On 30 November, we celebrated Computer Security Day. For the occasion, Movingdots' Marilena Mageira interviewed Maya Bundt, Head of Cyber & Digital Solutions at Swiss Re, covering a few questions regarding our digital life and how relevant cybersecurity really is.
Digitisation basically affects every aspect of our lives: both in professional and private contexts. Many of us have been working from home at some point during the pandemic and companies have been embracing more digital business models in order to remain relevant in the market and react to changing customer expectations. Our private lives have also become increasingly digitalised. Talking to friends and family, consuming media, online banking and shopping – these are all things that have been performed from the sofa at home for several years now.
However, COVID-19 has brought with it additional aspects: for many children, going to school during lockdown meant sitting in front of a screen in their room and countless events have taken place virtually instead of their normal in-person format. Digitisation also affects our life as citizens: from our medical information being accessed through electronic files to all kinds of official processes being performed online, many of which fall under the e-government umbrella. All of this is in place to make our lives easier and more convenient. On the flip side, however, we should not overlook the risks posed by the darker uses of digitalisation.
There are far too many risks to all be outlined within this interview. But in general, you can cluster the risks according to the three cornerstones of cybersecurity: confidentiality, integrity, and availability. This holds true for every online context: work, private/family life, citizen life. In a work context, confidentiality can apply to any piece of intellectual property that a company wants to keep private or to personal data which is protected by the law; in a private context, it might refer to anything you would not want others to have access to, like how much money you have in your bank account; and finally, as a citizen, it could be for example information regarding your political voting decisions.
Integrity refers to the intactness, soundness, or correctness of data at a given time. In a work context, that could be the details of a formula that produces a certain chemical, at home it might be the rate your insulin pump supplies insulin into your body and as a citizen it could be your tax records. Availability is pretty intuitive. Nowadays, many companies struggle when a ransomware attack encrypts all their data, leaving them unable to operate. You would be needing extra blankets should your smart building technology stop functioning over the winter and getting any help from Citizens' Advice would be a complete no-go were there systems to crash.
All these risks are ones we need to be aware of. But there are more. Digitisation has changed the way we consume information. It has made it much easier to find data and educate oneself, but it has also opened the floodgates for mass distribution of false information and manipulation.
I do not think that you can avoid these threats completely. Therefore, it is important to be aware of the risks and to implement a set of best practices – or good cyber hygiene, so to speak. This holds true for the workplace as well as for private life. Some of those practices include, for example, never re-using a password for different services, making frequent updates of your important data, and not sharing too much about yourself on social media. Constant vigilance is crucial. Of course, it may be tiresome to always be on the alert but the risk is high, so you should better be prepared.
Again, even outlining a fraction of what companies are doing (or should be doing) to safeguard themselves would result in a very long list. However, it is important to understand that technology is only one of the measures companies need to employ. Everybody knows about firewalls and anti-virus software. Employing technical measures like these is extremely important, but it is equally important to look after the organisation, the people and the processes. Training employees and having a working emergency response plan can be the measure that either prevents a serious cyber event or helps the organisation get through it effectively. Not all organisations are the same, and although every organisation definitely needs to follow good basic cyber hygiene, further measures and the overall risk management framework should be dependent on the individual risk profile of the company.
Experiences within my family and circle of friends have so far been rather benign: a relative falling for a fake shop and losing out on CHF 240 and also the opportunity to go to a concert he was looking forward to; a CEO fraud scheme in a friend's company leading to a significant loss of money. One example that will always stay with me, however, is meeting a researcher who has hacked her own pacemaker. This is an example where data and cybersecurity can become a matter of life and death, both very directly and very imminently.
Maya Bundt is the Head of Cyber and Digital Solutions at Swiss Re - Business Unit Reinsurance.
She is responsible for further developing and implementing the cyber risk strategy for Swiss Re's Reinsurance business and driving digital innovation and initiatives. She is also an elected member of the World Economic Forum Global Future Council for Cybersecurity and supports several national and international initiatives concerning the digital economy and cyber risks.
Maya has published several articles on the topic.