Cyber risks, digital trust and blockchains are at the heart of discussions
Seven million data sets stolen in the world every day*. Given the fact that we are producing more and more data, and constantly sharing it with third parties, this figure is enough to make your head spin and is a matter of concern for us all. What if the stolen data includes very personal information, such as your genetic profile?
During our seventh Connected Event dedicated to the topic of cyber security, the speakers all addressed the issue of data security, given the magnitude of the issue.
Despite the huge increase in cyber attacks, we cannot simply stop producing data, as data is the fuel for the new digital economy: our data and the data produced by connected objects serve to “feed” algorithms that enable things like autonomous vehicles, the delivery of medication by drone and even the diagnosis and prevention of illnesses.
Let’s take a more detailed look at this last example to understand the stakes involved with the issue of cyber security.
To develop personalized medicine, research must be able to access our genetic data
Personalized medicine involves offering patients treatment that is adapted to reflect their genetic profile. The cost of sequencing the human genome has fallen considerably: from 100,000,000 dollars in 2001 to less than 1,000 dollars today according to Genome.gov. Consequently, we are now capable of digitizing the genomic data of a person quickly and at a reasonable cost.
To develop algorithms that will enable to diagnose and prevent illnesses, it is essential to train them with a vast amount of such data. This means we need to be able to merge all of this sensitive information and make it accessible to the community of researchers. Paradoxically, the very nature of this data results in a substantial risk when it is exposed to third parties. Our sequencing of DNA has the following characteristics:
- It is inherently identifiable: we all have a unique genetic profile
- Unlike a password that can be altered, It cannot be changed
- It contains sensitive personal information: for example, a predisposition to developing cancer
The theft of such information might expose us to genetic discrimination. Moreover, as certain properties of our genetic profile are similar to those of our family, the consequences of a theft may also affect those close to us.
Blockchain technology is contributing to a solution for establishing digital trust
To convince people to make their genetic profile available to researchers, trust in the system needs to be achieved. This is the precise aim of blockchain technology. It enables:
- Confidentiality to be guaranteed: blockchain uses advanced cryptography technologies
- Ensure data integrity: a blockchain’s distributed database renders the manipulation of the information that it contains impossible
- Guaranteed traceability: all transactions are recorded
The project “Data Protection for Personalized Health” was launched through the strategic initiative of the Swiss Federal Institutes of Technology, Personalized Health and related technologies, to establish such an infrastructure for sharing sensitive medical data and for developing the ecosystem. This project combines the excellence of various research laboratories and hospitals. Launched last April for a period of three years, this project means that Switzerland is well positioned to contribute to the search for solutions.
Is it possible to insure oneself against cyber risks?
Intelligent machines are playing an ever greater role in our daily lives. If they make mistakes or if they are manipulated through a cyber attack, the consequences vary greatly. If our voice assistant, such as Google Home, orders us the wrong size in a pair of shoes, the impact is very low, we can simply return them. It is more serious if, while in automatic mode, our Tesla causes an accident on the highway…and then calls the American emergency services rather than the Swiss 117.
For an insurer, it becomes hard to determine who is responsible. Let’s take the case of our Tesla car, which causes an accident: who is responsible? The party that developed the algorithm or the one that provided the faulty data to the algorithm.
Many questions still remain unanswered, and the “cyber” insurance market is only just getting going, as is revealed by figures provided by Swiss Re Institute: cyber insurance premiums still represent only a fraction of insurance premiums for motor vehicles, for example (184 billion dollars for motor vehicles compared with 0.4 billion dollars for cyber risks in Europe, the Middle East and Africa).
How can the risk of data theft be reduced?
Finally, all parties agree that, firstly, to avert the risk of data theft, awareness and education are essential. To use a house analogy, a business can use the latest technologies available to ensure that the front door is closed securely, but if the windows are open it remains very easy to help yourself, as is illustrated by the photo below taken on a train between Lausanne and Berne: a computer equipped with a VPN (virtual private network) left for several minutes on a seat without being locked.
In today’s digital economy, the theft of data on our computer has a greater impact than the theft of our wallet in our bag. Moreover, in a country where there is a tendency toward excessive insurance, it is at present difficult to take out good “cyber” insurance.
You can also access my article in French on the website of the newspaper LeTemps
The cybersecurity start-up, labs and corporates in the Canton of Vaud can be found on this plateforme : vaud.digital
The Connected Event slides :
*Source: Gemalto Breach Level Index 2017