Silicon Valley Byte Size - The Allianz Technology Trust Podcast
The big business of cyber crime
$name
Jon: Hello and welcome to Silicon Valley Bite Size an update on the tech sector from Allianz Technology Trust. I'm John Cronin, standing in for regular presenter Cherry Reynard. And for this episode of Byte Size, I'm joined by Mike Seidenberg, fund manager of the Trust. Mike, it's great to have you on the show.
Mike: Well, it's great to be here in London and in person, so great.
Jon: Well, I'm looking forward to having the opportunity of chatting with you and putting some questions on a really important subject as well that we're going to focus on today, and that's the issue facing the technology sector, society more broadly, of cybercrime and cyber security.
Mike, I know you've touched on this thorny subject in previous podcasts, but let's spend some time getting into the weeds of the issue now. And I want to set the scene first. U.S. President Joe Biden has identified cybercrime as a core national security challenge. Other governments, national security agencies have issued similar warnings. So how big is the cyber security problem?
Mike: You know, there are times when governments say things and you kind of roll your eyes. And there are times when governments say things and you're like ‘spot on’. This is a spot on scenario. If you want to just kind of think about the scenario of the world we're living in today. You know, I always give the example. It's no longer ten women in a room trying to break into a corner store from a cyber perspective. These are well-funded organizations from nation states, extremely sophisticated that really have a goal to extract information and to use it as a competitive advantage. And the way they go about doing that really requires a new framework for companies with respect to cybersecurity.
It's really this layered approach and thinking about the problem. I think this should be a priority for countries as they think about the world we're living in today, which is a much more digital world to begin with.
Jon: So this is this is big, isn't it? And it has implications for, as you've already indicated, for businesses, for governments, for individuals. Let's just go into that a bit more detail. What are the challenges, the problems that individuals face in this instance? In the first instance.
Mike: You know, from an individual perspective, and I'll tell you a funny story about what happened to me the other day, but let's do that just a little a little bit later. But let's just think about your daily life and how digitally oriented it is. Many of us no longer have an alarm clock. We wake up with this great thing called the iPhone or a smartphone.
Jon: It’s guiding our lives every day!
Mike: So you know, I always remind myself digital is great and digital presents an opportunity for cybersecurity breaches and it doesn't matter whether you're a consumer, a business selling to consumers or a business selling to business. People are more digital and businesses want to meet their customers where they want to be. And in many cases, that is a digital whether it's an app, whether it's a website, etc. So I think that, as you envision the world we're living in, cybersecurity really kind of bounces to the top because of how dependent we are on the products and services that are delivered digitally to us.
That's probably just becoming more relevant, not less relevant. So we need to take a high degree of protective measures in order to mitigate the challenges associated with the adversaries in this case, cybercriminals. I think on the corporate level, it is a board level discussion that gets louder and louder despite it, regardless of economy, regardless of where a company is in its lifecycle, it has a very high awareness.
So to me, it's one of the best, if not the best secular opportunity in in technology looking forward over the next 3 to 5 years.
Jon: So from the boardroom down to the individual consumer, we're all faced with this threat and challenge as well. Well, now you've got us on the hook here Mike. What's the personal experience you referred to?
Mike: One would think that in my role and my job, where I invest in these companies and I'm very aware of the products – last week I was at work, I was focused on something and I received a phone call on my cell phone that I happened to pick up, some type of announcement regarding you we know this.
You just bought an iPhone. Are you sure you about the iPhone? So I thought it was someone contacting me preventatively. I was very sceptical. Then in this case the phishing attack was followed very quickly by a text that looked very official and I was literally a keystroke within giving them my information. And I immediately thought, boy, if I can be almost kind of duped into it, what about my mom, who, by the way, uses her iPhone all the time because that's the phone she carries. So it made me think about just how vulnerable we are.
And it couldn't have been done better. Luckily, I didn't fall for it. But it definitely spooked me. I mean, required some effort on my part to go and change the password, etc., etc..
Jon: So what made you stop just out of interest there Mike? What the point when you realize this isn't right, because it's a point that we all face increasingly, we're all subject to these fishing scams.
Mike: It's a great question and it's a good example of kind of multi-modal communication that enterprises, that companies have now with their consumers. I immediately logged on to the website, started a chat with the agent from the purported company. Ask that agent via chat: do you see iPhone order for me in this case, I follow that up with a phone call just to make sure everything was on the up and up.
And I ended up as I said, I went through the process of changing my username and password. But it was really an interesting example, after the fact of thinking about how companies really need to be able to interact with their customers, both in a chat modality as well as in a live modality. And that information needs to go across to the various agents. So I mean, not purposely done, but it was really kind of bells and whistles went off in my head and I'm like, oh, that's why some companies sell a solution that enables that. I thought it was a really interesting example of the kind of technology in action.
Jon: And we'll get on to those companies that are involved in cybersecurity in a little while.
Mike: Absolutely.
Jon: I'm interested in just focusing on this issue of how we deal with cyber criminals and how we deal with phishing exercises like that, because your experience is the same as many millions of people who've had exactly the same kind of encounter. And of course it happens to businesses as well. Breaches are happening to businesses on what it feels like a daily basis. What any particular examples that come to mind for you of either businesses or organizations recently that are subject to these cyber attacks?
Mike: I mean, first of all, I think if you open up a newspaper or go online to a newspaper, like many people do today, the prevalence of cybersecurity incidences is extremely high. In the United States, for example, right now, we have quite a security breach occurring or that has occurred. And it's getting a lot of press with respect to the National Guard individual who was with his gaming friends. And they were talking about very secure events…
Jon: national security events!
Mike: national security events, that probably never should have gotten, should have never been in his hand. So I think it runs the gamut, right? I mean, I know in the UK recently there's been a challenge with Capita. You know, I don't think you have to look very far to see cybersecurity breaches, events, etc, etc. I mean, I'm that individual in our example, as you thought about businesses, individuals, businesses and governments and we've just talked about to two other examples.
Look, I think here again, it's that overarching theme that there is a cybersecurity tax that most companies need to invest in, or the cybersecurity tax may be the wrong word, but a cybersecurity framework that companies need to invest in as they think about making their businesses, moving them to the cloud. If I think about artificial intelligence, if I think about traditional data centres, those are all really, target rich environments that cyber cybercriminals want to attack.
Jon: Now, I was going to say, I want to ask you about the move to the cloud here because many companies have, of course, been doing that. Many more still to follow. But what are the implications for cyber security? Is it generally safer to be in the cloud or are different risks posed?
Mike: I think it's I think it's a little of both in that it's safer to the extent that if you think about the number of resources that an organization like an Amazon points to for protecting the cyber protecting the U.S., which is their cloud based service like there are literally my guess thousands of employees focused on making sure that it’s a safe service. And if I think about kind of a medium size business and how stretched their resources are from a technology perspective, if they are running a service themselves in a data centre, I think that that's a fairly vulnerable situation.
Having said that, I mean, the framework that both the cloud service providers are using and cloud application companies are using and the data centre framework is the same framework. And that's really this notion of a layered approach to security whereby we basically acknowledge that we're probably going to get breached somehow, some way, but we need additional layers of security. So almost think of it as an old castle, right, where you had the moat and then you had the big wooden doors with steel, and then you had the turrets that allowed people to share.
I mean, it's really thinking about your cyber protection as layered protection zones, and that is creating the opportunity for spend. And I think that the last report I looked at 12.6% per annum spending out to 2030. And by the way, I don't think they're off on that. It's going to ebb and flow depending on the year and the and the overall environment. But I think we're going to see really healthy spend, just given the relative importance of this in how it just has everyone's, it has mindshare across the board, the CEO, the chief security officer. So, everybody's kind of in alignment as to how important this is.
Jon: Well Mike, it’s been a fascinating conversation, but sadly we’re out of time. We’re going to stick with this topic though for the next podcast and we’re going to be getting more of Mike’s views on the cybersecurity challenge, in particular his thoughts on the companies that focus on cybersecurity.
