:25,971 --> 00:08:29,462 Speaker 2: at times. And I think now within the European Union 163 00:08:29,471 --> 00:08:33,521 Speaker 2: and certainly as European citizens, individuals can request that their 164 00:08:33,530 --> 00:08:39,041 Speaker 2: information be taken down, that has undeniably really improved the 165 00:08:39,052 --> 00:08:42,861 Speaker 2: privacy of European Union citizens. And I think we've seen 166 00:08:42,872 --> 00:08:46,442 Speaker 2: similar bills come across the world and we are seeing 167 00:08:46,492 --> 00:08:50,681 Speaker 2: a real trend towards adoption of this approach. That being said, 168 00:08:50,771 --> 00:08:55,391 Speaker 2: one of the objectives of GDPR was, you know, seriously 169 00:08:56,590 --> 00:09:01,690 Speaker 2: improve the accountability of organizations in protecting consumer and employee data. 170 00:09:02,000 --> 00:09:05,150 Speaker 2: And whilst we've seen improvements as a whole, it's not 171 00:09:05,159 --> 00:09:07,179 Speaker 2: all of one size fits all. It's certainly not a 172 00:09:07,190 --> 00:09:11,150 Speaker 2: silver bullet. And I think the challenge is regulation will 173 00:09:11,159 --> 00:09:15,030 Speaker 2: not be the only answer to the problem that cybersecurity 174 00:09:15,039 --> 00:09:16,909 Speaker 2: poses the privacy of our data 175 00:09:17,159 --> 00:09:21,510 Speaker 2: um uh entails. And importantly, whilst GDPR was a step 176 00:09:21,520 --> 00:09:24,739 Speaker 2: in the right way, it is only a single step 177 00:09:24,750 --> 00:09:26,689 Speaker 2: in what's going to be a very long hike. 178 00:09:27,010 --> 00:09:29,829 Speaker 1: Is it too early to say that the data leak 179 00:09:29,840 --> 00:09:32,900 Speaker 1: issue in Europe is sort of better than elsewhere because 180 00:09:32,909 --> 00:09:33,809 Speaker 1: of all these laws, 181 00:09:34,299 --> 00:09:39,369 Speaker 2: I think, I wish as a European Union citizen that 182 00:09:39,380 --> 00:09:43,630 Speaker 2: it was better. I don't think unfortunately, it is going 183 00:09:43,640 --> 00:09:46,559 Speaker 2: to be better. Thanks to regulation. I think regulation creates 184 00:09:46,570 --> 00:09:49,630 Speaker 2: better accountability. I think you mentioned that the introduction 185 00:09:49,830 --> 00:09:52,960 Speaker 2: to this episode, there's always been this challenge of, we 186 00:09:52,969 --> 00:09:55,570 Speaker 2: only know what we know and as the public or 187 00:09:55,580 --> 00:09:59,210 Speaker 2: as you know, members of the business community, we know 188 00:09:59,219 --> 00:10:03,150 Speaker 2: if somebody's been hacked because they say it publicly, what 189 00:10:03,200 --> 00:10:05,069 Speaker 2: GDPR has helped. And I think what a lot of 190 00:10:05,080 --> 00:10:07,829 Speaker 2: the legislations are coming out and I just saw the, 191 00:10:07,960 --> 00:10:10,409 Speaker 2: the CS A here in Singapore is doing more work 192 00:10:10,419 --> 00:10:14,848 Speaker 2: on mandatory disclosure of breaches is creating a universe of 193 00:10:14,859 --> 00:10:15,729 Speaker 2: accountability 194 00:10:16,039 --> 00:10:18,309 Speaker 2: that is very helpful because at least it creates a 195 00:10:18,320 --> 00:10:21,439 Speaker 2: level playing field in terms of statistically. Do we see 196 00:10:21,450 --> 00:10:24,260 Speaker 2: less data breaches since GDPR? No, we probably see more. 197 00:10:24,270 --> 00:10:26,809 Speaker 2: And that's also a factor of just the sophistication of 198 00:10:26,820 --> 00:10:30,150 Speaker 2: the landscape and just how much more data reliant we are. 199 00:10:31,000 --> 00:10:35,690 Speaker 1: So tell me something about the level of sophistication and 200 00:10:35,700 --> 00:10:40,289 Speaker 1: the scale of cybersecurity threats out in the world. How often, 201 00:10:40,299 --> 00:10:40,909 Speaker 1: how big are we 202 00:10:40,919 --> 00:10:41,530 Speaker 1: talking about? 203 00:10:41,539 --> 00:10:45,330 Speaker 2: I mean, we'd be talking about every millisecond. If we 204 00:10:45,340 --> 00:10:49,449 Speaker 2: looked at the technical materialization of attacks, I think there 205 00:10:49,460 --> 00:10:51,848 Speaker 2: has been attempts at quantifying the damages. 206 00:10:52,085 --> 00:10:55,806 Speaker 2: We are talking if cyber crime was an economy in 207 00:10:55,815 --> 00:10:59,116 Speaker 2: 2025 it's scheduled to be the third largest economy in 208 00:10:59,125 --> 00:11:01,314 Speaker 2: the world after the US and China. So we are 209 00:11:01,325 --> 00:11:05,176 Speaker 2: talking trillions of dollars of damages. Dabbing said I always 210 00:11:05,184 --> 00:11:08,236 Speaker 2: take this quantification with a pinch of salt. There is 211 00:11:08,245 --> 00:11:10,265 Speaker 2: no and this is one of the big challenges in 212 00:11:10,276 --> 00:11:12,786 Speaker 2: our space is there is no way to 213 00:11:12,881 --> 00:11:16,262 Speaker 2: actually understand the scale of the problem because it is 214 00:11:16,271 --> 00:11:20,661 Speaker 2: reliance on reporting, it is reliance on transparency internationally. And 215 00:11:20,942 --> 00:11:23,580 Speaker 2: the reality is we don't have much of this. What 216 00:11:23,591 --> 00:11:27,601 Speaker 2: we can see is both in terms of spend budgetary 217 00:11:27,611 --> 00:11:31,841 Speaker 2: wise by governments and private sector and in terms of 218 00:11:31,851 --> 00:11:37,161 Speaker 2: cost of remediation, the problem is significant. And in my 219 00:11:37,171 --> 00:11:41,721 Speaker 2: 10 years working in the private sector and advising organizations 220 00:11:41,731 --> 00:11:42,562 Speaker 2: around the world, 221 00:11:43,030 --> 00:11:46,109 Speaker 2: I now very rarely do not see an organization that 222 00:11:46,119 --> 00:11:49,880 Speaker 2: has cyber on top of its risk register as both 223 00:11:49,890 --> 00:11:51,729 Speaker 2: high likelihood and high impact. 224 00:11:52,280 --> 00:11:57,059 Speaker 2: I think where we see the trend moving is because 225 00:11:57,070 --> 00:12:00,960 Speaker 2: our societies and our organizations are connecting more and more. 226 00:12:00,989 --> 00:12:05,250 Speaker 2: We are seeing massive investments in digital transformations. The reality 227 00:12:05,260 --> 00:12:08,799 Speaker 2: is the problem is only going to get bigger and 228 00:12:08,809 --> 00:12:12,520 Speaker 2: because we are connecting, not just ourselves to the internet, 229 00:12:12,630 --> 00:12:16,450 Speaker 2: but we're also connecting machines, we're connecting factories, we still 230 00:12:16,460 --> 00:12:18,929 Speaker 2: have roughly 50% of the world that's not connected to 231 00:12:18,940 --> 00:12:19,500 Speaker 2: the internet. 232 00:12:19,880 --> 00:12:23,909 Speaker 2: There is still a huge amount of vulnerabilities that are 233 00:12:23,919 --> 00:12:25,140 Speaker 2: only yet to come. 234 00:12:25,700 --> 00:12:26,979 Speaker 1: If we are 235 00:12:27,900 --> 00:12:32,950 Speaker 1: fixated on the vulnerabilities, sometimes we sacrifice efficiency or productivity. 236 00:12:33,280 --> 00:12:35,659 Speaker 1: I used to work at a public sector organization where 237 00:12:35,669 --> 00:12:38,489 Speaker 1: the fear of cyberattack was so big that we used 238 00:12:38,500 --> 00:12:41,210 Speaker 1: to use two different laptops, one for external access, one 239 00:12:41,219 --> 00:12:44,489 Speaker 1: for internal use. And then there was a virtual dropbox. 240 00:12:44,500 --> 00:12:46,400 Speaker 1: If you downloaded some data from outside, you'd go through, 241 00:12:46,409 --> 00:12:48,549 Speaker 1: but it'll go through like filter after filter before you 242 00:12:48,559 --> 00:12:52,189 Speaker 1: could bring it to the, but that was in my view, inefficient, 243 00:12:52,200 --> 00:12:53,080 Speaker 1: it slowed us down. 244 00:12:53,419 --> 00:12:58,049 Speaker 1: Um, are you seeing that sort of paranoia which is 245 00:12:58,059 --> 00:12:59,478 Speaker 1: causing that sort of cost? 246 00:12:59,489 --> 00:13:02,400 Speaker 2: Yeah. I think it's a really good point and I 247 00:13:02,409 --> 00:13:05,589 Speaker 2: think it's one that we often in the security industry 248 00:13:05,659 --> 00:13:09,150 Speaker 2: don't talk about enough security for a long time, was 249 00:13:09,159 --> 00:13:12,760 Speaker 2: seen as this huge blocker and an impediment to doing business. 250 00:13:12,770 --> 00:13:15,979 Speaker 2: I mean, we've had scenarios where we tell executives if 251 00:13:15,989 --> 00:13:18,500 Speaker 2: you travel to a certain country, you can't take your 252 00:13:18,510 --> 00:13:19,849 Speaker 2: cell phone and they look at us and they say 253 00:13:19,859 --> 00:13:21,479 Speaker 2: we're going to take our cell phones. So not only 254 00:13:21,489 --> 00:13:22,679 Speaker 2: does it encourage, 255 00:13:23,080 --> 00:13:27,900 Speaker 2: you know, bypassing the controls, it also the controls become 256 00:13:28,020 --> 00:13:30,719 Speaker 2: too difficult, then we lose our purpose of being a 257 00:13:30,729 --> 00:13:34,369 Speaker 2: business or operating properly what we are seeing. And I 258 00:13:34,380 --> 00:13:37,059 Speaker 2: think this is, this is the biggest thing that everyone 259 00:13:37,070 --> 00:13:39,750 Speaker 2: out there, both organizations and individually, we need to think 260 00:13:39,760 --> 00:13:40,140 Speaker 2: about 261 00:13:40,409 --> 00:13:43,690 Speaker 2: paranoia is unhealthy. We need to be proportionate and to 262 00:13:43,700 --> 00:13:47,809 Speaker 2: be proportionate, we need to understand our environment. And if 263 00:13:47,820 --> 00:13:50,130 Speaker 2: I am a bank or if I'm a government institution 264 00:13:50,140 --> 00:13:52,900 Speaker 2: or if I am a health care company or law firm, 265 00:13:52,989 --> 00:13:56,309 Speaker 2: my threat environment is going to be different. Not everybody 266 00:13:56,320 --> 00:13:57,909 Speaker 2: needs to be for Alamo, 267 00:13:58,539 --> 00:14:04,429 Speaker 2: not everybody needs to have military grade defenses. Some do 268 00:14:04,609 --> 00:14:06,640 Speaker 2: maybe parts of our organizations do 269 00:14:07,159 --> 00:14:09,820 Speaker 2: and those parts they need to be proportionate to the 270 00:14:09,830 --> 00:14:13,319 Speaker 2: risks that we face, if we apply a blanket rule, 271 00:14:13,469 --> 00:14:16,190 Speaker 2: we are going to waste money, we're gonna piss off 272 00:14:16,200 --> 00:14:19,320 Speaker 2: our users and ultimately we're going to be counterproductive. Right. 273 00:14:19,380 --> 00:14:23,059 Speaker 1: Right. I mean, I've noticed this even in certain apps 274 00:14:23,070 --> 00:14:26,489 Speaker 1: where the security concern is so big that the app 275 00:14:26,500 --> 00:14:28,609 Speaker 1: shuts down at every single hint of vulnerability. 276 00:14:28,849 --> 00:14:30,429 Speaker 1: And as a result, it's not a user friendly app 277 00:14:30,440 --> 00:14:31,099 Speaker 1: anymore. 278 00:14:31,229 --> 00:14:34,380 Speaker 2: I think banking has really led the way in balancing 279 00:14:34,390 --> 00:14:39,390 Speaker 2: this because it's fundamentally A B two C business. So 280 00:14:39,549 --> 00:14:42,859 Speaker 2: and it's a business that has been heavily targeted historically 281 00:14:42,869 --> 00:14:46,140 Speaker 2: by cyber attacks. It's also a business where consumers are 282 00:14:46,150 --> 00:14:50,099 Speaker 2: very concerned about the safety and the security of their data. 283 00:14:50,429 --> 00:14:53,169 Speaker 2: And at the same time, they need that seamless connectivity. 284 00:14:53,369 --> 00:14:55,419 Speaker 2: And so if you look at some of the innovations 285 00:14:55,429 --> 00:14:58,919 Speaker 2: of the technical layer multi factor authentication, the use of 286 00:14:58,929 --> 00:15:03,130 Speaker 2: biometric on our phones for fingerprinting, the banks are still 287 00:15:03,140 --> 00:15:05,590 Speaker 2: leading the charge. And I think there's a real lesson 288 00:15:05,599 --> 00:15:09,239 Speaker 2: here for the community that security can be done whilst 289 00:15:09,250 --> 00:15:12,669 Speaker 2: being user friendly. It doesn't have to be everybody log 290 00:15:12,679 --> 00:15:14,609 Speaker 2: out every 10 minutes and I need to re input 291 00:15:14,619 --> 00:15:18,179 Speaker 2: 15 passwords. And luckily the tech is moving into such 292 00:15:18,190 --> 00:15:19,090 Speaker 2: a space where 293 00:15:19,359 --> 00:15:23,669 Speaker 2: the solutions designers, the technology companies are really thinking about 294 00:15:23,679 --> 00:15:24,219 Speaker 2: the user 295 00:15:25,140 --> 00:15:27,900 Speaker 1: nick coming from DB si fully relate to what you're 296 00:15:27,909 --> 00:15:32,770 Speaker 1: talking about. Um As we speak, we have two full 297 00:15:32,780 --> 00:15:36,469 Speaker 1: blown military conflicts in the world. Russia, Ukraine Israel Gaza 298 00:15:36,479 --> 00:15:40,659 Speaker 1: and we have this simmering tussle between the US and China, 299 00:15:40,669 --> 00:15:42,559 Speaker 1: which probably will last our lifetime. 300 00:15:43,070 --> 00:15:47,830 Speaker 1: So talk about cyber security and dimensions of actual conflict, 301 00:15:47,840 --> 00:15:49,979 Speaker 1: both full blown one as well as a simmering 302 00:15:49,989 --> 00:15:51,909 Speaker 2: one. Yes, I think this is, this could be a 303 00:15:51,919 --> 00:15:55,440 Speaker 2: topic for the next 20 hours. It is by far 304 00:15:55,450 --> 00:15:58,010 Speaker 2: the pieces that I find the most fascinating in this 305 00:15:58,020 --> 00:15:58,809 Speaker 2: space because 306 00:15:59,354 --> 00:16:02,934 Speaker 2: it's where we see the real convergence of this risk 307 00:16:02,945 --> 00:16:07,705 Speaker 2: environment and the convergence between real life and that digital component. Look, 308 00:16:07,715 --> 00:16:10,434 Speaker 2: I think for a long time, we had forecasted and 309 00:16:10,445 --> 00:16:13,135 Speaker 2: not just we are control risk, but organizations across the 310 00:16:13,145 --> 00:16:18,405 Speaker 2: world had forecasted that Cyber was going to become a 311 00:16:18,684 --> 00:16:22,315 Speaker 2: normal part of conflict and particularly of hybrid conflicts like 312 00:16:22,325 --> 00:16:23,184 Speaker 2: what we're seeing 313 00:16:23,479 --> 00:16:27,450 Speaker 2: and certainly both in the Middle East and in eastern Europe, 314 00:16:28,539 --> 00:16:31,469 Speaker 2: it has manifested this way. I think Ukraine was a 315 00:16:31,479 --> 00:16:35,059 Speaker 2: surprise to a lot of commentators because I remember at 316 00:16:35,070 --> 00:16:38,349 Speaker 2: the beginning of the war, there were lots of questions about, 317 00:16:38,359 --> 00:16:41,140 Speaker 2: are we going to see a very large scale cyber attack, 318 00:16:41,150 --> 00:16:43,200 Speaker 2: crippling the entire electric grid 319 00:16:44,205 --> 00:16:48,005 Speaker 2: or even into Europe? And for our listeners that may 320 00:16:48,015 --> 00:16:50,216 Speaker 2: have an interest in the field, you know, the scenario 321 00:16:50,226 --> 00:16:53,815 Speaker 2: was colonial pipeline, the shutdown of a pipeline in on 322 00:16:53,825 --> 00:16:56,575 Speaker 2: the eastern seaboard in the US. The reality is we 323 00:16:56,585 --> 00:16:58,515 Speaker 2: didn't see this. And I think there were two reasons 324 00:16:58,526 --> 00:17:02,875 Speaker 2: for this. One is Cyber is part of military operations 325 00:17:02,885 --> 00:17:03,575 Speaker 2: is one 326 00:17:03,682 --> 00:17:07,261 Speaker 2: the many tools at the disposal of states. But it 327 00:17:07,271 --> 00:17:13,271 Speaker 2: is also not a replacement for traditional kinetic war and 328 00:17:13,281 --> 00:17:17,390 Speaker 2: traditional conflict. That being said it does feature prominently as 329 00:17:17,401 --> 00:17:19,901 Speaker 2: part of both of these conflicts. And I think they 330 00:17:19,911 --> 00:17:23,702 Speaker 2: give us a taste of what there is to come. Actually, Ukraine, 331 00:17:24,160 --> 00:17:28,560 Speaker 2: you know, after the invasion of Crimea in 2014, we 332 00:17:28,569 --> 00:17:33,180 Speaker 2: saw the development of disruptive or destructive cyber attacks against 333 00:17:33,189 --> 00:17:38,760 Speaker 2: Eastern European energy infrastructure by Russian Linked units. And what 334 00:17:39,109 --> 00:17:42,709 Speaker 2: that was a good forecasting sign of is war is 335 00:17:42,719 --> 00:17:47,310 Speaker 2: a capability development moment in cyber. It is through military 336 00:17:47,319 --> 00:17:50,599 Speaker 2: means that we see novel tactics and techniques. It is 337 00:17:50,609 --> 00:17:53,349 Speaker 2: what we've seen in the targeting of satellite systems during 338 00:17:53,359 --> 00:17:55,560 Speaker 2: the war in Ukraine. It's also what we've seen in 339 00:17:55,569 --> 00:17:59,660 Speaker 2: the targeting of data centers and large scale telecommunication infrastructure. 340 00:18:00,209 --> 00:18:00,819 Speaker 2: It is not 341 00:18:01,060 --> 00:18:04,689 Speaker 2: the sort of big nuclear apocalypse that people may have forecasted, 342 00:18:04,790 --> 00:18:08,540 Speaker 2: but it is evident that it has become a critical 343 00:18:08,550 --> 00:18:12,379 Speaker 2: part of before during and after conflicts. And I think 344 00:18:12,390 --> 00:18:15,160 Speaker 2: the concern when we look at some of the tensions 345 00:18:15,170 --> 00:18:18,000 Speaker 2: around the world today is there are more and more 346 00:18:18,010 --> 00:18:21,859 Speaker 2: states developing these capabilities. What keeps me up awake at 347 00:18:21,869 --> 00:18:24,899 Speaker 2: night is the private sector is going to be caught 348 00:18:24,910 --> 00:18:26,040 Speaker 2: in the middle of all of this. 349 00:18:26,479 --> 00:18:31,629 Speaker 2: We private sector companies, not only oftentimes run the infrastructure 350 00:18:31,640 --> 00:18:36,319 Speaker 2: that sits in those countries, it is also our business 351 00:18:36,329 --> 00:18:40,430 Speaker 2: imperative to work across jurisdictions and what we're seeing and 352 00:18:40,439 --> 00:18:42,750 Speaker 2: particularly the sanctions that came 353 00:18:42,949 --> 00:18:46,250 Speaker 2: by both the US and the Eu after the invasion 354 00:18:46,270 --> 00:18:49,839 Speaker 2: of Ukraine on Russian businesses was a good indicator when 355 00:18:49,849 --> 00:18:52,510 Speaker 2: all of a sudden you couldn't update Microsoft in Russia 356 00:18:52,619 --> 00:18:58,219 Speaker 2: because the sanctions prohibited Microsoft from sending updates to laptops 357 00:18:58,229 --> 00:18:59,410 Speaker 2: and assets in Russia. 358 00:18:59,880 --> 00:19:04,599 Speaker 2: It is reshaping the world of technology these conflicts. And 359 00:19:04,609 --> 00:19:08,439 Speaker 2: I think very interestingly for us, for instance, we are 360 00:19:08,449 --> 00:19:12,969 Speaker 2: increasingly looking at technology as a resilience concern and just 361 00:19:12,979 --> 00:19:15,699 Speaker 2: strictly a cyber security concern. And I know that's a 362 00:19:15,709 --> 00:19:18,649 Speaker 2: big part of the discussion in Singapore about the resilience 363 00:19:18,790 --> 00:19:22,520 Speaker 2: of the infrastructure cyber resilience in Singapore. I think that 364 00:19:22,530 --> 00:19:24,260 Speaker 2: is absolutely the right discussion 365 00:19:24,810 --> 00:19:27,219 Speaker 2: to touch on the US and China. Look we are 366 00:19:27,229 --> 00:19:31,719 Speaker 2: entering a US electoral period, we don't yet know what 367 00:19:31,729 --> 00:19:35,310 Speaker 2: will happen. But it is very clear that the tensions 368 00:19:35,319 --> 00:19:37,510 Speaker 2: around the control of technology 369 00:19:37,890 --> 00:19:42,079 Speaker 2: and the development of generative A I, we've got the 370 00:19:42,089 --> 00:19:45,689 Speaker 2: beginnings of quantum discussions happening a little bit everywhere is 371 00:19:45,699 --> 00:19:49,728 Speaker 2: going to be a real arms race between the two superpowers. 372 00:19:49,849 --> 00:19:52,810 Speaker 2: And it's going to put businesses in the middle of this, 373 00:19:52,819 --> 00:19:55,579 Speaker 2: of having to pick where do I choose my technology 374 00:19:55,589 --> 00:19:58,619 Speaker 2: supply chain from? How do I build resilience in light 375 00:19:58,630 --> 00:20:00,160 Speaker 2: of different regulatory framework? 376 00:20:00,430 --> 00:20:04,949 Speaker 2: And importantly, what is the direction of travel from an 377 00:20:05,160 --> 00:20:08,619 Speaker 2: access to technology and the security of our technology in 378 00:20:08,630 --> 00:20:10,459 Speaker 2: light of my own business strategy 379 00:20:10,469 --> 00:20:10,869 Speaker 1: Right. 380 00:20:11,229 --> 00:20:12,579 Speaker 1: I want to go back to the issue of resiliency 381 00:20:12,589 --> 00:20:15,219 Speaker 1: for a second in the context of Russia, Ukraine. So, yes, 382 00:20:15,229 --> 00:20:17,010 Speaker 1: at the beginning, the fear was that there will be 383 00:20:17,020 --> 00:20:20,670 Speaker 1: cyber attacks from Russia and there will be widespread blackouts 384 00:20:20,680 --> 00:20:22,629 Speaker 1: both in Ukraine and elsewhere. 385 00:20:23,209 --> 00:20:26,189 Speaker 1: Now, what about the fact that almost three years after 386 00:20:26,199 --> 00:20:30,420 Speaker 1: the conflict started? And despite all sorts of sanctions, Russia's 387 00:20:30,459 --> 00:20:34,819 Speaker 1: capabilities seem pretty good. How are they being so resilient? 388 00:20:34,859 --> 00:20:35,359 Speaker 2: It's 389 00:20:35,369 --> 00:20:37,780 Speaker 2: a great question. And I think there's been lots of 390 00:20:37,790 --> 00:20:41,429 Speaker 2: analysis recently around the sort of move of Russia towards 391 00:20:41,439 --> 00:20:44,438 Speaker 2: a war economy regime and something close to 70% of 392 00:20:44,449 --> 00:20:47,060 Speaker 2: GDP now being dedicated to the war effort. And I 393 00:20:47,069 --> 00:20:47,540 Speaker 2: think that 394 00:20:47,869 --> 00:20:51,880 Speaker 2: most governments now in their strategic military planning take cyber 395 00:20:51,890 --> 00:20:55,609 Speaker 2: as one of the aspects of we need to maintain resources, 396 00:20:55,619 --> 00:20:59,719 Speaker 2: we need to maintain capabilities throughout the continuation of a 397 00:20:59,729 --> 00:21:03,469 Speaker 2: war effort. And so that pivot has been very significant 398 00:21:03,479 --> 00:21:04,010 Speaker 2: in Russia, 399 00:21:04,104 --> 00:21:07,354 Speaker 2: I think equally I mentioned earlier on when we were 400 00:21:07,364 --> 00:21:10,405 Speaker 2: talking about the different types of threat groups. What we 401 00:21:10,415 --> 00:21:12,675 Speaker 2: saw at the beginning of the conflict is a lot 402 00:21:12,685 --> 00:21:15,744 Speaker 2: of the ransomware groups that were very active targeting financial 403 00:21:15,755 --> 00:21:19,114 Speaker 2: institutions and other businesses in the US or in Europe 404 00:21:19,125 --> 00:21:22,614 Speaker 2: or in a all of a sudden stopped their activity 405 00:21:22,625 --> 00:21:23,724 Speaker 2: and focused on Ukraine. 406 00:21:24,290 --> 00:21:28,430 Speaker 2: And this is where the resourceful and the asymmetric nature 407 00:21:28,439 --> 00:21:32,280 Speaker 2: of cyber capabilities where it actually doesn't cost that much 408 00:21:32,290 --> 00:21:35,760 Speaker 2: to do and it becomes very sustainable over time because 409 00:21:35,770 --> 00:21:39,550 Speaker 2: unless you lose the infrastructure within Russia, it's still a 410 00:21:39,560 --> 00:21:42,149 Speaker 2: computer with internet access and you can do a lot 411 00:21:42,160 --> 00:21:42,510 Speaker 2: of damage 412 00:21:42,660 --> 00:21:45,089 Speaker 2: with that. And so I think those resources and the 413 00:21:45,099 --> 00:21:48,179 Speaker 2: asymmetric nature of the spend has been one of the 414 00:21:48,189 --> 00:21:51,550 Speaker 2: reasons why we have seen the continuation of the cyber 415 00:21:51,560 --> 00:21:55,270 Speaker 2: operation surrounding the conflict in Ukraine. But also certainly that 416 00:21:55,280 --> 00:21:58,589 Speaker 2: pivot towards a war footing economy, a wartime economy has 417 00:21:58,599 --> 00:22:00,810 Speaker 2: allowed Russia to sustain a lot of its efforts. 418 00:22:01,310 --> 00:22:04,089 Speaker 1: Fascinating. I, I really didn't see, you know, this coming 419 00:22:04,099 --> 00:22:06,609 Speaker 1: from Russia. I'm pretty amazed that, you know, uh to 420 00:22:06,619 --> 00:22:10,649 Speaker 1: your point that if indeed the Apple I Os or 421 00:22:10,660 --> 00:22:13,829 Speaker 1: Microsoft 365 upgrades are not happening. How on earth are 422 00:22:13,839 --> 00:22:16,810 Speaker 1: they not falling into technological obsolescence unless they have 423 00:22:17,150 --> 00:22:20,040 Speaker 1: friendly countries which are helping them? The text Act? 424 00:22:20,680 --> 00:22:22,859 Speaker 2: Absolutely. There is a lot of, we're seeing a lot 425 00:22:22,869 --> 00:22:26,540 Speaker 2: of Interstate Cooper operation aligned particularly to kind of more 426 00:22:26,550 --> 00:22:30,000 Speaker 2: traditional geopolitical alliances. We're also seeing a lot of home 427 00:22:30,010 --> 00:22:33,079 Speaker 2: grown talent coming out of a lot of places. One 428 00:22:33,089 --> 00:22:36,609 Speaker 2: of the, one of the paradoxes of cyber and I 429 00:22:36,619 --> 00:22:37,040 Speaker 2: often 430 00:22:37,589 --> 00:22:40,889 Speaker 2: draw a parallel with the sort of nuclear arms race. 431 00:22:41,089 --> 00:22:43,660 Speaker 2: If a group gets a hold of a nuclear warhead, 432 00:22:43,670 --> 00:22:46,359 Speaker 2: they can use it once and that's it. Once it's 433 00:22:46,369 --> 00:22:48,489 Speaker 2: been used, it's been spent unless you know how to 434 00:22:48,500 --> 00:22:50,780 Speaker 2: manufacture it, it's gonna be very difficult. If you get 435 00:22:50,790 --> 00:22:53,698 Speaker 2: access to computer code, you can reuse it 436 00:22:54,310 --> 00:22:59,270 Speaker 2: ad nauseam. It is constantly standing on foundations that cannot 437 00:22:59,280 --> 00:23:03,089 Speaker 2: be shaken. We are not tomorrow going to redesign if 438 00:23:03,099 --> 00:23:07,800 Speaker 2: tomorrow Microsoft can't update Windows in Russia. Windows doesn't stop working. 439 00:23:07,910 --> 00:23:09,290 Speaker 2: It's still going to work 440 00:23:09,630 --> 00:23:12,000 Speaker 2: and you can customize things on top of it. And 441 00:23:12,010 --> 00:23:16,849 Speaker 2: that's one of the reasons why technology feels like such 442 00:23:16,859 --> 00:23:21,310 Speaker 2: an exponential pace of development. It's because we never really 443 00:23:21,319 --> 00:23:24,469 Speaker 2: have to start over. We're always building on top of 444 00:23:24,479 --> 00:23:26,790 Speaker 2: things that are being built on top of things. And 445 00:23:26,800 --> 00:23:27,689 Speaker 2: so that's why 446 00:23:28,300 --> 00:23:31,458 Speaker 2: it's very, very hard to build things, but to maintain 447 00:23:31,469 --> 00:23:33,869 Speaker 2: and improve things is actually a lot easier and a 448 00:23:33,880 --> 00:23:35,040 Speaker 2: lot less costly. 449 00:23:35,560 --> 00:23:38,060 Speaker 1: I can imagine that the cybercrime unit at Interpol is 450 00:23:38,069 --> 00:23:41,389 Speaker 1: having sleepless nights because the possessive of this issue. So 451 00:23:41,489 --> 00:23:43,780 Speaker 1: I brought up Interpol for a reason. So on the 452 00:23:43,790 --> 00:23:48,239 Speaker 1: ransomware attacks these days, everybody wants or everybody, most uh 453 00:23:48,250 --> 00:23:52,310 Speaker 1: hackers want crypto as a settlement for ransom. 454 00:23:52,910 --> 00:23:55,800 Speaker 1: My view on crypto was it should be the most 455 00:23:55,810 --> 00:23:58,300 Speaker 1: transparent system in the world. It's a Blockchain and we 456 00:23:58,310 --> 00:24:01,060 Speaker 1: know what the transactions are happening. Why is it so 457 00:24:01,069 --> 00:24:03,879 Speaker 1: hard to not be able to track down people who 458 00:24:03,890 --> 00:24:04,579 Speaker 1: are receiving crypto 459 00:24:04,589 --> 00:24:05,099 Speaker 1: payments? 460 00:24:05,109 --> 00:24:08,459 Speaker 2: Yeah, I think it's, it's the same frustration that a 461 00:24:08,469 --> 00:24:11,900 Speaker 2: lot of innovators have had with platforms like social media, 462 00:24:11,910 --> 00:24:12,540 Speaker 2: you know, the 463 00:24:12,885 --> 00:24:16,974 Speaker 2: the impetus and the design was very much towards transparency, 464 00:24:17,005 --> 00:24:22,294 Speaker 2: freedom of access, freedom of of, of sort of control 465 00:24:22,305 --> 00:24:26,185 Speaker 2: of or from control of, of, of centralized institutions. And 466 00:24:26,194 --> 00:24:28,074 Speaker 2: that's still very much if you look at the sort 467 00:24:28,084 --> 00:24:30,784 Speaker 2: of the maths and the science behind the Blockchain, that 468 00:24:30,795 --> 00:24:32,944 Speaker 2: is the philosophy, it is a transparent ledger. 469 00:24:33,959 --> 00:24:38,180 Speaker 2: But then clever people who had bad intentions realized that 470 00:24:38,750 --> 00:24:42,879 Speaker 2: much like any human attention span, much like banking transaction. 471 00:24:42,890 --> 00:24:46,819 Speaker 2: If you run transactions through hundreds of different layers becomes 472 00:24:46,829 --> 00:24:50,550 Speaker 2: very difficult to reverse engineer. And I think that's where 473 00:24:50,560 --> 00:24:53,439 Speaker 2: we've seen this real frustration. And at times what I 474 00:24:53,449 --> 00:24:54,209 Speaker 2: think has slowed 475 00:24:54,290 --> 00:24:57,540 Speaker 2: down the likelihood of adoption of crypto as part of 476 00:24:57,550 --> 00:25:02,329 Speaker 2: traditional banking or as part of traditional national economies is 477 00:25:02,339 --> 00:25:06,819 Speaker 2: because there's been a weaponization of the capability. So we 478 00:25:06,829 --> 00:25:09,979 Speaker 2: did see very early on when ransomware became a thing, 479 00:25:10,250 --> 00:25:13,228 Speaker 2: the birth of what's called Tumblr, which are services that 480 00:25:13,239 --> 00:25:15,849 Speaker 2: you can purchase on the dark web where you will 481 00:25:15,859 --> 00:25:18,630 Speaker 2: say I have an illegal transaction. I want to hide it. 482 00:25:18,680 --> 00:25:22,329 Speaker 2: It's money laundering, it's, it's and it's automatic systems that 483 00:25:22,339 --> 00:25:25,810 Speaker 2: will run the Cryptocurrency through hundreds and hundreds and hundreds 484 00:25:25,819 --> 00:25:29,849 Speaker 2: of different wallets that have just been created. And all 485 00:25:29,859 --> 00:25:31,688 Speaker 2: of a sudden, it becomes very difficult to trace. The 486 00:25:31,699 --> 00:25:33,270 Speaker 2: last thing I'd say on this point. And I think 487 00:25:33,280 --> 00:25:36,899 Speaker 2: this is the tension with both the regulatory and the 488 00:25:36,910 --> 00:25:39,500 Speaker 2: sort of governance of these technologies, 489 00:25:40,050 --> 00:25:43,359 Speaker 2: part of the principles of cryptocurrencies and the Blockchain was 490 00:25:43,369 --> 00:25:46,849 Speaker 2: freedom from central oversight and governance. But it is also 491 00:25:46,859 --> 00:25:49,389 Speaker 2: because of that freedom from central oversight and governance that 492 00:25:49,400 --> 00:25:52,329 Speaker 2: we see these abuse materializing because there is no authority 493 00:25:52,339 --> 00:25:55,699 Speaker 2: to say the technology shouldn't be used that way. The 494 00:25:55,709 --> 00:25:58,869 Speaker 2: way banks dealt with anti money laundering in Kyc over 495 00:25:58,880 --> 00:26:02,540 Speaker 2: the past 2030 4050 years has been through cooper operation 496 00:26:02,550 --> 00:26:03,869 Speaker 2: between institutions. 497 00:26:04,479 --> 00:26:07,819 Speaker 2: Well, if there is no institution, co-operation becomes very difficult. 498 00:26:07,829 --> 00:26:11,139 Speaker 2: And so that's a very inherent tension in the philosophy 499 00:26:11,150 --> 00:26:14,219 Speaker 2: of these technologies that will eventually need to be reconciled 500 00:26:14,229 --> 00:26:15,159 Speaker 2: one way or the other 501 00:26:15,550 --> 00:26:17,380 Speaker 1: is anything happening in that regard, 502 00:26:17,479 --> 00:26:18,329 Speaker 1: global efforts. 503 00:26:18,339 --> 00:26:21,389 Speaker 2: There are lots of discussions, there are lots of working groups. 504 00:26:21,400 --> 00:26:24,180 Speaker 2: I think lots of governments and financial institutions are looking 505 00:26:24,189 --> 00:26:27,530 Speaker 2: into it. The open source community has built amazing and 506 00:26:27,540 --> 00:26:30,159 Speaker 2: there are tremendous people who are spending a lot of 507 00:26:30,170 --> 00:26:33,579 Speaker 2: their personal time working to the betterment of the technology. 508 00:26:34,050 --> 00:26:35,469 Speaker 2: I think we are 509 00:26:36,479 --> 00:26:39,949 Speaker 2: seeing a more optimistic term. I mean, we've obviously had 510 00:26:39,959 --> 00:26:42,890 Speaker 2: the situations like ftxs and it's it's been rife for 511 00:26:42,900 --> 00:26:45,739 Speaker 2: scams and various other, but it is very much the 512 00:26:45,750 --> 00:26:50,688 Speaker 2: infancy of the technology. And to some extent, you know, 513 00:26:50,699 --> 00:26:54,238 Speaker 2: Ponzi schemes never stopped us from banking. So I don't, 514 00:26:54,250 --> 00:26:56,920 Speaker 2: I'm not a very bad pessimist in this space. I 515 00:26:56,930 --> 00:26:59,929 Speaker 2: think it will take multilateral efforts. And I think 516 00:27:00,300 --> 00:27:02,919 Speaker 2: the concern going back to the geo politics of it 517 00:27:02,930 --> 00:27:06,819 Speaker 2: all is states seem less and less inclined to be multilateral. 518 00:27:06,829 --> 00:27:09,160 Speaker 2: So for technology like this I think we really need 519 00:27:09,170 --> 00:27:12,339 Speaker 2: to think about what the community and the private sector 520 00:27:12,349 --> 00:27:14,780 Speaker 2: can do to help to improve the transparency of it. 521 00:27:14,849 --> 00:27:15,000 Speaker 2: You know, 522 00:27:15,010 --> 00:27:15,280 Speaker 1: Nick, 523 00:27:15,290 --> 00:27:16,760 Speaker 1: when you were saying that I was basically thinking of 524 00:27:16,770 --> 00:27:18,979 Speaker 1: the parallel between climate change and cybersecurity. 525 00:27:19,310 --> 00:27:22,500 Speaker 1: The exter analogies are so substantial that you trying to 526 00:27:22,510 --> 00:27:24,629 Speaker 1: take your foot within your own borders doesn't work. You've 527 00:27:24,640 --> 00:27:27,339 Speaker 1: got to work the whole global community. Yes. 528 00:27:27,349 --> 00:27:30,770 Speaker 2: And I think the parallels with climate change are, you know, 529 00:27:30,780 --> 00:27:33,188 Speaker 2: the magnitude and the scale of the problems are so 530 00:27:33,199 --> 00:27:37,510 Speaker 2: significant that they can feel so daunting that individually, we 531 00:27:37,520 --> 00:27:39,859 Speaker 2: rescind and we retract from trying to be a part 532 00:27:39,869 --> 00:27:40,629 Speaker 2: of the solution. 533 00:27:41,180 --> 00:27:43,270 Speaker 2: I think this is something we've seen a lot in 534 00:27:43,280 --> 00:27:46,569 Speaker 2: the world of business and the SEC published directors recently 535 00:27:46,579 --> 00:27:50,359 Speaker 2: to make sure that boards that were uh regulated by 536 00:27:50,369 --> 00:27:53,760 Speaker 2: the SEC had accountability of Cyber. I think that's a 537 00:27:53,770 --> 00:27:57,909 Speaker 2: great first step towards ensuring that everyone realized we are 538 00:27:57,920 --> 00:28:00,869 Speaker 2: part of the solution. All of us use cell phones, 539 00:28:00,880 --> 00:28:03,910 Speaker 2: all of us have smart watches. Now we have smart homes, 540 00:28:03,920 --> 00:28:04,920 Speaker 2: we are connected, 541 00:28:05,119 --> 00:28:09,119 Speaker 2: we are responsible as well for not just our security 542 00:28:09,199 --> 00:28:13,280 Speaker 2: but ensuring that we are pushing technology and innovation direction 543 00:28:13,290 --> 00:28:15,020 Speaker 2: that's going to be a net positive for the 544 00:28:15,030 --> 00:28:15,410 Speaker 2: world. 545 00:28:16,170 --> 00:28:18,719 Speaker 1: We do connectedness. I was at a board meeting in 546 00:28:18,790 --> 00:28:24,000 Speaker 1: Singapore last week and during the my presentation, somebody's doorbell 547 00:28:24,010 --> 00:28:27,150 Speaker 1: back in Oslo rang and he was like, who's you know, 548 00:28:27,160 --> 00:28:29,000 Speaker 1: knocking on my door and he was taking it out. 549 00:28:29,339 --> 00:28:33,379 Speaker 1: Um, Nick, you live in the US, you face a 550 00:28:33,390 --> 00:28:36,219 Speaker 1: lot of American companies, but you're visiting Singapore. I'm assuming 551 00:28:36,229 --> 00:28:37,739 Speaker 1: during your stay here, you'll be talking to a lot 552 00:28:37,750 --> 00:28:43,160 Speaker 1: of Singaporean companies. What's your sense of Singapore? Is Singaporean 553 00:28:43,530 --> 00:28:46,040 Speaker 1: population susceptible to more 554 00:28:46,439 --> 00:28:50,829 Speaker 1: scams and cyber scams than other countries. Our Singapore institutions 555 00:28:50,839 --> 00:28:52,790 Speaker 1: facing it better than others. Just give us a sense 556 00:28:52,800 --> 00:28:54,619 Speaker 1: from an international perspective. 557 00:28:54,630 --> 00:28:58,589 Speaker 2: I'm always fascinated when I come by Singapore because you're 558 00:28:58,599 --> 00:29:03,359 Speaker 2: very much one of the most connected economies, connected societies 559 00:29:03,369 --> 00:29:03,750 Speaker 2: in the world. 560 00:29:03,824 --> 00:29:05,724 Speaker 2: And I think that's both a blessing and a curse 561 00:29:05,734 --> 00:29:08,685 Speaker 2: when we think about cyber because I think the level 562 00:29:08,694 --> 00:29:11,645 Speaker 2: of awareness and education around the problem, the government has 563 00:29:11,655 --> 00:29:15,165 Speaker 2: done a lot of work at discussing the issue with 564 00:29:15,175 --> 00:29:18,814 Speaker 2: the private sector. There's been regulations that have been sectoral 565 00:29:18,824 --> 00:29:23,484 Speaker 2: and national around the issue. Um And at the same 566 00:29:23,494 --> 00:29:26,484 Speaker 2: time because it is such a connected economy, we do 567 00:29:26,494 --> 00:29:30,364 Speaker 2: see a lot of attacks in Singapore proportionally speaking, 568 00:29:30,989 --> 00:29:34,020 Speaker 2: not any different than many other places in the world. 569 00:29:34,030 --> 00:29:37,530 Speaker 2: But I think you are by virtue of the concentration 570 00:29:37,750 --> 00:29:42,800 Speaker 2: of high tech businesses between finance, health care, tech, all 571 00:29:42,810 --> 00:29:46,250 Speaker 2: of these businesses that have a larger attack surface than 572 00:29:46,260 --> 00:29:49,209 Speaker 2: most and also one of the largest shipping ports in 573 00:29:49,219 --> 00:29:51,619 Speaker 2: the world. And we are seeing a huge amount of 574 00:29:51,630 --> 00:29:53,849 Speaker 2: businesses investing in Singapore. 575 00:29:54,469 --> 00:29:57,560 Speaker 2: That is a perfect recipe for cyber threat, actors of 576 00:29:57,569 --> 00:30:00,869 Speaker 2: all ilks to target the country. I think when we 577 00:30:00,880 --> 00:30:03,020 Speaker 2: look at major data breaches that have occurred in the 578 00:30:03,030 --> 00:30:04,989 Speaker 2: past few years, you know, whether these be in the 579 00:30:05,000 --> 00:30:09,180 Speaker 2: healthcare sector, we've had breaches in the telecommunications space very 580 00:30:09,189 --> 00:30:13,250 Speaker 2: recently in the law firms, uh sector of professional service industry. 581 00:30:13,319 --> 00:30:15,390 Speaker 2: Those trends mirror very much 582 00:30:15,495 --> 00:30:19,395 Speaker 2: what we are seeing elsewhere. I think the real challenge 583 00:30:19,406 --> 00:30:22,316 Speaker 2: for Singapore in the years ahead is how to continue 584 00:30:22,326 --> 00:30:27,735 Speaker 2: maximizing the opportunities that come from this incredibly connected population. 585 00:30:28,125 --> 00:30:31,635 Speaker 2: I'm fascinated every time when you look at the infrastructure, 586 00:30:31,645 --> 00:30:36,316 Speaker 2: the roads, the public transport, the applications that exist for 587 00:30:36,702 --> 00:30:41,401 Speaker 2: hailing a cab are remarkably ahead of many other places 588 00:30:41,411 --> 00:30:44,612 Speaker 2: around the world. But that creates a layer of vulnerability. 589 00:30:44,781 --> 00:30:48,462 Speaker 2: And I think when I look at the landscape here, 590 00:30:48,631 --> 00:30:53,511 Speaker 2: there's been probably a less less lesser concern around the 591 00:30:53,521 --> 00:30:56,921 Speaker 2: top level geopolitical risk, although that may very well change 592 00:30:56,932 --> 00:30:57,842 Speaker 2: in the near future, 593 00:30:58,130 --> 00:31:02,130 Speaker 2: but more concern around criminality and that's absolutely where we 594 00:31:02,140 --> 00:31:05,040 Speaker 2: see it scams are rife. I think the advent of 595 00:31:05,050 --> 00:31:07,459 Speaker 2: generative A I is going to trigger even more. You know, 596 00:31:07,469 --> 00:31:10,209 Speaker 2: we are in a city in a country where there's 597 00:31:10,219 --> 00:31:13,660 Speaker 2: 3 to 4 primary languages spoken for business and for 598 00:31:13,670 --> 00:31:16,420 Speaker 2: sort of transactions that opens a lot of doors for 599 00:31:16,430 --> 00:31:19,550 Speaker 2: spear phishing, for scams for all of these sort of things. 600 00:31:19,630 --> 00:31:23,250 Speaker 2: And I think it is balancing that opportunity with the 601 00:31:23,260 --> 00:31:26,020 Speaker 2: risks that is a challenge moving forward. But I'd certainly 602 00:31:26,030 --> 00:31:27,089 Speaker 2: say on par 603 00:31:27,780 --> 00:31:30,400 Speaker 2: the exposure is greater, but actually, there's been also great 604 00:31:30,410 --> 00:31:32,849 Speaker 2: works and companies here are very aware of the issue 605 00:31:32,859 --> 00:31:35,939 Speaker 2: and are certainly getting more and more aware and investing 606 00:31:35,949 --> 00:31:37,050 Speaker 2: more and more in security. 607 00:31:37,219 --> 00:31:40,030 Speaker 1: Yeah. No, no doubt about the investment aspect. And I 608 00:31:40,040 --> 00:31:43,439 Speaker 1: think that firms and the government are, you know, very 609 00:31:43,449 --> 00:31:47,790 Speaker 1: enthusiastic investors and procure of, you know, technologies to sort 610 00:31:47,800 --> 00:31:52,189 Speaker 1: of prevent or, or reduce the fallout from cybercrime. Uh 611 00:31:52,859 --> 00:31:55,290 Speaker 1: You mentioned generative A I. So let's talk about A 612 00:31:55,300 --> 00:31:55,920 Speaker 1: I a little bit. 613 00:31:56,250 --> 00:32:00,469 Speaker 1: Uh So even before large language models came in, you know, 614 00:32:00,479 --> 00:32:03,189 Speaker 1: just the application of A I itself meant that, you know, 615 00:32:03,199 --> 00:32:07,229 Speaker 1: one can again run complex algorithms and iterative calculations to 616 00:32:07,359 --> 00:32:11,900 Speaker 1: break codes or uh learn people's behavior and then apply 617 00:32:11,910 --> 00:32:15,589 Speaker 1: it against them, that sort of stuff. Now, this 18 months, 618 00:32:15,599 --> 00:32:18,650 Speaker 1: 16 months of LM MS uh are the hackers of 619 00:32:18,660 --> 00:32:19,089 Speaker 1: the world 620 00:32:19,099 --> 00:32:21,270 Speaker 2: picking it up and the world's still here, as far 621 00:32:21,280 --> 00:32:23,989 Speaker 2: as I'm aware, we're not in a simulation yet. Um 622 00:32:24,329 --> 00:32:26,910 Speaker 2: So, yeah, I think there's, there's been a bit of 623 00:32:26,920 --> 00:32:29,989 Speaker 2: um there's been a bit of a, a balancing of 624 00:32:30,000 --> 00:32:33,260 Speaker 2: public consciousness around the development of the technology. So to 625 00:32:33,270 --> 00:32:35,969 Speaker 2: answer your direct question, yes, we're seeing hackers beginning to 626 00:32:35,979 --> 00:32:38,939 Speaker 2: use it. And I think particularly in social engineering attempts, 627 00:32:38,949 --> 00:32:41,699 Speaker 2: there was a very notable case of an engineering firm 628 00:32:41,709 --> 00:32:44,569 Speaker 2: in Hong Kong that was breached for about $20 million 629 00:32:44,739 --> 00:32:47,920 Speaker 2: and it was a deep fake voicemail that allowed the 630 00:32:47,930 --> 00:32:51,020 Speaker 2: breach to occur. So somebody's voice had been mimicked. And 631 00:32:51,030 --> 00:32:54,349 Speaker 2: I think in a sort of spectrum of risks that 632 00:32:54,359 --> 00:32:57,900 Speaker 2: we're anticipating from generative A I, we're really in phase one, 633 00:32:57,910 --> 00:33:01,920 Speaker 2: which is that disinformation, deep fake social engineering. 634 00:33:02,359 --> 00:33:05,729 Speaker 2: How do hackers use it? They will use it to 635 00:33:05,739 --> 00:33:10,219 Speaker 2: very rapidly create tailored emails to target their targets based 636 00:33:10,229 --> 00:33:12,760 Speaker 2: on their linkedin profile. It's not something they haven't done before. 637 00:33:12,770 --> 00:33:17,020 Speaker 2: They just go quicker or maybe to translate into Mandarin 638 00:33:17,150 --> 00:33:20,380 Speaker 2: when they normally only speak Portuguese. And there we go. 639 00:33:20,390 --> 00:33:22,930 Speaker 2: The spear phishing email looks much more credible and much 640 00:33:22,939 --> 00:33:23,540 Speaker 2: more likable, 641 00:33:24,709 --> 00:33:28,380 Speaker 2: but it hasn't been a total collapse that some were predicting. 642 00:33:28,390 --> 00:33:32,569 Speaker 2: And I think in part, it's largely because of how 643 00:33:32,599 --> 00:33:35,880 Speaker 2: challenging the education about what it is that we talk 644 00:33:35,890 --> 00:33:38,329 Speaker 2: about when we talk about general A I and I'm 645 00:33:38,339 --> 00:33:40,439 Speaker 2: sure it's been the same in your firms and in 646 00:33:40,449 --> 00:33:42,930 Speaker 2: the conversations you've had in the communities, there is a 647 00:33:42,939 --> 00:33:47,089 Speaker 2: very varied level of understanding of what the tech can 648 00:33:47,099 --> 00:33:50,810 Speaker 2: do today. Its possibilities in the future are tremendous, but 649 00:33:50,819 --> 00:33:54,010 Speaker 2: we are still seeing just the very beginnings of the application. 650 00:33:54,260 --> 00:33:56,500 Speaker 2: So what we thought was going to revolutionize the world 651 00:33:56,510 --> 00:33:59,239 Speaker 2: in two months, you know, 18 months, we're still here 652 00:33:59,250 --> 00:34:01,250 Speaker 2: and there's still a lot of great things that have happened. 653 00:34:01,260 --> 00:34:03,680 Speaker 2: But by no means what the public may have expected, 654 00:34:04,329 --> 00:34:06,819 Speaker 2: I think when we look to the future, there are 655 00:34:06,829 --> 00:34:10,909 Speaker 2: indeed considerations from a cyber perspective where it's a barbaric term, 656 00:34:10,919 --> 00:34:14,290 Speaker 2: but it's existed for a while, but it's called Polymorphic malware. 657 00:34:14,469 --> 00:34:17,469 Speaker 2: So it's the ability of computer code to adapt to 658 00:34:17,479 --> 00:34:21,949 Speaker 2: its environment to know if it's sitting on a Windows 659 00:34:21,959 --> 00:34:25,030 Speaker 2: system or a MAC system or an I OS system. 660 00:34:25,280 --> 00:34:29,449 Speaker 2: And we do expect small language models to be included 661 00:34:29,459 --> 00:34:31,040 Speaker 2: in malware development so that 662 00:34:31,310 --> 00:34:34,010 Speaker 2: there's less and less need for human operators, much like 663 00:34:34,020 --> 00:34:38,010 Speaker 2: we are using LMS to reduce the need for traders 664 00:34:38,020 --> 00:34:39,919 Speaker 2: to kind of look at every single bit of the 665 00:34:39,929 --> 00:34:42,600 Speaker 2: trades that they're doing to gain speed in the research 666 00:34:42,729 --> 00:34:45,679 Speaker 2: that they do. And so it's always a sort of 667 00:34:45,689 --> 00:34:49,000 Speaker 2: arms race between the good guys and the bad guys. 668 00:34:49,010 --> 00:34:52,270 Speaker 2: It's whatever we develop to either defend or to do 669 00:34:52,280 --> 00:34:56,149 Speaker 2: our day to day work, they develop to exploit or attack. 670 00:34:56,300 --> 00:34:59,370 Speaker 2: And so we will see more, it's still very much 671 00:34:59,379 --> 00:34:59,919 Speaker 2: in its infancy. 672 00:35:01,179 --> 00:35:04,689 Speaker 1: OK. Um On that, uh there's a lot of foundation 673 00:35:04,699 --> 00:35:07,959 Speaker 1: of cybersecurity built around cryptography and the whole Blockchain is 674 00:35:07,969 --> 00:35:12,040 Speaker 1: built on the foundation of cryptography. Uh putting aside L 675 00:35:12,050 --> 00:35:16,060 Speaker 1: MS but just the other exciting science fiction area which 676 00:35:16,070 --> 00:35:21,050 Speaker 1: is quantum are these cryptographic foundation of modern technology at threat. 677 00:35:21,060 --> 00:35:22,759 Speaker 2: So you can, yeah, I think they, I think they 678 00:35:22,770 --> 00:35:25,729 Speaker 2: are um the question is more difficult to answer if 679 00:35:25,739 --> 00:35:28,159 Speaker 2: you ask me when. Uh but certainly 680 00:35:28,739 --> 00:35:31,850 Speaker 2: in the concept stages. And we have seen, you know 681 00:35:31,860 --> 00:35:33,879 Speaker 2: now that the public is getting in a lot of 682 00:35:33,889 --> 00:35:36,340 Speaker 2: boards of fine, we understand A I the next question 683 00:35:36,350 --> 00:35:42,209 Speaker 2: is quantum computing and quantum telecommunication, which do theoretically pose 684 00:35:42,219 --> 00:35:45,719 Speaker 2: a systemic risk to encryption everywhere around the world. And 685 00:35:45,729 --> 00:35:48,850 Speaker 2: I think encryption will only be the beginning quantum computing 686 00:35:49,385 --> 00:35:52,524 Speaker 2: in its commercial applications. And as far as we can 687 00:35:52,534 --> 00:35:56,245 Speaker 2: tell because again, it is very much not out there yet. 688 00:35:56,445 --> 00:35:59,225 Speaker 2: There are proof of concepts, there are some small scale 689 00:35:59,235 --> 00:36:04,814 Speaker 2: applications but we still have massive physics challenge to resolve 690 00:36:04,824 --> 00:36:06,215 Speaker 2: to deploy commercially 691 00:36:06,479 --> 00:36:12,260 Speaker 2: will absolutely jeopardize the very foundation of encryption as we 692 00:36:12,270 --> 00:36:15,620 Speaker 2: designed it because it will allow for cracking. What would 693 00:36:15,629 --> 00:36:19,020 Speaker 2: take today billions of years to crack a password using 694 00:36:19,030 --> 00:36:22,219 Speaker 2: RS A encryption theoretically could take less than a few 695 00:36:22,229 --> 00:36:26,239 Speaker 2: hours with a quantum computer. Now, I think quantum for 696 00:36:26,250 --> 00:36:31,090 Speaker 2: me is emblematic of again, that exponential curve in technology. 697 00:36:31,550 --> 00:36:34,739 Speaker 2: Um we are living in an era where I think 698 00:36:34,750 --> 00:36:36,138 Speaker 2: it took, you know, 699 00:36:37,000 --> 00:36:39,439 Speaker 2: 60 years for a million people to gain access to 700 00:36:39,449 --> 00:36:42,840 Speaker 2: the radio. Then 40 years for people to get access 701 00:36:42,850 --> 00:36:46,570 Speaker 2: to the TV. Then 20 years for 1 million people 702 00:36:46,580 --> 00:36:49,060 Speaker 2: to have access to the internet, it took four hours 703 00:36:49,070 --> 00:36:51,469 Speaker 2: for 1 million people to use chat GP T. And 704 00:36:51,739 --> 00:36:54,540 Speaker 2: that curve is very much a again, a symptom of 705 00:36:54,550 --> 00:36:57,409 Speaker 2: the foundations that we are building upon. Those building blocks 706 00:36:57,419 --> 00:36:58,100 Speaker 2: are still here. 707 00:36:58,310 --> 00:37:03,050 Speaker 2: So quantum is really about computational capabilities we are going 708 00:37:03,060 --> 00:37:05,409 Speaker 2: to live in an era where a lot of the 709 00:37:05,419 --> 00:37:08,189 Speaker 2: current security and defensive measures we've put in place that 710 00:37:08,199 --> 00:37:12,549 Speaker 2: are reliant on the limitations in our current computing capabilities 711 00:37:12,679 --> 00:37:14,469 Speaker 2: will have to be rethought. 712 00:37:14,804 --> 00:37:17,445 Speaker 2: And that's going to be a very significant effort by 713 00:37:17,455 --> 00:37:19,354 Speaker 2: everyone and costly. 714 00:37:19,794 --> 00:37:23,824 Speaker 1: Right now, I'm assuming scientists are fully cognizant of the 715 00:37:23,834 --> 00:37:28,084 Speaker 1: theoretical threat posed by quantum. And the really smart ones 716 00:37:28,094 --> 00:37:31,225 Speaker 1: are trying to already figure out some countermeasure to that. 717 00:37:31,540 --> 00:37:34,689 Speaker 1: Uh I mean, so like the day somebody says we 718 00:37:34,699 --> 00:37:37,719 Speaker 1: have a fully operational quantum computer, the world doesn't completely 719 00:37:37,729 --> 00:37:40,409 Speaker 1: panic and sell everything they have hopefully, is there some 720 00:37:40,419 --> 00:37:41,320 Speaker 1: hope like that? There, 721 00:37:41,330 --> 00:37:41,549 Speaker 2: there 722 00:37:41,560 --> 00:37:43,760 Speaker 2: is some hope. And I think, you know, the scientific 723 00:37:43,770 --> 00:37:47,239 Speaker 2: community does what the scientific community should do. They're innovating 724 00:37:47,250 --> 00:37:48,639 Speaker 2: and much 725 00:37:48,729 --> 00:37:54,820 Speaker 2: like what we've seen in other major societal and economic evolutions, 726 00:37:55,239 --> 00:37:58,388 Speaker 2: they are not necessarily thinking about this from a purely 727 00:37:58,399 --> 00:38:00,540 Speaker 2: risk based perspective and you wouldn't want them to. This 728 00:38:00,550 --> 00:38:02,649 Speaker 2: is also one of the benefits. I think of all 729 00:38:02,659 --> 00:38:05,830 Speaker 2: the noise around gen A I, we had certain suddenly 730 00:38:06,239 --> 00:38:10,549 Speaker 2: a lot of people around the world became technology, ethical specialists. 731 00:38:10,560 --> 00:38:13,340 Speaker 2: And you know, everybody has an opinion of what's good, 732 00:38:13,350 --> 00:38:16,560 Speaker 2: what's bad in this space. That is part of where 733 00:38:16,570 --> 00:38:19,370 Speaker 2: I think the checks and balances that are happening across 734 00:38:19,379 --> 00:38:22,600 Speaker 2: a lot of places in the world, in government, in academia, 735 00:38:22,919 --> 00:38:26,290 Speaker 2: in the R and D community is around having a 736 00:38:26,300 --> 00:38:29,379 Speaker 2: multidisciplinary group of people around the table. And this is 737 00:38:29,389 --> 00:38:31,388 Speaker 2: what we say a lot to boards and executives when 738 00:38:31,399 --> 00:38:34,669 Speaker 2: we meet them. And we talk about these emerging technology issues. 739 00:38:35,399 --> 00:38:39,419 Speaker 2: You have to look at this across the spectrum of 740 00:38:39,429 --> 00:38:44,698 Speaker 2: your business, your risks, your duty of care, your social responsibility, 741 00:38:44,709 --> 00:38:49,129 Speaker 2: your esg obligations, all of these are deeply interlinked and 742 00:38:49,189 --> 00:38:52,379 Speaker 2: without doing so, we run the risk of really generating 743 00:38:52,389 --> 00:38:56,110 Speaker 2: technology or employing technology that ultimately will harm our businesses 744 00:38:56,120 --> 00:38:57,580 Speaker 2: or societies or our people. 745 00:38:58,290 --> 00:39:01,189 Speaker 1: Fascinating though, Nick, you're not a large language model. So 746 00:39:01,199 --> 00:39:04,100 Speaker 1: I'm not gonna ask you to summarize in 20 words, 747 00:39:04,110 --> 00:39:07,340 Speaker 1: the two hour presentations you make to companies. But um 748 00:39:07,560 --> 00:39:10,330 Speaker 1: give us a sense of some of the best practices 749 00:39:10,340 --> 00:39:13,600 Speaker 1: that you're urging companies and boards to adopt in dealing 750 00:39:13,610 --> 00:39:14,139 Speaker 1: with cybersecurity. 751 00:39:14,754 --> 00:39:14,935 Speaker 2: Yeah, I 752 00:39:14,945 --> 00:39:19,044 Speaker 2: think the the three things I would let companies sort 753 00:39:19,054 --> 00:39:22,104 Speaker 2: of really focus on is first get the basics, right? 754 00:39:22,114 --> 00:39:24,514 Speaker 2: And I think still today we talk about ja I 755 00:39:24,554 --> 00:39:27,984 Speaker 2: we talk about quantum, the vast majority of businesses get 756 00:39:27,995 --> 00:39:32,104 Speaker 2: compromised by a simple phishing email and that will never 757 00:39:32,114 --> 00:39:35,104 Speaker 2: go away. We need to be realistic no matter how 758 00:39:35,114 --> 00:39:39,024 Speaker 2: much technical spend we make. This is a human problem. 759 00:39:39,235 --> 00:39:42,824 Speaker 2: And so continue with the basics and education in your 760 00:39:42,834 --> 00:39:43,415 Speaker 2: business 761 00:39:44,080 --> 00:39:48,830 Speaker 2: as you do this. The second layer is think strategically 762 00:39:48,840 --> 00:39:53,219 Speaker 2: about technology, not just in terms of security, but in 763 00:39:53,229 --> 00:39:57,679 Speaker 2: terms of your resilience over the entire span of your business. 764 00:39:57,860 --> 00:40:00,870 Speaker 2: One of the things I'm always surprised by is boards 765 00:40:00,879 --> 00:40:01,658 Speaker 2: and executives are 766 00:40:01,750 --> 00:40:05,429 Speaker 2: comfortable doing market entry analysis. We should be doing technology 767 00:40:05,439 --> 00:40:09,830 Speaker 2: entry analysis. Why are we picking this? Lm why this 768 00:40:09,840 --> 00:40:14,360 Speaker 2: cloud provider? Why are we venturing into this space? Those 769 00:40:14,370 --> 00:40:16,780 Speaker 2: questions need to be asked at the most senior level 770 00:40:16,790 --> 00:40:19,449 Speaker 2: in business to get a holistic view of the risk. 771 00:40:19,739 --> 00:40:22,129 Speaker 2: And then the last thing I would do is don't 772 00:40:22,139 --> 00:40:25,540 Speaker 2: be afraid to look at both risk and opportunities over 773 00:40:25,550 --> 00:40:26,810 Speaker 2: a long term horizon. 774 00:40:27,590 --> 00:40:30,479 Speaker 2: Again, the parallel with climate change, I think are really 775 00:40:30,489 --> 00:40:34,239 Speaker 2: important here. We can be worried about today, but our 776 00:40:34,250 --> 00:40:40,100 Speaker 2: executives and boards have a responsibility towards tomorrow and today, 777 00:40:40,139 --> 00:40:42,179 Speaker 2: we need to make sure we do the basics, right? 778 00:40:42,300 --> 00:40:44,270 Speaker 2: We need to prepare for what is going to be 779 00:40:44,280 --> 00:40:46,929 Speaker 2: a very different world in 5, 1015 years. And when 780 00:40:46,939 --> 00:40:49,949 Speaker 2: we think about cyber, it is talking about what does 781 00:40:49,959 --> 00:40:51,129 Speaker 2: our business want to be? 782 00:40:51,610 --> 00:40:55,109 Speaker 2: Do we want to have access to the latest technology 783 00:40:55,149 --> 00:40:57,510 Speaker 2: and manage the risks? Do we want to be maybe 784 00:40:57,520 --> 00:41:00,949 Speaker 2: second line adopters? And first see how the technology evolves. 785 00:41:00,959 --> 00:41:04,699 Speaker 2: And importantly, how do we look at implementation as a 786 00:41:04,709 --> 00:41:08,629 Speaker 2: cultural phenomenon within our enterprises, how are users going to 787 00:41:08,639 --> 00:41:11,830 Speaker 2: think about it? And this requires that long term vision 788 00:41:11,840 --> 00:41:13,870 Speaker 2: much like we do long term business strategy, 789 00:41:13,969 --> 00:41:16,790 Speaker 2: we should do long term technology risk assessments? 790 00:41:16,929 --> 00:41:20,969 Speaker 1: Fantastic final question. Um you mentioned earlier that, you know, 791 00:41:20,979 --> 00:41:24,350 Speaker 1: financial sector has always been sort of the forefront of 792 00:41:24,360 --> 00:41:29,000 Speaker 1: balancing user experience with infrastructural security and so on beyond 793 00:41:29,010 --> 00:41:32,350 Speaker 1: financial sector, when you look around the healthcare defense uh 794 00:41:32,360 --> 00:41:36,189 Speaker 1: other education schools, which sectors look to you 795 00:41:36,679 --> 00:41:40,899 Speaker 1: fairly resilient and smartly managed and which sectors do you 796 00:41:40,909 --> 00:41:42,620 Speaker 1: look to you the most vulnerable? 797 00:41:42,679 --> 00:41:45,780 Speaker 2: Yeah, II, I think we've seen a real leaps and 798 00:41:45,790 --> 00:41:50,050 Speaker 2: bounds in the tech sector and, and particularly sort of 799 00:41:50,310 --> 00:41:54,370 Speaker 2: um I'd say technology as a service that's been a 800 00:41:54,379 --> 00:41:59,040 Speaker 2: massive because they've become so critical to the actual businesses 801 00:41:59,050 --> 00:42:03,209 Speaker 2: of others. And if you're Amazon Ali or if you're 802 00:42:03,219 --> 00:42:07,080 Speaker 2: Microsoft your business is security, security of your consumer data. 803 00:42:07,090 --> 00:42:09,010 Speaker 2: And I think much like the banks, they've had to 804 00:42:09,020 --> 00:42:11,049 Speaker 2: rapidly adapt their business models. 805 00:42:11,409 --> 00:42:15,520 Speaker 2: I think where I have deep concerns and um you know, 806 00:42:15,530 --> 00:42:19,149 Speaker 2: health care has been a real area of concern because 807 00:42:19,389 --> 00:42:24,389 Speaker 2: health care is incredibly complex as a sector from hospitals 808 00:42:24,399 --> 00:42:27,790 Speaker 2: to insurance to sort of now we have, you know, 809 00:42:27,800 --> 00:42:30,540 Speaker 2: health tech providers, farmers, 810 00:42:30,784 --> 00:42:33,955 Speaker 2: but the real concern is the value of personal health 811 00:42:33,965 --> 00:42:38,424 Speaker 2: information is incredibly significant to a hacker. It gives us 812 00:42:38,435 --> 00:42:42,354 Speaker 2: insights into people, it gives us insights into some of 813 00:42:42,364 --> 00:42:45,875 Speaker 2: their challenges, but also how to reach into them and 814 00:42:45,885 --> 00:42:48,915 Speaker 2: how to social engineer them that makes it very attractive 815 00:42:48,925 --> 00:42:49,715 Speaker 2: for threat actor. 816 00:42:50,149 --> 00:42:52,428 Speaker 2: The other sector that I have a long term worry 817 00:42:52,439 --> 00:42:56,350 Speaker 2: of is my sector, professional services. And I think because 818 00:42:56,360 --> 00:43:00,569 Speaker 2: we sometimes forget we are part of so many supply chains. 819 00:43:00,580 --> 00:43:04,280 Speaker 2: We work with businesses across all verticals, whether you're a 820 00:43:04,290 --> 00:43:07,679 Speaker 2: law firm or consulting organizations, we have access to a 821 00:43:07,689 --> 00:43:09,770 Speaker 2: lot of data, a lot of sensitive data 822 00:43:09,885 --> 00:43:13,544 Speaker 2: and we sometimes make for the worst patients. It's like 823 00:43:13,554 --> 00:43:16,955 Speaker 2: doctors make for the worst patients, consultants and professional service 824 00:43:16,965 --> 00:43:20,395 Speaker 2: industries sometimes make for the worst patients because we think 825 00:43:20,405 --> 00:43:22,484 Speaker 2: we know better. And I think I will always stress 826 00:43:22,495 --> 00:43:26,054 Speaker 2: on my clients and certainly everyone out there ask those 827 00:43:26,064 --> 00:43:29,533 Speaker 2: questions in the discussions with your providers because again, 828 00:43:30,409 --> 00:43:32,810 Speaker 2: it is a supply chain issue. It is very much 829 00:43:32,820 --> 00:43:34,439 Speaker 2: the weakest link in the chain and all of our 830 00:43:34,449 --> 00:43:37,449 Speaker 2: business are connected now and it will be very difficult 831 00:43:37,459 --> 00:43:40,569 Speaker 2: to disconnect them. So that's probably where I'd see the 832 00:43:40,580 --> 00:43:41,669 Speaker 2: sort of good and the bad. 833 00:43:42,010 --> 00:43:44,830 Speaker 1: Absolutely fascinating. Nick Race. Thank you so much for your 834 00:43:44,840 --> 00:43:45,669 Speaker 1: time and insights. 835 00:43:45,679 --> 00:43:46,010 Speaker 2: Thank 836 00:43:46,020 --> 00:43:47,709 Speaker 2: you very much for having me. It's been a pleasure. 837 00:43:47,719 --> 00:43:47,989 Speaker 1: It's 838 00:43:48,000 --> 00:43:51,080 Speaker 1: been great and thanks also to our listeners. Copy Time 839 00:43:51,090 --> 00:43:53,909 Speaker 1: was produced by Ken Delbridge Violet, Lee and Daisy Sharma 840 00:43:53,919 --> 00:43:57,770 Speaker 1: provided additional assistance. All 123 episodes of the podcast are 841 00:43:57,780 --> 00:44:00,310 Speaker 1: available on Apple Google and Spotify, as well as on 842 00:44:00,320 --> 00:44:04,310 Speaker 1: youtube as for our research publications, webinars and all other 843 00:44:04,320 --> 00:44:06,600 Speaker 1: material that we put out. You can find them by 844 00:44:06,610 --> 00:44:09,469 Speaker 1: Googling D BS research library. Have a great day.