Governance, Risk and Compliance

Risks and Rewards of Technological Innovation

Posted February 6, 2019 by Resolver

As technology becomes more advanced each year, organizations need to consider the risks disruptive innovations can raise and whether they’re worth the reward. Is the risk of a data breach or cyberattack worth the improvements in organizational efficiency and even increased revenue?

We invited a panel of experts to our head office in Toronto to debate this topic in front of an audience of information security, cybersecurity, and risk professionals at our #EmergingRisksTO event. At the end of the night, the audience determined the winning team. Read a summary of the debate questions asked or listen to the full recording of the debate and ask yourself: Are you Team Risk or Team Reward? A full transcript of the debate can be found at the end of this article or click here to jump straight to the full transcript.

John daniele speaking during the risks and rewards of technological innovation debate at resolver

Topic #1: Cybersecurity concerns should not outweigh the benefits of adopting IoT and third-party vendors

Team Risk

There will always be an inherent vulnerability with IoT; it’s difficult to close this gap 100%. However, it is still the responsibility of those who develop these types of products to protect the infrastructure and find ways to gain visibility into these gaps to prevent attacks from happening.

Companies, like Google, by default are trying to predict behaviour and sell those behavioural outcomes to advertisers, and sometimes, as we have seen in recent years, to aide in experiments that can influence elections. There isn’t enough government oversight into mandating security standards with operational technologies.

Team Reward

IoT is about convenience. One way to look at this is to consider the fact that the population is aging. Take for example, applications like fall detection and health monitoring. There are examples where those devices have literally saved lives, including the Apple Watch which has detected cardiac issues.

Companies are investing into developing technologies that make our lives simpler and easier and can enable people with limited mobility and disabilities to continue to live their lives with a level of dignity without requiring a care worker.

The enabling effects of IoT, when also combined with technologies like AI, start to bring in things like self-driving cars and smart environments, which can be hugely enabling as a matter of human rights for people who don't otherwise have solutions.

Topic #2: Individuals are ultimately responsible for the personal data that they upload online, as opposed to organizations, governments, and third-party bodies

Team Risk

You can make sure that you don't share online and you don't share private information where it shouldn't and you can keep things protected, but at the end of the day, the devices that you use, if they're not secure, if they're not developed with security in mind, can expose all of your most sensitive secrets to the world whether you like it or not.

Sometimes criminals aren't necessarily targeting you, they're targeting anybody because everybody has credit information that they can steal. Everybody has identity information that they can make use of and create secondary fake IDs on the basis of that. How else do hackers find out what your mother's maiden name is? They surveil you and one great way to do that is remotely. Think about that. We could do all the right things, but if the devices that we use are not adequately secure, you’re still at risk.

Team Reward

There's certainly something to be said for personal responsibility and how we share data. There are examples where people do overshare online and that's one of the bigger concerns in terms of that data that is available. If we have a cautious approach and share the data that is necessary to gain the benefits of whatever system we're participating in or introducing that data into, the value is there.

There's a little bit of hypocrisy that we should probably acknowledge around what society has encouraged us to do and the way that we share information online across all forms of social media and elsewhere. In other areas, we generally make people somewhat personally responsible for themselves whether in finances or in how they deal with their motor vehicles or anything else.

People are not privacy and security experts, so there's the common sense that people engage in best practices, and corporations can help with that. Beyond that, there's fault that shouldn't be attributed just to technology companies, but rather to the legal system. Technology has evolved faster than we as humans can keep up with it. We're just catching up to understanding the value of our privacy in what we put out there.

Topic #3: Why is adoption of machine learning and AI rapid in tech giants, but lagging from a commercial perspective?

Team Risk

When you're looking to train a neural network, you have to have a really good idea of what you want to train it to do, to find, and then find all sort of permutations and combinations of that. The training process could be one month, two months, three months per use case. This is one of the reasons for a lack of adoption of AI. It takes quite a bit to sort of train traditional approaches.

Most of the time, just simple orchestration and automation is what's required, not necessarily an AI-driven automation process. It does have its places in terms of looking for patterns, identifying patterns within an unstructured data set. But there is still a need to have a human to label it afterwards, to find all other permutations and combinations.

Computers don't accommodate for the nuance of human living and experience. You can teach a system to understand. You can teach it to recognize things, but we do not have AI that comes even remotely close to understanding anything of our world. Until we do, there's always going to be those risks that we must manage.

Team Reward

AI is being used successfully by a lot of companies that are worth many billions of dollars and many of them would attribute their many billions of dollars to use of AI being in large part, a lot of the tech giants, Uber, Tesla, Google, Amazon, etc.

Beyond that, besides theories of whether or not it's effective, companies that are not tech start-ups or tech giants and digital natives, are frequently not data first. So, banks have not historically been data first. They do not have the data and the ability to just go and use AI. You need to be a first-mover. Generally, it is the digital natives who their entire M.O., their entire business strategies, their decisions around what products and services they're selling are around data analysis. That's the main reason why you see AI primarily used at tech companies and tech giants.

Fern karsh speaking during the risks and rewards of technological innovation debate at resolver

Topic #4: What are the risks and rewards that organizations need to consider when it comes to enterprise blockchain technology?

Team Risk

Companies are integrating blockchain blindly and introducing errors into the consensus algorithm, introducing problems in the way that the network is designed so that, once again, consensus can be gamed. There's not enough thought being put into why blockchain? Why can't we just use other simple proven approaches? And when we implement blockchain because we think it's going to do a better job, are we really thinking about the risks? Have we done enough research into how the system can be effectively gamed and have we really mitigated those risks? Organizations need to ask themselves if they can do what needs to be done with another proven, secure method.

People have been gaming everything in blockchain already, so we can foresee those risks. The exchanges have been getting hacked. The wallets have had their problems. There's been a total lack of governance in this space and that's been exacerbated by media.

Team Reward

Society has come around to become a lot more open to blockchain technologies and some of its applications, blockchain being the foundational technology underlying these other applications.

We see even beyond risk-taking start-ups, we see very large companies and big enterprise employing blockchain and experimenting with blockchain these days. We see blockchain being used in, frankly, a lot of boring and probably future effective ways these days in just creating internal efficiencies. Blockchain is a decentralized, intermediary, eliminating encrypted technology that banks are currently experimenting with when it comes to back-office transactions. But blockchain is a bad idea for companies that don't need blockchain. Blockchain should not be just employed in every single company.

Topic #5: Innovative technology and its benefits should trump the right to personal privacy

Team Risk

If people have such a cavalier attitude and approach towards privacy, you're going to find the next 10 years really interesting when privacy becomes an archaic term used in the distant past. When corporations win, and they can use your information and sell it 50 ways to Sunday, you might look back and realize, "Oh, that's why I should have been more concerned about personal privacy."

If you value your freedom, you should think about the implications to our democracy at the end of the day. If many of us in society can be convinced to give up our privacy, that is going to have an effect on lawmakers and the way that they develop policy and the bills that are brought forth to government and the laws that are then passed. If the majority of us do not value privacy, eventually that is going to be making its way into weaker laws.

Team Reward

If we value privacy, we value freedom. If you are willing to give up your privacy, then that's for you to decide. It seems like we are willing to give up our privacy for the benefits that the technologies deliver to us. If people are willing to give up their privacy for the ability to connect with others, for the ability to reach more people than ever, for the ability to organize and assemble with like-minded people, that's up to us to decide. You can't say that you value freedom and then tell people what that means to them.

Allowing technology to innovate isn't going to necessarily further enable a corporation’s ability to sell your information. Enabling more technological innovation can also enable an individual's ownership of their own information and ability to sell that directly if they want to because those technologies are already being created.

Thank you to all our attendees and speakers!

Want to attend the next debate? Click here to learn more about our events.

Interested in learning more about how Resolver can help your organization mitigate risks that arise from new technologies? Take a Guided Tour of our ERM Software now.

About our Speakers

John Daniele, Vice President, Consulting Services, Cybersecurity, CGI
John Daniele is a cybersecurity professional with over 20 years of consulting experience. John has supported clients in both the private and public sector including banking, resources, law enforcement and defense organizations. Currently serving as VP of Consulting Services, Cybersecurity, at CGI, John works with clients to augment and advance the maturity of their cybersecurity operations, to deliver more strategic insights and intelligence to senior business leaders on credible threats.

Simon Clift, Co-founder, Achray Capital Corporation
Simon Clift is a Co-Founder of Achray Capital Corporation, a trading advisor firm for the RJOASIS managed futures platform in Chicago. His 35 years of software engineering and implementation experience have been applied to algorithmic trading, risk management and derivative pricing, for buy and sell side institutions in Switzerland, France and Canada.

Fern Karsh, General Counsel & Director, Blockchain and Cryptoassets, Catalystic AI
Fern Karsh is a consultant and lawyer focused on blockchain, crypto assets and frontier technologies. She serves as General Counsel and blockchain technologies lead at Catalystic AI, an artificial intelligence and blockchain consultancy, incubator, angel investor and AI Academy, that takes start-ups, scale-ups and large enterprise to the next frontier.

Artem Sherman, Systems Investigations Supervisor, TJX
With a background in surveillance, internal investigations and loss prevention, Artem currently works as the Systems Investigations Supervisor at TJX, where he is responsible for the support and enhancement of all systems related to loss prevention, as well as the development of new systems and solutions to support investigations, operations and corporate loss prevention.

Take a guided tour of Resolver’s ERM software.

Full Transcript of Event


About the Author