Biometrics Remain Unchangeable, Boardroom AI Risks, Class Action Lawsuits Don't Affect Cybersecurity
Kevin Dominik Korte
Board Member / Angel Investor / IT Innovation & Growth Strategist / Speaker, defining and supporting execution of value-add, purpose-led strategies that deliver accelerated growth and business turnaround.
Hi there ?? Welcome to the world of a millennial technologist in the boardroom. Our world is changing. From AI and Cybersecurity to ClimateTech and Education, rapid advances in all fields have made today a different world than yesterday. Here are my stories about the things that change and don't in the boardroom and the world.
Things that Change and Will Stay
Stay: Biometrics Remain Unchangeable
Biometrics can be a convenient solution for logins or a great tool to entertain us with pseudoscience. Yet, this data collection has led to disastrous consequences. For example, the data breach at 23andMe potentially compromised the?DNA data of millions?of customers and their relatives. Critically, we cannot change our biometrics, nor will the data become obsolete.
Biometric data, especially?when combined with analytics and AI, might open up new and dangerous possibilities. Consider the numerous AI passport photo apps that can create a fake passport from your social media profile. This misuse of biometric data is a?stark reminder of the potential risks we face.
Yet, even well-designed software might contain bugs compromising biometric information. Further, technical advances in quantum computing might lead to an arms race to change encryption algorithms to protect data.
However, that is only the technological risk. A few years ago, the?U.S. Government tried to compel Apple?to build a backdoor into its iCloud service. Government mandates in IT are just as likely to compromise the security of our fingerprints as they are to help us stay safe.
Biometric information is unchangeable and follows everyone throughout life. Choosing alternatives can go a long way in keeping this data secure and avoiding many of the issues that can come with having defining information stolen in a data breach.
Original Thought:
Change: Boards Must Tackle AI Boardroom Risks
When discussing AI risks, boards often focus on the wider company. We seldom consider the risks that boards themselves face from AI. Yet, AI-based attacks such as?video scams?and?fake CEOs?increasingly target upper-level management and board members. We must adapt our training and policies to the specific requirements of these high-level positions.
Just think about your last video meeting. Unless you were the host, you likely clicked on the Zoom, Google Meet, or BigBlueButton link to go to the meeting room. Seeing everyone's virtual face assured you of their identity. After all, that is what millions of years of social development have taught us.
Unfortunately, AI can create a virtual doppelg?nger for all of us, posing a significant risk that we've never faced before. As boards, we must counter this risk and require verified identities for video meetings. Best, we use the same digital identities we utilize across the company.
Yet the changes go beyond identities. Anyone who's attended a board meeting is familiar with the rules and decorum that make those gatherings function orderly and smoothly. The same should apply to digital behavior. There needs to be a set of standard rules for how to behave. Such a document should cover restrictions on non-work emails and devices, backup communication channels, and workflows for electronic signatures. By removing the technical questions from our digital behaviors, leaders don't have to decide whether security concerns apply to a situation—it becomes only?a matter of procedures?and decorum.
Lastly, we need to be careful of our language when discussing technology. For example, many people interchangeably use AI, chatbots, large language models (LLMs), and ChatGPT. Yet, when we allow these things to slip in, we might overlook strategic opportunities and risks because ChatGPT is of limited use to the organization. Yet, due to a misunderstanding, we dismissed a predictive engine that could have saved the company millions in purchases.
As anyone who's transitioned into the boardroom knows, the rules and decorum governing board meetings make it easier to focus on the agenda. We must adopt similar clear rules for our digital communication and IT leadership. Otherwise, unclear targets, confusing policies, and the fear of AI tricking us will forever haunt and taint our digital interactions.
Original Thought:
Stay: Class Action Lawsuits Will Not Change Cybersecurity
Most Americans are familiar with the postcard-sized note announcing yet another class action lawsuit following a data breach. Unfortunately, even the largest class action lawsuit wins seldom pay double digits to the victims. Even in the case of 23andMe, the Settlement amount of 30 million USD only represents 10% of their 2023 annual revenue. The ratio is similar to the Equifax data breach yet still on the high-end percentage-wise.
Punitive damages from class action lawsuits are supposed to hold companies accountable. Yet, they are more often just pocket change for the company and an insult to the class members. If you look into alternative systems, most of the world relies on the state to punish and prevent data breaches. In the EU, companies can get fined for not following data privacy and cybersecurity practices, even if they haven't lost any data yet. Most Asian countries can go a step further and close down organizations with cybersecurity practices that represent a risk to society.
If we want companies to change their ways, punishments must hurt. Right now, class action lawsuits are turning from a risk to the company to an annoyance to the consumer. If that mentality prevails, we might see a push for a change in our regulatory landscape.
Original Thoughts:
Around the Net and World
Get Into the Flow
Humans don't like to be annoyed or ripped out of our workflow. Yet, our flow is constantly interrupted by minor annoyances like password prompts. Thus, we might miss the ample warning signs of a cyber attack. For this cybersecurity month, let us focus on making IT help us get in the flow and report these little bumps to your IT department.
Prioritize User Pains When Selecting Features
Whether you work in software design or manage customer projects, there is always the risk of end users not accepting the changes software puts in front of them. Prioritizing removing user pain points can go a long way toward making a software update more acceptable. After all, we all like it when our work gets easier.
About Kevin
Kevin is a board member and IT innovation and growth strategist with a proven track record of harnessing commercial acumen and finance expertise to deliver large-scale digital transformation programs with a strong focus on identity management and open-source IT infrastructure solutions.