The Cyber Trust Landscape Report 2022

Share on facebook
Share on twitter
Share on linkedin

by Ajay Singh, Advisor at WOPLLI Technologies, Corporate Adviser/Fellow Institute of Directors/Former CEO/Author of – CyberStrong: A Primer on Cyber Risk Management for Business Managers (SAGE Publications 2020) and Vikas Malhotra, Founder & CEO at WOPLLI Technologies

ABSTRACT

The year 2021 marks a major shift in the ‘trust factor’ in digital ecosystem. In the context of business enterprises and other organizations, digital trust refers to the level of confidence that consumers enjoy while interacting with them digitally for consuming their various services. The erosion of trust, prompted by apprehension at the way some organizations are using digital technology, could undermine the numerous benefits of digitalization and pose a serious threat to the growth of the digital economy. The Cyber Trust Landscape Report 2022 examines the major factors behind the decline of digital trust and highlights the importance of restoring trust in the digital eco-system.

INTRODUCTION

The World Economic Forum has observed that ‘declining trust, prompted by unease at the way some organizations are using digital technology, could undermine the societal benefits of digitalization.’ It goes on to suggest that trust in the digital economy is under threat (Digital Transformation – Reports – World Economic Forum, n.d.). Privacy and security breaches have contributed in a big way to weakened trust in both technology products and the industry sector but that is not all. Gone are the days when trust in digital systems was almost absolute. Concerns about trust were at best, a minimum, just a few years ago. From there, we have been on a slippery slope of erosion of digital trust. How did we bring this upon ourselves?

Firstly, individuals lacked an understanding of how the information they willingly shared on various Internet platforms could be used against them. Secondly, the Internet has become a haven for cheating unsuspecting consumers. Con artists are today adept at targeting, manipulation and misleading consumers of products, services, or information. Third, organizations gathering and keeping consumer data, have realized the value of information that they are holding and are not averse to misusing the same for their own gain and profits. Fourthly, advances in technology without responsibility or specific standards for security like in the case of Internet of Things (IoT) devices have opened avenues for exploitation of several vulnerabilities which are not in the best interests of their consumers. Lastly, while governments have increasingly been enacting new laws and regulations for the protection of privacy around the world, they themselves have been accused of negligence in handling personal information as well as misuse in the form of illegal surveillance and tracking citizens. The cumulative effect of all these is that digital trust has hit an all-time low. The year 2021 thus marks a major shift in the ‘trust factor’ in the digital ecosystem which represents the Internet economy.

In the context of business enterprises or other organizations, digital trust refers to the level of confidence that consumers enjoy while interacting with them digitally for consuming their various services. Important factors that influence digital trust include lack of transparency, misuse of personal data, illegal tracking, surveillance, spreading misinformation, unethical use of artificial intelligence, lack of reliability as well as the collective posture of organizations towards privacy and data security. The frequency and scale of cyber-attacks and data breaches have exposed the associated risks are also important factors that repeatedly shake the confidence of consumers.  We posit that the increase in cyber-attacks is the side effect of information collection that has been done for other uses. These are not disconnected events but the result of policy of data collection & hoarding.

While the number of people making purchases via the Internet has grown from 1.66 billion 5 years ago to 2.14 billion in 2021, according to statistics released by Statista, this is mainly a reflection of the convenience of purchasing online and not an indication of the ‘trust factor’. Increasingly, consumers are beginning to believe that organizations like ecommerce companies, social media platforms, banks, mobile operators, and others who are custodians of their personal data must do more to protect them and their personal information from cybercriminals. Trust in these organizations is eroding fast because consumers feel that they are dealing with a variety of cyber scams and threats daily. Under the backdrop of the pandemic, cyber threats and scams have touched record levels so much so that consumers are beginning to mistrust the very technology and processes designed to protect them from the risk of fraud and cybercrime.

Restoring digital trust is an urgent need and the time for this is NOW! With the proliferation and growth of digital products and services, consumers expect higher levels of transparency from the organizations they interact with. Increasingly when it comes to convincing consumers about the veracity of their claims about products and services offered and assuring them of protection of the privacy of their data, most organizations come up short & make advertisement-based claims without proof. To ensure the continued growth of their platforms they must commit to being transparent about their privacy protection measures and controls as well as provide consumers with the detailed information they seek regarding their products and services. Ideally, consumers must have the option of assuring themselves of product claims made by vendors through third party platforms.

2022 – A TIPPING POINT FOR DIGITAL TRUST – 6 REASONS

Reason-1 Record breaking data breaches and fines for privacy breaches and misuse of personal information

According to the Identity Theft Resource Center, 2021was predicted to be a record-breaking year for data breaches as the total number of data breaches through September 30, 2021, had already exceeded the total number of events in 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020(The Top Data Breaches of 2021 | Security Magazine, n.d.).

The ITRC research report further revealed that the manufacturing & utilities sector suffered forty-eight instances of compromises that impacted a total of 48,294,629 victims. Other sectors that were impacted by data breaches the healthcare sector with over 7 million victims, financial services (1.6 million victims), government (1.4 million victims) and professional services (1.5 million victims). Considering that many data breaches go unreported, these numbers are staggering in themselves.

A look at the sum of GDPR fines levied just in Q3 2021 shows that they hit nearly €1 billion—20 times greater than the totals for Q1 and Q2 2021 combined. In 2021 organizations fines included giant companies like Amazon ($877 million) and WhatsApp ($255 million). Common violations under GDPR fall into five categories(The Biggest GDPR Fines of 2021 | Eqs.Com, n.d.):

  1. Non-compliance with general data processing principles
  2. Insufficient fulfillment of information obligations
  3. Insufficient legal basis for data processing
  4. Insufficient technical and organizational measures to ensure information security
  5. Insufficient fulfilment of data subject rights

Threats to privacy are increasing at a rate that is alarming. If we do not act now to change our approach to management of data, we could end up with a disaster leading to unimaginable consequences in terms of damage caused. Fines and penalties are only a deterrent but unless we rethink our digital architecture and processes and ‘design-in’ privacy and security along with requisite enforcement mechanisms we may only be scratching the surface.

Reason-2 – New technologies bring new trust issues

The Pew Research Center had conducted a survey back in 2017 to determine the fate of online trust in the next decade. Their survey revealed that higher online participation does not mean a higher level of trust. One of the participants opined that ‘’Trust will be irrelevant. Hacking, identity theft, trolling, doxxing will become increasingly commonplace and a daily cost of doing business on the internet’’(The Fate of Online Trust in the Next Decade | Pew Research Center, n.d.). Even after four more years, this stands true.

The lure and promise of new technology are hard to resist. The UNCTAD Technology and Innovation Report 2021 observes that only a few countries currently create frontier technologies, but all countries need to prepare for them. The report lists 11 frontier technologies which include- Artificial Intelligence, IoT, Big Data, Blockchain, 3D Printing, Robotics, Drones, Gene editing, 5G, and Solar PV(Technology and Innovation Report 2021 | UNCTAD, n.d.). Most if not all these technologies have inherent trust issues which are often overlooked in the early stages of adoption. It can also be said that not all these technologies are entirely new, but what is important is that they are in various stages of proliferation. The report suggests that not all countries are equally prepared to adopt these technologies and most lack the required checks and balances to ensure a certain level of trust and assurance for consumers. While access to new technology is desirable it often creates a digital divide between those who are aware of the potential risks and those who do not. UNCTAD urges policymakers to reduce this risk and make frontier technologies contribute to increasing equality. Primary causes of the digital divide are low levels of literacy and digital awareness. Hence, trust and reliability must be the foundation of digital ecosystems and all stakeholders must take responsibility for ensuring this.

Organizations around the world are trying to implement ‘verify’ before your ‘trust’ approaches to secure their data and provide better data protection for their consumers, but aspects regarding privacy and the (mis?) use of personal information still remain largely unaddressed.

Reason-3 -Targeted, Manipulated, Misled- Buyers beware

One of the areas where trust issues have come to the center stage relates to the accuracy, quality, and veracity of information online and product claims on technology-based products such as IoT, Software and even services from high profile companies. High profile cyber-attacks in 2021 like the Colonial Pipeline attack, the Oldsmar Water Supply Plant in Florida and the Log4j show that hackers have become adept at using various attack vectors which can lead to dangerous and socially destabilizing consequences.

The Nobel Prize winning journalist Maria Ressa has said that “Without facts you cannot have the truth, without truth you cannot have trust and without any of these things you cannot have a functioning democracy.” If we extend the concept of a functioning democracy to the Internet, there are inherently many similarities. However, as this thinking and expression is implemented on Internet, we have all kinds of misinformation, fake news, false narratives, and misrepresentation proliferating leading to various levels of distrust. The key question is will trusted methods emerge that can block false narratives, provide avenues and mechanisms for verification, and ensure that asymmetry of information between producers and consumers is minimized?

There are several products (for example healthcare and food products) that require approval of regulatory authorities to ensure that claims made by manufacturers are valid, list of ingredients used must be made public to ensure that the safety and security of consumers is protected. However, when it comes to products related to technology such as IoT devices and even software, such transparency and verification is generally missing. Consumers of such products are often carried away by the hype around the products and do not have the means to verify ingredients’ such as components and their sources as well as the means to verify and validate claims made by manufacturers.

To boost transparency and enhance security, the Biden administration has directed the National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC) to explore and pilot a labeling program as part of the EO’s push to improve the security of software supply chains. The labeling program, which is similar to the Energy Star program for energy efficiency, will enable consumers to identify which IoT devices incorporate certain cybersecurity capabilities and have undergone comprehensive testing and assessment. This move is likely to be accepted around the world as a consumer centric measure with countries like Finland and Singapore also pursuing similar initiatives. This move can be a far reaching one and could be a gamechanger as far as building trust between consumers and suppliers is concerned and ensuring greater attention to security and safety aspects.

Reason-4- Countries vying with big tech for data sovereignty and control

Consumers have enjoyed the experience of buying online, being able to seek out products and services that they would like to consume as well as the comfort of having them delivered at their doorstep. For these conveniences they have willingly shared personal information with the belief that it will be safeguarded and not misused in any way. They have now begun to realize that information shared by them, including tracking of what they are seeking, where they are located and what they are purchasing is used to promote various goods and services. This by itself may not cause great concern among many, but there are an increasing number of people who find this as an intrusion on their privacy and makes them uneasy about the lack of control over their personal information.

Governments around the world have expressed concern over the misuse of personal information mainly by large technology companies and are today actively engaged in introducing privacy and data protection laws. As a result, today, over a hundred countries have privacy laws in place. However, Governments may have an agenda of their own and are vying with Big Tech to gain sovereign control over personal information of citizens.

The UNCTAD digital economy report of 2021 suggests that data flows have been expanding rapidly. In 2022, Global Internet Protocol traffic in 2022 – domestic and international – is expected to exceed all Internet traffic up to 2016. The COVID-19 pandemic has accelerated data flows and global Internet bandwidth saw its largest one-year increase since 2013(Digital Economy Report 2021 | UNCTAD, n.d.). Data flows that have been moving freely across countries so far and include information such as searches, communication, video, transactions, as well as personal information. Governments now want to exercise greater control over these data flows leading to ongoing tussle with big tech companies and private corporations who have had a free run over data flows so far.

The report also suggests that global debates on the governance of data and cross-border data flows need to be fully inclusive; they should ideally take place under the auspices of the United Nations. The outcome should result in the creation of a new institutional framework that should be multi-lateral, multi-disciplinary and multi-stakeholder. Such a framework would strike a balance between interests of different stakeholders and lay the foundation of a new digital trust regime that can boost economic growth.

Reason 5-Digital Trust straddles the digital and physical world

The digital world and the physical world are today interminably connected. The impact of cyber-attacks can be felt in the physical world affecting the security, safety, and wellbeing of humans.

We have already entered an area of Smart Everything…from smart appliances, smart cars, smart buildings to smart cities. As more communities begin to depend on smart technologies, the ‘trust factor’ assumes greater importance as almost all aspects of human existence whether at home or work will be governed by technology and digital systems.

Rapid adoption of new technologies like 5G, digitization of public transport ticketing services through the use of NFC cards, QR codes, and NFC wearable technologies, face recognition for surveillance, AI driven city service systems and critical IT/OT infrastructure could leave citizens more vulnerable.

Digital trust levels need to be much higher than they are today to enable users to carry out all their interaction with technology in every sphere of activity in a safe, secure, legal/ethical, and reliable way. Providing a greater degree of trust will not only involve using technology and innovation, but also the requisite processes and trained people to manage them.

Smart cities and devices also entail collection and analysis of large amounts of citizen information by public and private agencies. Legal systems alone will not be enough to ensure that critical aspects of personal information protection are not violated, and responsible innovation based on standards combined with ethical use of data is essential.

SecurityAssurance that actions and data are available only to authorized parties.
ReliabilityThe dependability of a process to operate correctly and within expected parameters
SafetyAvoiding injury or damage to persons, facilities, and the environment.
ResilienceThe ability to continue to operate under adverse conditions.
PrivacyA party’s ability to control the exposure of data associated with them.
Maintainability  Assurance that the system will remain operational in the future and can adapt and grow as needed
ComplianceThe ability to conform to requirements associated with a particular context.
Well-being  Preservation of livelihood, quality of life and environs, and minimization of disruption.
FairnessLack of bias, equal access, and transparency.
IntegrationThe ability to work with or alongside existing infrastructure and processes without disrupting them.
Measuring Utility/ImpactThe ability to perform the needed job and/or create the desired change expected by the system’s stakeholders.

An article published by the Observer Research Foundation proposes that ’The technological inclination of the next decade had better be towards digital trust, or we are all in for a much darker future. The vulnerabilities of digital technologies can no longer be treated as externalities to be passed on to end-users and citizens’ (For All Our Sakes, Building Digital Trust Had Better Be the Technology Trend of the 2020s | ORF, n.d.).

Reason No 6: We are now giving away more personal data than ever, despite growing risks

Most people are willing to give away their personal data to access different kinds of products and services available online. Even as data breaches and their related risks are at an all-time high, we are willing to give up our personal information for convenience and better services while working, socializing, entertaining ourselves and living our daily lives. We give such information at multiple service entry points, such as registration, login, messaging etc. And usually do not understand how that information will be handled or secured by the service provider. More than ever before we are dependent on new technologies and automation to run our lives. Giving away personal information for the convenience seems a small price. But is it?

Companies offering products and services online collect various kinds of information from us. To what end this data is being collected depends on what kind of businesses they are, but often it will result in targeted advertising and website management. Social media collects more data than anybody else through your device and in many cases even if you are not using the application directly, searches, and things you like and post, which can help to determine “hidden attributes about you that you didn’t even know you were sharing information about” according to Dr. Jennifer Golbeck computer scientist and an associate professor at the University of Maryland.

Apart from the personal data that we share with websites we also leave our digital footprints on the Internet such as:

Active digital footprints which consist of the information (about themselves or others) that users leave online mostly unknowingly while visiting websites, buying products, downloading content, uploading photos, creating profiles on social networks etc.

Passive digital footprints consist of the information users leave when they are online (e.g., through cookies, fingerprints, location data, use of smart devices).

All this information can in the wrong hands with malintent can put individuals into a lot of trouble. The right to personal data protection and privacy is one of the fundamental human rights. Unfortunately, the rapid development of digital technology and the Internet, this right has been seriously undermined to the point where all stakeholders must rethink their approach and reevaluate their commitment to privacy and data protection.

CONCLUSION

In the words of Dr Michio Kaku the well-known theoretical physicist, futurist, and popularizer of science ‘Now, privacy is another problem, but it’s a social problem because mores change with time. People must decide how far they want to go to embrace a digital lifestyle and, in the process, expose their life and personal finances to potential criminals on the internet; that is a social problem. This is a universal problem. For example, Mother Nature has spent three billion years combatting viruses. Nature is in a constant, never-ending battle with viruses. Similarly, we will also be in a perpetual battle with viruses. But how far we are willing to go to stop hacking, viruses, malware, etc. depends mainly on the political climate, not technology’(Michio Kaku Says Physics Could Create a Perfect Capitalism | World Economic Forum, n.d.).

We have reached a tipping point when decisions must be made regarding how far we are willing to give up our privacy and security to embrace innovative technologies. The Cambridge English dictionary defines a ‘tipping point’ as a time during an activity or process when an important decision has to be made or when a situation changes completely(TIPPING POINT | Meaning in the Cambridge English Dictionary, n.d.). The foregoing six reasons suggest that we have reached that point where we need to rethink all aspects of digital trust to build a digital eco-system for the future. We have often heard about learning from the past, but here is a case of learning from the future and understanding the norms, values, controls, and laws required to create an equitable, fair, and secure regime where trust issues such as privacy, integrity, transparency, reliability, and accountability are embedded into technology offerings and platforms. Only a trustworthy digital ecosystem can truly unleash the power of data for economic growth and social equity. The warning signals are all over as far as the erosion of digital trust is concerned, but we still have some trust left, let us do all we can to not lose it!

Share to your network:
Vikas Malhotra

Vikas Malhotra

Vikas Malhotra is Founder & CEO of WOPLLI Technologies. He is a technologist at heart and has steadily progressed global digitalization for the past 25+ years, while working at many enterprises and verticals. He has been an innovator and has pioneered technology, experiences, features and frameworks as an early adopter and implementer of technologies, most recently for Microsoft Cloud. Vikas has vast experience in areas of technology architecture, cyber security, privacy, laws, regulations & compliance & trust. Vikas has co-founded WOPLLITM with the vision of making our experiences (as we work, play, learn, live) safe, fair and trusted. He is a board member and contributor to many standards and frameworks including ForHumanity, Trust over IP Foundation, IEEE P2145 (Blockchain Governance) and NIST privacy working group. WOPLLITM has created and adopted architecture principles of human centricity, decentralization, distribution, heterogeneity and self-healing.

Ajay Singh

Ajay Singh

Ajay has over 35 years’ experience in the IT industry in different roles and was the CEO of an award winning fintech company for over a decade. He has considerable experience in leading and growing companies, corporate risk management, governance, and strategy, particularly with respect to the deployment and use of Information Technology. He has successfully led the development and deployment of IT products and solutions for multiple industry verticals such as banking, telecom, and government for global markets.
He is a certified corporate director and Fellow of the Institute of Directors. He also serves on multiple advisory boards.
His current interests include Cyber Risk Management, Cyber forensics, and Cyber law. He is also a visiting faculty at leading Business schools for the same.

Share

The Cyber Trust Landscape Report 2022