TrustTech — Securing the Digital Infrastructure (Part 2)
As the world continues to become increasingly digital, the need to safeguard trust has never been greater. Unfortunately, it seems that traditional cybersecurity defense methods are no longer enough to keep up with the constantly evolving threat landscape. This is where TrustTech comes in. TrustTech expands the traditional definition of cybersecurity to include technologies that promote trust across all layers of the Trust Backbone: infrastructure, identity, regulation and ethical.
The Trust Backbone (read part 1 of the series here) is the fabric that makes up the digital world, connecting everything and everyone in it. As millions of gigabytes of data containing sensitive information are exchanged through this mesh every day, it becomes imperative to ensure its resilience. This is easier said than done, since the four layers of the Trust Backbone are in constant exchange with each other making them interdependent. Securing one layer while disregarding the rest creates structural holes in the Trust Backbone, making it vulnerable to attacks. TrustTech provides a holistic approach to securing the entire Trust Backbone, including its layers and the interactions between them. If you want to read more about the general concept of the Trust Backbone: Plugging the trust gap | G+D Spotlight (gi-de.com)
The Digital Infrastructure Layer forms the basis of the Trust Backbone
The journey towards ensuring a resilient Trust Backbone starts with the Digital Infrastructure layer. The Digital Infrastructure layer forms the basis of the Trust Backbone by enabling the storage and exchange of data between parties through computer networks, servers, software applications and devices. Traditional cybersecurity solutions typically play on this layer, providing basic protection against a range of threats. Organizations recognize the crucial significance of cybersecurity and are investing millions into their cyber-defense. However, considering the rising number of cyber incidents and associated cost, one has to wonder if cybersecurity alone is enough for emerging attack vectors.
Excluding classical cybersecurity solutions which make up the bulk of startups on this layer, the EU Digital Infrastructure space is still very early-stage. 75% of the deals in the EU are pre-seed, seed or early-stage VC, following the trend of the overall TrustTech vertical. The number of startups, as well as capital invested in the space are on the rise.
The growing financial burden on companies
The financial burden of cyber-attacks on companies has significantly increased in recent years. This is due to a number of factors, including the growing sophistication of cyber criminals and the increasing number of connected devices that provide new entry points for attacks. Additionally, the increasing reliance on technology in both personal and business settings has created a larger pool of potential targets for cyber criminals. Cyber-attacks have a significant financial impact on companies, with the cost of a single attack often running into millions of dollars.
The number and impact of cyberattacks is on the rise. The costs of cybercrime include damage and destruction of data, stolen money, theft of personal and financial data, reputational harm and more. The global cost of cybercrime is predicted to amount to $11.5 trillion in 2023, reaching a whopping $17.6 trillion by 2025. Compared to 2020, the cost of cybercrime will have increased almost six-fold in the span of 5 years. It comes to no surprise then that organizations around the world are pouring money into their cyber defense. According to McKinsey, the global spending on cybersecurity in 2021 was $150 billion and growing by 12.4% annually. However, throwing money at this problem will probably not make it go away. The fact of the matter is that the current solutions on the market are not able to keep up with the increasing sophistication of cyberattacks. Companies need to adopt a more proactive and multi-layered approach to cybersecurity, one that takes into account the constantly evolving threat landscape and leverages the latest technologies and best practices. It is only by doing so that they can hope to stay ahead of the rapidly evolving cyber threat.
When cybersecurity fails
Let’s look at the 2020 SolarWinds hack, dubbed the “Worst Nightmare Cyberattack”. The attackers were able to compromise the software updates of SolarWinds, a popular network management tool, which allowed them to gain access to the networks of organizations using the software. In fact, the effects of the hack were so widespread, even reaching the United States Federal Government. The compromise of SolarWinds’s flagship software Orion has cost the company $40 million in the first nine months of 2021 alone. This is without taking into account the average of $12 million incurred by each of the other affected companies.
So, how did this attack reach thousands of users? — It came neatly packed with a message that read: “This release includes bug fixes, increased stability and performance improvements”. What users thought was a routine update of their Orion software turned out to be a malware. Once installed, it created a backdoor through which hackers could access and impersonate users and accounts, and access system files. This attack exposed a variety of vulnerabilities present across the affected organizations. Lacking focus on security before software deployment, use of single sign-on (SSO) systems, and reliance on traditional multifactor authentication systems (MFA) are but a few weaknesses exposed by the hack.
Unfortunately, the SolarWinds attacks is just a drop in the ocean of cyber incidents occurring in the last decade. Other incidents worthy of notion are the 2018 Marriott International Data Breach and the 2021 Facebook Data Breach. Interestingly, all three attacks involved prominent companies expected to have some of the best-in-class cyber defense. This points to the gap in cyber-defense which could be filled with holistic TrustTech solutions.
TrustTech complements traditional cyber solutions
TrustTech is working on a variety of solutions to overcome the flaws of cybersecurity on the Digital Infrastructure layer. By incorporating security into the software development process, organizations can detect and address vulnerabilities earlier in the lifecycle, which helps to prevent security incidents and reduce the risk of cyberattacks. This is the idea of the shift-left approach — integrating security into software development before deployment. In the case of the SolarWinds hack, implementing shift-left security might have allowed the company to detect the malicious code in the software update before it was released and before it reached the networks of customers.
Secure Data Collaboration allows the secure exchange and processing of data in an encrypted environment. Ensuring end-to-end integrity of data, it minimizes the risk or data being stolen, lost, destroyed or contaminated during collaboration or data transfer between parties. This would allow medical institutions, for example, to share sensitive patient information amongst each other to provide better care. Confidential Computing and Homomorphic Encryption are two examples of technologies enabling Secure Data Collaboration. Confidential Computing isolates sensitive data during processing, such that the data itself and the technique used to process it are invisible and unknowable to anyone. This eliminates the existing data security vulnerability by protecting the data during use, as opposed to it being protected only in storage or during transit. Homomorphic Encryption enables the analysis of encrypted data without compromising the encryption, ensuring data privacy in case of storage and processing by third parties, such as the cloud provider.
Zero-trust architecture (ZTA) is a TrustTech trend gaining popularity as a solution that emphasizes security at every level of the network. This approach is based on the principle that no device, user, or network traffic can be inherently trusted and that all must be verified for access. The traditional “trust first, verify later” concept is being replaced by a zero-trust framework where users, devices, and network traffic must be continuously verified to ensure a secure system. This approach is essential in today’s digital landscape, where hackers and cybercriminals have become more sophisticated and advanced in their attacks, making traditional security models vulnerable to breaches. The ZTA model focuses on granular access control, meaning that users are granted access to only what is required for their job functions. This approach is in contrast to the traditional security models that rely on perimeter-based defenses and user privileges that may be too broad. By implementing a zero-trust architecture, organizations can improve their cybersecurity posture and reduce the risk of security breaches.
Digital assets, which include but are not limited to cryptocurrencies, have been increasing in popularity, reflecting a broader trend of digitalization in finance and the growing adoption of distributed ledger technology. However, compared to traditional asset classes, digital asset security largely relies on the safeguarding of the so-called private key which makes it possible to broadcast transactions to the network and authenticate as legitimate user. Crypto custodians are an important component of the TrustTech space, safeguarding exactly this. They provide a secure storage solution for digital assets that is designed to protect against threats such as hacking, fraud, and theft. Custodians provide a level of protection that is necessary for institutional investors and other large-scale investors to enter the market and feel confident that their assets are safe. Back in 2020 we noticed a need on the market for exactly this kind of solution and invested in Metaco. Trusted by top banks, Metaco is now one of the leading providers of security-critical infrastructure enabling financial institutions to enter the digital asset ecosystem.
That concludes our overview of the Digital Infrastructure layer of the Trust Backbone. It is a necessary addition to traditional cybersecurity and it enables new use cases, promoting trust in digital ecosystems. Next up is a closer look at the Identity layer!
Check out our website to find out more about G+D Ventures and our Portfolio!
G+D Ventures is a European TrustTech investor based in Munich, Germany. G+D Ventures invests in predominantly early-stage TrustTech startups developing solutions for greater security and trust in the digital world. TrustTech expands the traditional definition of cybersecurity to include technologies that promote trust across all layers of the Trust Backbone: infrastructure, identity, regulation, and ethics.
