Open Password – Friday, October 1, 2021
#980
Cybersecurity – Trends – Gianni Cuozzi – Exein – Fourth Industrial Revolution – Biosecurity – Elon Musk – Gertrude – Machine-enhanced Humanity – SweynTooth – Fusion of Technology and Physiology – Quantum Cybersecurity – Quantum Computers – Qubit Assets – Quantum Infrastructure – Embedded Seurity – Internet of Things – Exein Core – Pluton TPM – Microsoft – Criminals – Sign documents digitally in a legally secure manner – Patrycia Schenk – PSW Group – Certification body – Document signing certificate – Authenticity – Freedom from manipulation – Electronic signature – elDAS regulation – DigiCert – GlobalSign – Sectigo – Microsoft Word – Adobe PDF –
Zoom – Disruptors – Dieter Schwegler – PMG Press Monitor – Refinitiv Risk – Pandemic – Compliance Gap – Cyber Crime – Shortcuts – Environmental, Social and Governance Factors – Technology – Collaboration – LSEG
- Cover stories
– Cybersecurity, The Biggest Trends – By Gianni Cuozzi, CEO Exein
– Sign documents digitally in a legally secure manner – How to do it and
what requirements are necessary – By Patrycja Schrenk, PSW GROUP
10 years of Zoom, the disruptors as customers
III.
PMG Press Monitor, Dieter Schwengler for new publications
and new formats for media monitoring
IV.
Refinitiv Survey, The Impact of The Pandemic, Compliance Gaps and How Technology Is Reshaping Risk
Cybersecurity
The Biggest Trends
By Gianni Cuozzi, CEO Exein
Gianni Cuozzi
In the Fourth Industrial Revolution unprecedented processing power and access to information has the potential to send human progress into overdrive. It seems that if we imagine it, we can make it happen, realizing the sci-fi dreams of AI, robotics, autonomous transport and biotech augmentation to make us faster, stronger, healthier and happier. But with such advances come enhanced threats that could lay siege to cities and hijack minds, making the development of effective countermeasures crucial to safeguarding the future. Here are the three biggest trends in cybersecurity.
_____________________________________________________
- Biosecurity
_____________________________________________________
On August 28, 2020, Elon Musk’s Neuralink medical research company presented to the world a pig called Gertrude with a computer installed in its brain – or, as the tech entrepreneur put it, “a fitbit in the skull.”
Hype or not, this was a significant moment in history: a single and irreversible step along a road to machine-enhanced humanity. Within a relatively short period we will see the introduction of technology to assist those with paralysis; to help the blind, the deaf and those suffering conditions such as diabetes; and eventually to enhance our abilities and potential beyond the realms of what is currently humanly possible. Such advances come with cybersecurity risks because by taking control of such systems one has the potential to harm or to kill the human host.
A host of vulnerabilities dubbed SweynTooth was identified earlier this year in Bluetooth-enabled medical devices, requiring manufacturers to patch firmware, and as neurotechnology evolves, unprecedented opportunities will emerge for the harvesting, distribution and manipulation of data from the human brain.
In order to safeguard our thoughts, we will develop custom-made bio-cybersecurity solutions that allow appliances and implants to send electron streams readable only by the host’s own memory. The fusion of technology and physiology has long been a science fiction fantasy but it’s no longer in the future. It’s right here right now.
_____________________________________________________
- Quantum cybersecurity
_____________________________________________________
Quantum computing will be epoch changing: a giant step for humanity with profound implications for healthcare, climate modeling, energy, technology and artificial intelligence. In computational terms it’s an evolutionary leap from the familiar binary system to a qubit-based, or multiple stage metrics system capable of calculating in moments what would take traditional computers millions of years to achieve. The cryptographic standards we have established for the binary system will therefore no longer be fit for purpose in the quantum world.
So, cybersecurity needs to evolve too, developing new mathematical and cryptographic models tailored for quantum computing, and we need to start now. To believe that widespread usage of quantum computers is 30 years away is dangerous, because qubit assets will be available in the cloud within a decade. Furthermore, we need to devise a new way of working, because the digital revolution that began in the late 70s is over.
Back then, we built infrastructure with no consideration of cybersecurity because cybercrime did not yet exist. It was as though we built the city, realized its vulnerabilities, and then started building defensive walls, but as we enter the fourth industrial revolution, we need to build our security systems alongside the quantum infrastructure, developing brand new quantum-augmented architectures that sit both without and within new systems.
_____________________________________________________
- Embedded security
_____________________________________________________
Existing cybersecurity methodology involves little more than bolting aftermarket software solutions onto existing infrastructure – as exemplified by the anti-viral measures we take to protect our laptops.
At scale, exactly the same processes are used to protect networks, hospitals, factories and smart cities, and it’s staggeringly inadequate in an era when open-source automated tools allow hackers to keep systems under constant attack, probing for weaknesses in software written by humans . This armor-plated external approach is outdated and ineffective, and the new defensive strategy will involve making systems safe from the inside out. This means building the security into device firmware in the IoT space and building security into process and server, a universal way to embed security into our digital life, using convolutional neural networking to learn legitimate device behaviors and thus detect threats and anomalies at lightning speed.
It’s a new approach especially suited to the one trillion IoT devices predicted to be in operation by 2025: rather than relying on external measures to keep this tech secure we will focus instead on intrinsic, embedded security that acts not like body armor but as an immune system working from within the device. What this means for the consumer is secure tech out of the box, even in more traditional end points like PCs and laptops.
With products like Exein Core and Microsoft’s Pluton TPM – a custom security chip built into the processor – already on the market we’ll see the cybersecurity industry as we currently know it wiped out in ten years. We’ll never wipe out the criminals. Instead, by evolving our countermeasures, we’ll make it increasingly harder for them to rob us.
Sign documents digitally in a legally secure manner
How it works and
what requirements are necessary
By Patrycja Schrenk, Managing Director of the PSW GROUP
Patrycja Schrenk
Documents such as invoices, contracts, powers of attorney, financial documents or construction drawings contain sensitive information or trade secrets. In order for these to be legally secure and to ensure their integrity and trustworthiness, they must be signed. However, in a digitalized everyday life there is little room for analogue applications: first printing out documents, presenting them manually to each signing party and then sending them by post seems antiquated. Nowadays, digital signatures make documents legally binding. It ensures the authenticity, integrity and confidentiality of both a document and its signatory.
The digital signature is the equivalent of the notarized signature. A trusted third party – the certification authority – confirms the identity of the signatory. This in turn is tied by the certification authority to a PKI-based digital certificate, a so-called document signing certificate. This makes it easy to use digital signatures both in electronic documents and via cloud-based signature platforms.
Through a cryptographic process, the digital signature verifies and secures both the authenticity and the verified source of a document as well as the freedom from manipulation of the document since the digital signature was created. If documents are changed after the signature has been attached, the signature will be shown as invalid. The digital signature also ensures that the signatory’s identity has been verified by a trustworthy organization.
_____________________________________________________
The digital signature is not an electronic signature.
_____________________________________________________
The digital signature is to be distinguished from the electronic signature. Both terms are often used interchangeably, but they are not the same thing. Because the electronic signature is the digitized counterpart to the handwritten signature. This form of signature is used wherever content in documents needs to be confirmed. The digital signature, on the other hand, ensures integrity and authenticity to the extent that it can stand up in court proceedings. In fact, there are documents where an electronic signature may be sufficient. However, various regulations – for example the eIDAS regulation – require digital signatures instead of electronic ones. The decision about which type of signature someone would like to use depends on the level of authenticity to be met and therefore on the type of document.
In order to be able to sign digitally in a legally secure manner, a document signing certificate is required. The signature creator applies for it to a provider such as PSW GROUP and identifies himself. Once the ordering and verification process is completed, the customer receives their certificate, can integrate it into their Office Suite or Adobe PDF and immediately digitally sign documents. We provide document signing certificates from well-known certification bodies such as DigiCert, GlobalSign and Sectigo. All certificates available from us are compatible with Adobe and MSOffice products and are organizationally validated. Due to validation, it takes between two to five working days for the certificate to be issued. A USB token will also be sent by post. Signing documents is then only possible with this token, which is also protected with an individual password. Document signing certificates are available with different terms between one and three years. The cheapest one is currently available from Sectigo: it costs 349 euros for one year. Companies and private users can use it to sign any number of documents.
_____________________________________________________
Digitally sign WORD and PDF documents_______________________________________________________
Most often, documents are signed digitally with Microsoft Word and Adobe PDF. Microsoft supports visible and invisible digital signatures in its Office suite. Similar to a physical document, a signature line appears with the visible digital signature. If several users, for example two contractual partners, have to sign agreements, this method is usually used. Invisible signatures, on the other hand, are used when the authenticity, integrity and origin of the document must be assured without a conventional signature line existing in the document. If there is an invisible signature in a document, this can be recognized by a small blue band in the Word taskbar.
In addition to the certified signature, Adobe also supports the approved signature. Anyone who adds a certification signature to a PDF makes it clear that they are the author of the document and that they have completed the content. In addition, the certified signature prevents the document from being manipulated after it has been distributed. If a PDF document is signed in a certified manner, a blue ribbon is visible at the top of the document, which shows the name of the signatory and the certificate issuer. The authenticity and authorship of the document are therefore certain. Approved signatures, on the other hand, accelerate approval processes in companies: the electronic approvals issued by departments or people are recorded and embedded in the original PDF document. Approval signatures can be customized to add images such as the handwritten signature or signature details such as location, date or reason.
10 years of Zoom
The disruptors as customers
“While solutions like Zoom help you empower your hybrid workforce, connect your teams, and provide better support to your customers, the real disruptors are you: They are the ones who create, nurture, and grow businesses on our platform. The future of Zoom is in your hands and we couldn’t be happier to have you with us.”
Looking back and looking forward to 10 years of Zoom
PMG Press Monitor
Dieter Schwengler for new publications and new formats for media monitoring
Dieter Schwengler
Dieter Schwengler has taken over the content and quality management department at PMG Presse-Monitor GmbH. In his position, he is responsible for PMG’s collaboration with media companies and publishers. In addition to organizing the daily quality assurance of all content and data for the PMG press database, another focus of his tasks is to acquire new publications and formats for media monitoring with the PMG.
Before moving to PMG, Dieter Schwengler worked as Head of Account Management at DMV Medienvertrieb or its predecessor company VU Verlagsunion for over ten years. The topics of media change and digitalization have been on his mind since he studied political and media science and have particularly influenced his work as a research assistant at the University of Mannheim.
Refinitiv Survey
The Impact of The Pandemic, Compliance Gaps
and How Technology Is Reshaping Risk
(Refinitiv Risk) The Refinitiv survey reveals how the Covid-19 pandemic has significantly raised customer and third-party risks, but also highlights the potential of technology to reshape them.
Although Covid-19 has been extremely disruptive, compliance gaps had been a persistent problem long before the pandemic. And, as business activities continue to move online across industries, the opportunities for cybercriminals to conduct illicit deeds flourishes — raising already high levels of organizational risk.
• 71% of respondents said cybercrime became more difficult to contain during Covid-19 • Only 44% of third-party relationships have been through due diligence checks, down 5% from previous year • 86% of respondents agreed that innovative digital technologies have helped they identify financial crimes.
Taking shortcuts: Our survey reflects companies’ difficulties, with 65% of respondents agreeing that the pandemic has forced them to take shortcuts with know your customer (KYC) and due diligence checks. Although Covid-19 has been extremely disruptive, compliance gaps had been a persistent problem long before the pandemic. Our 2019 risk survey found that 49% of third-party relationships had been subject to due diligence checks, compared to 44% in 2021. On a more positive note, our current survey shows a growing awareness of environmental, social and governance (ESG) factors and green crime, suggesting that the pandemic may have created a turning point.
Technology and data show us the way : By heightening and exposing risks, the pandemic is also helping organizations to address them. The best way to do so is clearly highlighted by our survey: technology, data and automation are not only enablers, they can also act as transformers. Organizations which use innovative technologies are not just better protected from customer and third-party risk, they are more aware of them and crucially are more likely to continue investing in further prevention and mitigation.
Collaboration is key : Another key trend seen during the pandemic has been greater collaboration – whether it’s between businesses, people or institutions – for the common good. Here, we find that those already using technology to combat financial crime are 60% more likely to collaborate with enforcement agencies than those not using such technology. This gives us renewed hope that the collaborative approach which we have long championed at Refinitiv – between enforcement agencies, innovators and non-governmental organizations, to name but a few – can be strengthened by recent events and enable us to forge a safer future, together .
Refinitiv is now part of LSEG (London Stock Exchange Group), a leading global financial markets infrastructure and data provider.
OpenPassword
Forum and news
for the information industry
in German-speaking countries
New editions of Open Password appear three times a week.
If you would like to subscribe to the email service free of charge, please register at www.password-online.de.
The current edition of Open Password can be accessed immediately after it appears on the web. www.password-online.de/archiv. This also applies to all previously published editions.
International Cooperation Partner:
Outsell (London)
Business Industry Information Association/BIIA (Hong Kong)
Open Password Archive – Publications
OPEN PASSWORD ARCHIVE
DATA JOURNALISM
Handelsblatt’s Digital Reach