7 minute read
Kevin O’Leary Chats about Risks and Opportunities in an Interconnected and Multi-polar World
Multi-polarity + Interconnectivity = More Risks Or Opportunities?
Advertisement
KEVIN O’LEARY
Member, SCS Managing Director, APAC Regional Chief Information Security Officer, J.P. Morgan Earliest Tech Experience: Pac-Man game machine (a gift received in the ’80s which seeded the interest in computer games) Currently Playing: Red Dead Redemption with children as a family bonding activity Currently Watching: The Sandman Currently Reading: Prisoners of Geography by Tim Marshall
An App You Can’t Live Without:
Twitter Favourite Way to Relax: Running and dragon boat racing (just picked up in the last few months) Pet Topic at the Moment: Rugby (first as a player, then a referee, and now a spectator)
The world has a new order. There is no one clear leader. Instead, there are different centres of power and many shades of grey in between. For businesses navigating such volatile times and barely keeping up with the punishing pace of digital transformation, are there much welcomed opportunities waiting at the end of the rainbow? Or do unforeseen risks lurk ahead? The IT Society checks in with Kevin O’Leary, J.P. Morgan’s Managing Director and APAC Regional Chief Information Security Officer, to get his perspective.
Q: Question, KL: Kevin O’Leary
Q: What are some peculiarities people living in our time are contending with?
KL: We are living in interesting times. Where it used to be that protecting physical belongings was the focus, securing our personal data takes a greater importance these days. And that can be quite challenging because sometimes we give away our personal information such as on social media platforms or when subscribing to services without realising its implications. Then thanks to cloud technology, it is hard to know exactly where our data is – we could be in Singapore but our data can be anywhere. Add to that, these days most people own a smartphone which not only has great computing power, but also stores a lot of personal information. That is why in recent years, governments are increasingly tightening regulations and setting up barriers to ensure that data are kept in their countries. Concurrently, countries step up on their education programmes about scams and data risk management. But let’s not forget that these are all happening very quickly because internet really only came around in the late 1980s and the first cybersecurity laws came into effect in the 2000s – so everyone including the regulators are learning as we go along.
Then we have another trend that is happening in parallel. Although the world has become diversified in many ways, the world has also grown to become more interconnected and interdependent over the past few years. Unified areas of production such as semiconductors in Taiwan and sunflower seeds and oil in Ukraine have made supply chains more complex and vulnerable all at once. We saw that at the peak of COVID-19 outbreak when supply chains were disrupted.
So if we take the first part – citizen protection, add in the second part – trade protection and economy preservation within a context of something like COVID that broke supply chains across the world, and put some political issues on top of that – we are in a very volatile situation. That is where we are now.
Q: How has these in turn shaped business conversations around risks?
KL: Cybersecurity is technologically based – but if we think about information security and how technology touches every aspect of our lives today, it is not hard to understand why businesses are starting to see cybersecurity as less of a technology discipline but more of a risk-focused area. To break it down more simply, we could be talking about antivirus, malware defence, intrusion protection or any of the technology stacks within the cyber framework from a technical standpoint, but if we were to take them as a whole they become business risks and business issues. What this really means is that we are increasingly seen as risk professionals and less as technologists.
And truly, risks come in all types, forms, and anywhere. One example that everyone can relate to is how you only used a computer at work 20 years ago, so risks are contained in the workplace. Then, as people start to get home desktops and laptops, risk factors multiply because people may not necessarily know how to secure their personal systems. Just imagine, now each of us is walking around with a phone that is not just 100 times more powerful than systems we used to have, but also comes with an in-built microphone and camera. How can we be sure no one is watching or listening?
On the other end, threat actors have also changed significantly. Defacements and destruction were very much the dominant adversary in the early days. Eventually, stealing things like credit card numbers to launch direct attacks and siphon off money from accounts overtook that. And today, identity theft is nothing new. Incidentally, none of the old threats has gone away, but the new ones just emerge and add on.
Q: How do these conversations vary between industries? Or for that matter companies operating in markets with different regulations?
KL: On the surface, you would think they are the same. But when you go a bit deeper and better understand the operations of each industry, you will see some differences, particularly their priorities where data integrity, data availability and data confidentiality are concerned. Because if we work through different industry verticals, we’ll see differences in the way they operate, connect with customers, work with external partners, etc.
For example, data integrity is going to be more important than data availability for a pharma company. In comparison, the banking industry with its high velocity trading where milliseconds can make a difference to profits will place far greater importance on data availability and confidentiality. But that is not to say that data integrity is unimportant to the banking industry, it is just the level of priority. Different industry circumstances impact their priorities, and it makes sense for them to focus on what’s important to them from a business perspective.
Paradoxically, we would imagine that companies take a unified approach towards data risk management and protection. But the complexity resulting from operating in different markets with varying regulations due to diverse approaches adopted by regulators can cause governance to be a lot more nuanced in reality. So it is not unusual for businesses operating in different parts of the world to have to juggle between meeting different expectations across their different business functions. In some instances, they may even find themselves varying their strategy for a single function across different countries.
Q: Amidst this multi-polar and interconnected world, are there any opportunities for businesses?
KL: The good news is that people want businesses to thrive, and governments intrinsically want their economies to prosper. Therefore, although some predict that the next 10 years will be very challenging, we can take heart that things will not be universally bad for everyone, and there will still be pockets of opportunities.
An area where we can expect to see rapid growth and potentially catalyse growth in other domains is 5G. With the 5G network, technologies like robotics and automation will be empowered and our daily lives will also be significantly different. But for these to happen, we need to first achieve the capability to transmit huge amounts of high quality data at a very fast speed. Of course, the stakes for risks will also correspondingly increase when that happens.
Other opportunities that I am personally invested to watch out for are in the areas of artificial intelligence and machine learning with the empowerment of 5G, blockchain (and not just the crypto part), quantum computing, and the one area that underpins all the above – sustainability. Most people know blockchain for being highly secured and immutable, but nobody has really found a way to completely crack a distributed ledger or leveraged it in a positive way. As for quantum computing, it holds the promise of bringing programming and computers into a new era by moving away from the 16- and 32-bit approach. Finally, we are all acutely feeling the impact of climate change now – and the only way to get out of this alive is to figure out how we can progress and capture opportunities without sacrificing sustainability.