Whenever there’s a global financial calamity, whether it’s on the horizon or if it has already happened, you can expect to see a flurry of regulation to stem the flow of disruption. Even as far back as the 1720’s, Britain enacted the Bubble Act, to regulate the stock market after the South Sea Company’s stock bubble burst amid accusations of insider trading and to cool down inflated markets. The Great Depression spawned the Emergency Banking act of 1933 in the United States, and the 2008 credit crunch precipitated Dodd-Frank in the U.S., and in Europe, MiFID and ESMA. There’s no end in sight for regulators because just as the ink is drying on one piece of legislation, another event or innovation emerges that requires attention.
Regulators will always be on the hamster wheel of change, never quite getting to the point where they can claim victory over errant markets, and perhaps the next decade will see their toughest challenges yet. While they are still finessing traditional market reforms, they now have to ensure that users of the expanding Web3 ecosystem — defined by blockchain, decentralized finance (DeFi) and centralized finance (CeFi) platforms, including digital assets — are protected from being exploited by criminals and other bad actors.
The European Council’s recent approval of the Digital Operational Resilience Act (DORA) is the latest addition to the raft of regulations that are currently in the pipeline. DORA aims to consolidate and harmonize essential cybersecurity requirements regarding digital resilience in the financial sector. Under DORA, there are 21 types of financial institutions in its scope, including large enterprises like banks, insurance companies and pension funds as well as smaller digital e-money providers, token issuers and crypto asset providers.
The DORA regulation is part of a broader European package of policy measures for fintech that includes proposed regulation on crypto-asset markets (MiCA) and one on distributed ledger technology (DLT). In view of the recent FTX fallout, it comes at an opportune time as the knock-on effect of the collapse is precisely what this legislation is aiming to mitigate. In its essence, DORA aims to ensure that firms can cope with cyberattacks and operational disruptions by implementing governance, cybersecurity, and ICT risk management and incident-reporting measures.
DORA and MiCA are not the only pieces of legislation that are coming on line. We have the Digital Financial Assets (DFA) consultation papers being drafted independently by the U.S. and the U.K., the Digital Markets Act (DMA), which is more focused on internet businesses, the Digital Governance Act (DGA), which creates a framework for increased data availability and re-use within the European Union, and AI Reg, the regulatory proposal that aims to provide developers, deployers and users with clear requirements and obligations regarding uses of artificial intelligence. All of these regulatory initiatives have fundamental game-changing capabilities, and the aim is to have them solidly in place by 2030. This date, however, feels a little pessimistic, as the rapid rate of innovation is likely to render this deadline moot.
As with all regulatory processes, DORA has gone through many drafts, and its recent approval has been welcomed by all players in the industry. Cyberthreats have been growing with alarming intensity over the last decade, and the impact this has on global economies, as well as organizations and individuals, is massive. While Gartner predicts organizations will spend nearly US$6.69 billion on cloud security in 2023, rising almost 27% year-over-year, the Web3 industry is still not doing its part in tackling the potential US$10 trillion cyber-damage problem that we could face by 2025. While DORA is a great foundation, the proposed regulations are somewhat ambiguous and by no means complete. For example, it does not mandate how much companies should aim to spend on cybersecurity, and there is a lack of clarity on what methods should be employed in order to achieve a higher capability of threat mitigation.
The biggest issues requiring attention include the proliferation of remote devices, the internet of things (IoT), remote working, social networks, and cloud servers — all of which can act as single points of failure within a security system. In the past, companies could ringfence their cybersecurity within the confines of the organization, but these borders no longer exist, and firms are vulnerable to attack from literally thousands of access points.
DORA will now hold companies accountable for breaches caused by weak security, so there will be a big scramble to mitigate these threats. However, if organizations are going to beat cybercriminals at their own game, using old technology will simply not work. Companies will need to change the game, and this means an entirely different approach to technology.
Unfortunately, DORA doesn’t go far enough to incentivize companies to adopt new leading-edge technology. The legislation is firmly seated in traditional and centralized cyber security solutions, which have been proven to be ineffective in protecting Web2 and Web3 ecosystems. The central argument against current cybersecurity solutions is that not only are they woefully outdated, with some technology being 40 years old, traditional cybersecurity solutions have not been designed to integrate with Web3. In essence, companies are using centralized technology to mitigate the risk in decentralized markets.
“Cybersecurity mesh” — a holistic approach to improving cybersecurity for organizations — has recently been championed by Gartner as a recent trend. However, we need to flip the narrative to decentralized cyber security mesh, which protects devices in real time from cyber threats while enforcing cyber security standards across networks. Decentralized cybersecurity tech companies should focus on “fit for purpose” cybersecurity solutions that facilitate more robust cybercrime prevention tactics. They could create real-time, zero-knowledge proofs of the cyber status of all devices, networks and environments, by utilizing Swarm AI and blockchain technology. The benefit of this approach is that they would be able to prove to auditors and businesses the state of security at a specific point in time. The solution could also be useful for courts to help them analyze forensics data.
There is a risk that the regulation will create a tick-box culture among companies that claim that they are compliant but fail to address the biggest issue — the lack of integration of a cybersecurity mindset amongst all its employees. Leaving it to the IT team to defend a company’s borders means that the most significant point of failure is overlooked. It is estimated that over 90% of all security breaches come from individuals within an organization. So cybersecurity is not just about the technology, it is about arming individuals with the mindset and tools to act as part of the defense.
When rules are put in place they need to be enforced. In order to do this you need a large network of skilled individuals who can monitor and evaluate non-compliant entities, and they must have the supporting infrastructure to be able to enforce the rules. The sheer volume of organizations that are affected by this legislation, coupled with complex global networks that often underpin Web2 and Web3 organizations, will pose a human resource challenge for the regulator.
The only tenable solution is a blend of self-regulation that uses automation, blockchain and external regulations, where all stakeholders participate in monitoring the industry. This is not an unworkable situation because every party will benefit from a safer cyber-threat-free landscape.
Another key issue that needs to be addressed in the cybersecurity ecosystem is to ensure that the data being fed into systems from multiple sources is known and trusted. Currently, processes that generate data are not trusted. Decentralized cybersecurity leverages these single points of failure by turning them into nodes for distributed validation. This then creates exponential resilience for digital operations, compared to local or internal validations — i.e., no single bad actor can tamper with the settings or code. This eradicates the vulnerability in a network.
This is where a blockchain-based, decentralized cybersecurity mesh really comes into its own because it allows us to for the first time trust the validation process itself. It also unifies every device at the cybersecurity and governance level. It negates the single point of failure weaknesses that are inherent in centralized cybersecurity systems today. In addition, it creates an intelligent trust network by using Swarm AI, that detects behavioral changes and vulnerabilities in near real-time, potentially before hackers can infect and take over the entire network.
This is what DORA is all about. It’s all about maintaining truth and trust and negating single points of failure within untrusted environments. Until we use decentralized cybersecurity to address Web3 vulnerabilities, we will continue to see the same high levels of cybercrime currently plaguing blockchain and discouraging cryptocurrency mass adoption.
These companies are well positioned to earn the title "tech giant" a decade or two down the road.
Apple (NASDAQ: AAPL) is the world's largest company, Warren Buffett's largest holding, and one of the most successful stocks of this millennium. In order to improve its products and maintain or expand its already-high margins, Apple has embarked on a new strategy: to design more and more of the semiconductors that will go into its smartphones, computers, and other electronic devices. This plan entails some risk, but also could deliver a lot of advantages for Apple if it's successful.
BlackBerry Limited (NYSE: BB; TSX: BB) today released its Global Threat Intelligence Report, highlighting the volume and model of threats across a range of organizations and regions, including industry-specific attacks targeting the automotive and manufacturing, healthcare and financial sectors. After the success and continued demand for its annual threat report, BlackBerry has switched to a quarterly cadence to match the speed adversaries evolve to provide a more holistic view of the threat lan
Nvidia Corp Chief Executive Officer Jensen Huang on Tuesday said that the burgeoning field of artificial intelligence will create powerful tools that require legal regulation and social norms that have yet to be worked out. Huang is one of the most prominent figures in artificial intelligence because Nvidia's chips are widely used in the field, including in a supercomputer that Microsoft Corp built for startup OpenAI, in which Microsoft said Monday it was making a multibillion-dollar investment.
T-Mobile (NASDAQ: TMUS) saw its stock price climb over 20% last year, while AT&T (NYSE: T) shares remained roughly flat and Verizon (NYSE: VZ) stock fell over 24%. As we start 2023, T-Mobile looks like it could maintain that momentum, with the stock continuing to outperform its rivals. Here's why T-Mobile is my favorite telecom stock for 2023.
Microsoft reported better earnings per share than Wall Street expected, but it's cloud business continues to slow.
Ethereum posts a lukewarm response to this week's successful test of the blockchain's upcoming Shanghai upgrade.
Microsoft Corp.’s popular Teams and Outlook software were hit by a global outage, with tens of thousands of users reporting that the products were down early Wednesday, before the service was restored.
Alphabet's video platform is now one of the most popular streaming channels and has plans that could potentially disrupt Roku's business model.
Nvidia may once again have a golden opportunity. The semiconductor maker could be one of the big winners from the success of ChatGPT, the trendy new artificial intelligence tool that some see as the dawning of the golden age of AI. ChatGPT recalls the cryptocurrency mining prompt which had been very lucrative for Nvidia and its Graphics Processing Units (GPUs)– Nvidia GeForce GTX 1070, Nvidia GTX 1080 Ti and Nvidia GeForce GTX 1060.
Microsoft has been hit a major outage, taking down Outlook, Teams and more. The issues also appeared to affect Microsoft Azure, its cloud services platform, meaning that other websites could also be affected. Microsoft recognised some of the issues on its social networks and server status page, and indicated that it was searching for the cause of the problem.
Microsoft early Wednesday said it was investigating reports of outages to services including Teams and Outlook, as thousands of users reported being unable to access the products. “Any user serviced by the affected infrastructure may be unable to access multiple Microsoft 365 services,” Microsoft (ticker: MSFT) said in a service-health update on its website. Microsoft said it was rolling back a network change that it believed was causing the outages and it is monitoring the service.
Apple is launching a new ad and in-store program meant to highlight its data privacy capabilities.
Software developers for Ethereum, the world’s second-largest blockchain, on Monday said they successfully deployed a copy of the blockchain — or “shadow fork” — to run tests of the upcoming Shanghai hardfork upgrade scheduled for March.
Xbox Live, Outlook, Microsoft Teams and more are down in a major outage. The problems also hit Microsoft Azure, its its cloud computing platform, which means the effects of the technical problems could be felt on other websites and servers that do not appear to be connected to Microsoft. The problems with Teams and Outlook came at the beginning of the work day.
The Competition and Markets Authority (CMA) said in November it was investigating whether the deal between the two U.S.-listed companies could substantially hurt competition in Britain, adding that it had until March 22 to decide. Broadcom and VMware did not immediately respond to Reuters' requests for comment.
Zelle, among a growing number of money transfer apps, does not charge a fee for instant transfers. Learn more about its pros and cons.
If you have an iPhone, iPad, or Mac, your Apple ID is among your most important digital accounts. If it is compromised, bad actors can access your iCloud information, see your location, or outright steal your devices from you. Keeping your Apple ID safe is obviously paramount. While code-based two-factor authentication (2FA) has been Apple’s go-to way to protect your account for years, with the latest update to iOS 16.3, you can now use physical security keys to lock up your Apple ID from would-
Microsoft Corp on Tuesday aimed to assure investors that its big bet on artificial intelligence (AI) is paying off, even as economic turbulence is making Microsoft customers scrutinize their cloud spend. Early evidence is in usage of a little-discussed tool that can write computer code for programmers, called GitHub Copilot. On Tuesday, Microsoft Chief Executive Satya Nadella said that more than 1 million people had used Copilot to date.
(Reuters) -Microsoft Corp on Wednesday said it had recovered all of its cloud services after a networking outage took down its cloud platform Azure along with services such as Teams and Outlook used by millions around the globe. Azure's status page showed services were impacted in Americas, Europe, Asia Pacific, Middle East and Africa. By late morning Azure said most customers should have seen services resume after a full recovery of the Microsoft Wide Area Network (WAN).
Why Europe’s DORA regulation is a band aid but not a cure – Yahoo Finance
