Technology risks – DX Coffee Chats

Technology adoption generates both points of connection and significant vulnerability. With cyber threats, breaches, and attacks on the rise, Canadian organizations are faced with navigating ever increasing complexity, made evermore challenging against the backdrop of economic and geopolitical uncertainty. To stay competitive businesses require strong cybersecurity and privacy practices.

In our fifth DX Coffee Chat, host Kareem Sadek, Partner and Co-leader of KPMG in Canada’s Advisory, Cryptoassets and Blockchain practice, engaged guests Ireen Birungi, Andrea Stapley, Sylvia Kingsmill and Alexander Rau in a conversation about today’s most pressing cybersecurity and privacy topics. Read on to explore some of the insights they shared and get the full scoop by watching the on-demand session recording.

According to KPMG's CEO Outlook, cyberattacks are on the rise and Canadian business leaders are less confident in their ability to deal with an attack. Those who feel “well prepared” or “very well prepared” fell 17 percentage points from last year, while those who said they were “underprepared” jumped three-fold.

At the same time, they’re also recognizing the importance of cybersecurity beyond just a compliance requirement. This year’s KPMG Global Tech Survey suggests they increasingly see cybersecurity as a “golden thread running through growth and success,” and what makes digitally mature businesses so successful is including cyber specialists early on in their tech-innovation workflows.

Here are some key takeaways from our DX Coffee Chat on key trends in cybersecurity, privacy, and emerging technologies:

• Talent shortages and burnout create new risks. The pandemic changed the way we work, accelerating digital transformation and shifting organizations toward permanent remote or hybrid workforces—which has created new security risks. But there’s another factor at play. Starting with the Great Resignation and now with Quiet Quitting, there’s a shortage of talent in the workforce – and those who’ve stayed may be feeling the pressure. This should be a notable concern for leaders.“Employees are feeling overworked and burned-out,” said Ireen Birungi, VP of Information Security and CISO at Interac Corp. That means they’re more susceptible to making mistakes or becoming a victim of phishing campaigns. “As we start to digitize our data, these distractions are real and can lead to these scenarios,” said Birungi, adding that it’s the job of the CISO to create an ecosystem of protection, including detection, protection, response, and recovery, as well as build a culture of security awareness. Technology leaders can also turn to automation to address staff shortages and repair skills gaps, according to KPMG’s 2022 cyber report.
• New technologies require an agile approach. When OANDA started working with agile development processes, they quickly realized that security would be a roadblock. “You can’t spend two months doing a security assessment on a third party. You need to do it in a couple of hours. So that was a big shift in how we work together,” said Andrea Stapley, CISO of OANDA. Taking advantage of new technologies and lean processes—and do it securely—required a shift in thinking. For OANDA, that meant a shift from on-prem expertise to relying on partners, as they built out a Cloud Centre of Excellence. But they took it a step further and teamed their top people with vendor partners to reskill and upskill them. “We saw a shift in having to rely on our vendor partners and not pretend that we’re the experts,” said Stapley. “We really needed our partners in that transformation journey, and that was a key part of our success.”
• Regulatory guidance is evolving and leaders need to adapt quickly. Standards have been quickly evolving since the EU launched General Data Protection Regulation (GDPR) compliance in 2018 to modernize laws that protect personal information. This has inspired governments around the world to enact similar higher standards. “The Canadian government wants to compete on the world stage to be better data innovators, but you can’t really do that with rules that aren’t fit for purpose. So, there’s a huge modernization effort here in Canada,” said Sylvia Kingsmill, Global Cyber Privacy Leader with KPMG in Canada. Québec was the first Canadian jurisdiction to table Bill 64, now called the Privacy Legislation Modernization Act (Law 25), which has brought about sweeping changes “because the law actually has teeth,” she said. But more is coming with respect to emerging technologies such as AI, biometrics, and digital identities—and it’s an area where organizations will want to stay abreast of regulatory guidance from leading entities such as the European Data Protection Board and take proactive measures.
  
• There’s no silver bullet. KPMG’s CEO Outlook revealed that two-thirds of Canadian business leaders intend to rapidly drive digital transformation to stay competitive. But doing this securely comes back to basics: building robust processes. During the pandemic, most organizations were forced to accelerate their transformation plans, which also provided them with a higher degree of risk protection as opposed to older, legacy processes. “Technology is moving very fast. But if we have the right processes in place, we can buy ourselves the time to put the right policies, procedures, and resources in place,” said Alexander Rau, Partner in KPMG in Canada’s Advisory Services for Cyber Security. But organizations don’t have to do the heavy lifting themselves—nor should they. Not every CISO is an expert in AI or quantum computing, so reaching out to subject matter experts in those fields can help them be better prepared for these new paradigm shifts.

Contact us to discuss your organization’s unique cyber and privacy journeys today.

As NFTs (non-fungible tokens) gain popularity, organizations are exploring their business potential. Yet, as a new technology alongside other emerging tech ecosystems, Web3 and the Metaverse, many are wondering about risks alongside opportunities and seeking guidance in this rapidly-evolving space. From an advisory perspective, it’s crucial to distinguish the value of NFTs from the hype.

NFTs are unique, digital tokens, recorded on the blockchain, that represent ownership of a digital or real-world asset, or a “phygital” item that blends the two. The sky’s the limit when it comes to NFT use cases. From art, to music, games, real estate, and professional credentials, organizations are now including NFTs in their strategies to enhance customer and employee experiences, attract new talent, innovate their brands, and create real business value.

In the third instalment of our DX Coffee Chat series, host Kareem Sadek, Partner and Cryptoassets and Blockchain Services Co-Leader at KPMG in Canada, sat down with business executives from leading organizations in the digital space, Walmart Canada, Venusverse and Tokens.com, to talk about emerging use cases, how to engage with NFTs, and the opportunities and risks involved in launching an NFT strategy.

Read on to explore some of the insights they shared and get the full scoop by watching the on-demand session recording.

NFT technology burst onto the scene primarily as an artists’ movement. It was an opportunity for creators to share their designs, for entrepreneurs to trade in digital collectibles, and for crypto-enthusiasts to drive interest and investment in the blockchain. What makes NFTs ground-breaking is the blockchain functionality that records ownership and assigns provenance to the item it authenticates, digital or physical.

“This is 1000% going to radicalize and change the way we use the Internet and the way we do pretty much anything,” says Andrew Kiguel, CEO of Tokens.com, during the coffee chat, “but it's going to happen gradually, in ways that are friendly to the consumer.”

What started as a personal interest in NFTs for Kunal Bhasin, Cryptoassets & Blockchain Co-Leader at KPMG in Canada, morphed as the space evolved. “I started looking at it from a different angle,” says Bhasin, “as to how companies can engage the NFT ecosystem.”

Here are some key takeaways from our DX Coffee Chat on the value beyond the hype of NFTs:

• NFTs are expanding into industries you might not expect, as they add a layer of credibility to physical assets: “We're starting to see some car manufacturers wrap their arms around the power of an NFT, which is like a neutral, unbiased confirmation of an owner of an asset,” says Michael Gill, Director of Innovation, Design and Validation, Walmart Canada. Car ownership data, service history and critical details can be put on the blockchain as NFTs to benefit resellers and future owners. “It's really powerful to have all that information available, and all of it is publicly verifiable.”
• NFTs have the potential to unlock access to a new demographic: “The new metaverses are really just a collection of NFTs that are all put together,” noted Andrew Kiguel, CEO of Tokens.com. “Kids love virtual gaming platforms where they create their own worlds – those are Metaverses. As they get older, that’s going to be their new way of shopping, their new way of gaming.” Observers expect this new iteration of the Internet to be a multi-trillion dollar opportunity. “Everyone is trying to figure it out because they don’t want to be left behind.”
  
• The power of NFTs is in redeemable tokens for real-world items: NFTs will unlock physical items, new utility and new experiences for consumers. “Ticketing is going to be a big one,” says Bhasin. “It’s going to bring in a lot more people into the Web3 space and increase the number of crypto-wallets.” With NFTs, says Bhasin, “you’re really owning your experiences and education.” Professional credentials, passports, deeds for homes, health cards, driver's licenses, memberships. All will remain in your wallet, authenticated as NFTs.
  
• There’s a need for more women and more diversity in the NFT ecosystem: While NFT use cases are exploding, there’s a need for more voices. “Women are not as involved in the crypto space or the NFT space,” says Janelle Chalouhi, CEO of Venusverse, “there’s a massive gap that has to be closed.” At the same time, NFTs represent an incredible opportunity to form strong communities and scale them globally, and NFT membership initiatives like Venusverse are encouraging women and diverse populations to get involved.
  
• There are more risks with NFTs besides crypto: NFTs are a risky asset class since you need crypto to interact with them. But risk comes from other directions, too. “How valuable people think the collection is, how engaged the community is,” as Bhasin points out, “are key factors, but public perception of assets can fluctuate. It’s still unclear how to leverage NFTs beyond that initial launch. “Environmental concerns are gaining traction, too. Gill says that corporations getting involved in NFTs should try to go beyond typical carbon offsets and challenge themselves to be carbon negative.
  
• Until there’s more legislative clarity around NFTs, do your due diligence: “It’s an unregulated space,” says Chalouhi. Bhasin urges newcomers to learn the basics. Figure out how to set up a wallet, how to set up a custodian, how to manage future airdrops. Figure out the IP rights and the legal rights. More regulatory guidance is coming, but until then, organizations need to prioritize and secure their brand reputation as part of their NFT strategies. Kiguel says that includes looking out for bad actors and being cognizant of cryptocurrency market volatility.

Only a crystal ball can say definitively where NFTs are headed, but leaders see the signs. Early adopters navigating the current volatility around NTFs remain encouraged by their long-term potential. Consumer behaviour data from digital wallets will generate new insights, new business models and new revenue models around NFTs. “We're continuing to see a lot of innovation happen,” says Bhasin, “and there's going to be a lot more value that organizations will be able to derive.”