- podcast
- NEWS
Tech adoption at light speed: Balancing euphoria with cynicism
Tom Vartanian, executive director of the Financial Technology & Cybersecurity Center, joined the JofA podcast recently to discuss concerns about the rapid pace of technology adoption. Although he sees the benefits technology has had, he also sees drawbacks.
“It’s not that we shouldn’t have technology, it’s not that we shouldn’t applaud technology,” Vartanian says in the episode. “It’s just that our balance is off.”
Vartanian, a former federal banking regulator and the author of nine books, is a keynote speaker Sept. 9 at the AICPA & CIMA Conference on Banks & Savings Institutions, which is co-located with the AICPA & CIMA Conference on Credit Unions.
What you’ll learn from this episode:
- Why Vartanian senses “irrational” euphoria about rapid technology advances.
- The speaker’s reminder about the original, limited purpose of the internet.
- Details on the assertion of “going back to fundamentals” when it comes to cybersecurity.
- The difference in approach between a regulated bank and a third-party service provider.
- The value of strong leadership in mitigating cybersecurity concerns.
Play the episode below or read the edited transcript:
— To comment on this episode or to suggest an idea for another episode, contact Neil Amato at Neil.Amato@aicpa-cima.com.
Transcript
Neil Amato: Welcome back to the Journal of Accountancy podcast. This is Neil Amato with the JofA. Today’s episode features a conversation with author, board member, former federal banking regulator, Tom Vartanian, who is now executive director of the Financial Technology & Cybersecurity Center. He’s written nine books, and he’s also a keynote speaker September 9 at the AICPA & CIMA banking and credit unions conference. You’ll hear that conversation right after this brief sponsor message.
Welcome back to the show. As I said, Tom Vartanian is our guest today. Tom, you’re delivering a keynote address, as I mentioned, the title of that September 9 session, “21st Century Internet Alert: Tech Is Just As Destructive As Transformative.” Do you think people are not understanding how destructive technology can be, especially in areas such as the banking sector?
Tom Vartanian: Yeah, Neil, thanks for having me. I’m delighted to be here. Let me say it this way. I think that there’s an absence of balance. I think everybody understands that all technology is a two-edged sword. Right, and so the question becomes, how do you balance the good and the bad?
I think what’s happening — and I draw this from my experience and that’s what I say in my book, The Unhackable Internet — I think what’s happening is that we are becoming so irrationally euphoric over technology and how fast it is changing the world and how much money it can make for people, that we are forgetting the damage that it can do. For that reason, we’re putting out software before it is right to be out in the marketplace. We need to start thinking a little bit differently. Before we think about the euphoria of technology, think also about the pernicious and horrible repercussions that can come from pernicious and horrible people using technology in very difficult ways.
Amato: You mentioned that book, your most recent one called The Unhackable Internet. One of the things you’ve written in that is that super sciences such as AI are going to change the world more than we as a society have ever experienced and that there really is no turning back. Do you want to talk a little bit more about that topic?
Vartanian: Yes. I did include a large section in the book because I do believe it has a wide impact on financial services and professional services. It’s going to change the way they’re offered. It’s going to change who’s offering them. But here’s the problem. While I was doing research for the book, I read 75 other books. I read a lot of artificial intelligence books by people that I think are highly respected. A good number of those people, maybe more than 30%, will point out that this will be a revolution in both sciences and business like we’ve never seen before. Because unlike people using machines and using technology to get to the next plateau, the next plateau could be here, the machines taking over and using people.
Because of the speed at which artificial intelligence can proceed, and the likelihood that within the next 10 years we will have not just super, super computers, but quantum computing, we are reaching the point where humans are no longer the most intelligent being on the planet. There’s a number of authors I read who basically said, “What do you think separates us from animals?” Animals are stronger. They’re quicker, they’re more vicious. But what is it that allows us to be on top of the food chains? It is intelligence, and if artificial intelligence or nonbiological intelligence is going to surpass that, the question then becomes, who controls it, number one, and does it eventually control itself and therefore us?
I think I agree with a number of authors who basically say, if there’s a 5% chance of that happening, and look, Stanley Kubrick obviously thought it could happen in 2001: A Space Odyssey, right when Hal took over the spaceship. There’s a 5% chance that that could happen, and machines could say, we’re making decisions for the benefit of machines, not human beings. Then I think it is incumbent upon us, and incumbent upon democratic nations around the world to get together and come together and create a set of global rules and standards that at the very least maximize the ability of humans to stay in control of technology.
Amato: Obviously, as you’ve touched on, people are excited about the possibility of technology flourishing in so many ways, unbounded ways, I guess. But tell me a little bit more about some of the caution you’re urging, given the scale of changes happening already.
Vartanian: What I basically concluded, Neil, is that if we pile the elements of technology, both positive and negative, on a cyberspace and an internet that is so insecure, so vulnerable, and so hard to assure security in that we are not doing ourselves any favor whatsoever. My argument is that if I thought the base and the foundation upon which we were going to build artificial intelligence now, sciences and quantum computing, was solid and that online virtual space was as secure as the real analog space we live in, I think we would be in a much different position.
But the problem is, let’s just take the internet established in 1969. What was its purpose? Its purpose initially was for universities to trade research and emails. It was never meant to be secure. It was never meant to house all of the important data in the world, and it was never meant to house all the value in the world. But where are we today? We’re exactly there, and the internet has gotten no more secure.
And we live in the analog world where we have rules. We have concerns over privacy, and we do everything possible to maintain security. We have locks on doors, fences around yards, police around cities, armies around countries. You move into cyberspace, which is in effect the alter ego that we’ve now invested where we put everything in the real world into that world. There’s no rules, there’s no borders, there’s no security, and if your money — and I say this in the book several times — if your money disappeared tomorrow morning, do you know who to call? I don’t know who to call. I’ve been doing banking for 50 years. I don’t know who to call. That’s a problem. What I equate the foundation here to be is similar to taking all of your personal goods, all your most intimate goods, and all your most personal papers, rolling them out the front door and putting them on the front lawn for any passerby to basically rifle through.
That’s what cyberspace is like, and unless we change that, we’re piling on technology upon technology on a world that is incredibly insecure and incredibly vulnerable, and if you need any proof of that, just look this week at the AT&T breach that occurred where you’ve got multimillions of people whose data has been taken. I asked the question this way, if the top 500 companies in this country and all of the regulatory agencies, the White House, NASA, and NSA can’t make themselves secure, what chance do we have? I think we’ve got to go back to fundamentals. We’ve got to anchor down the internet, make that secure, make cyberspace secure, kick out people who don’t want it to be secure, and then we can talk about making rules for artificial intelligence and quantum computing.
Amato: Yeah, you make really good points. I mean, I paid some bills online through my banking site and didn’t really think twice about it. We take so much of this for granted. It’s like forgotten how exposed it is.
Vartanian: I think one of the most frightening things that went under the radar in the last few months. It’s really shocking that it did go under the radar. But the Department of Homeland Security’s CISA, C-I-S-A, announced that they had caught up with Volt Typhoon. Volt Typhoon is an organization made up of Chinese-affiliated organizations.
CISA said that they had infiltrated every critical infrastructure in the country. Now, what does that mean? Richard Clarke in his book about cybersecurity — Richard Clarke was the cyber czar to three presidents in this country — says that we underestimate the ability of foreign adversaries to be loading logic bombs and all kinds of apps and bots into the systems that they can call to action at any particular moment and take everything down. When that announcement of Volt Typhoon came out several months ago, I said to myself, well maybe this will spur people to start to reconsider what they’ve done to themselves in terms of building an insecure cyberspace. Of course, not a thing happened beyond a press release.
Amato: There definitely is some desensitization to news of data breaches, no matter how big you as an expert might view them. Speaking of that word, “cybersecurity,” I believe I’ve gotten this phrasing right, that you suggest that cybersecurity itself is a myth.
Vartanian: Yeah, I think it’s a myth. I think it’s a myth that is very profitable for consultants where we’re now heading towards a trillion dollar cybersecurity business. The reason I say it’s a myth is because let’s anchor that to what I just said. Because fundamentally the internet, cyberspace are insecure. They’re insecure, they’re vulnerable. They’ve been penetrated by anybody who had any ability in this area. When a company says to you, well, we’ve been penetrated, you get these letters that go out all the time, we’ve had a breach of these emails, we’ve had a breach. Here’s what we’re doing, and here’s what we found out. We’re going to give you credit monitoring for one year to make sure. I say to myself, this is really quite astounding because it’s the same script all the time. Nothing ever changes. All they’re telling me is sometime in the last two years somebody got my information. What am I supposed to do about it now? It doesn’t get better now.
Why doesn’t it get better? It doesn’t get better for several reasons. Number 1, what I said about the insecurity and vulnerability of the internet, that’s got to change first. Number 2, we have a launch first, patch second mentality with respect to new products and software. That’s because, Number 3, there is so much money to be made by getting to market first, being the pioneer. And having advised CEOs and boards of directors for nearly 50 years in my career as a lawyer, I can tell you nobody is going to fix this problem until the losses that are driven by insecurity surpass the profits that can be made for being first in this area and getting the product out.
Amato: So let’s bring this maybe to the audience level for this show. For finance professionals, what are some of the ways or the steps they can take to maybe fend off some of these potential threats?
Vartanian: What I would say to my clients and other financial professionals is, Number 1, you have to start with an assumption that everything you’re working with is insecure. I think all too often we’re convinced that everything’s great, that all this glossy material and the shrink-wrap stuff really encases something that’s highly secure. You have to assume the worst. I think if you put your mindset to the point where we are going to be penetrated, there is going to be a hack. There is going to be problems. That’s the place to start. Not, “Oh, it’s not going to happen.” Second of all, the question’s going to be who can we blame? All too often, the professionals are in the zone of blame.
I think you have to basically protect yourself in this world where blame becomes a beach ball that we also knock around in a big stadium. That’s the second thing I would urge that the blame has got to land somewhere. Number 3, all of technology, at least in financial institutions, is relying on third-party vendors. People don’t understand that banks are really a front door. You walk through that front door, you get a panoply of services, most of them offered by third-party providers in the background you don’t see. We have to understand that those third-party providers don’t have the same sense of safety and security that a banker does.
They’re not regulated like a banker is. They don’t live in a regulated world. They have a much different perspective. When a banker issues the product, he or she has to know that the regulator is going to approve it and it’s going to be safe and sound. When a third-party vendor offers a product, they may think about those things also on behalf of the bank, but they’re also thinking about how do I make money? That nonregulated psychology has got to be woven into the mix. I’d say, I approach all of this stuff with a good sense of cynicism because at the end of the day I know what’s going to happen, and I know we’re going to be in a blame game situation and a liability situation trying to find out who’s liable and who’s not.
Amato: Is there anything positive about the way things are going?
Vartanian: Well, not from a security point of view. I think the positives are the enormous enhancements to the quality of life that technology are creating. There’s no doubt about that. What I say, and I’ll go back to what I said at the beginning is the balance is off. It’s not that we shouldn’t have technology, it’s not that we shouldn’t applaud technology. It’s just that our balance is off. There’s a great book I would recommend everybody to read to get some grounding in this. It’s called Tracers in the Dark. It just came out from a journalist from Wired. It is absolutely stunning because it talks about a number of things. It talks about how the virtual world has changed the business of criminality.
It is now on such a scale, it is remarkable. It’s global.
Amato: Tom Vartanian, this has been an interesting conversation. Anything you’d like to add in closing?
Vartanian: The only thing that I’d like to add is a sense of cynicism and a sense of balance. If we all start getting that sense of cynicism and balance, I think it will help. Number 2, I’ve often been asked how do we reverse all this and make it better? I’ve got 100 suggestions in my book, and you can take them or leave them, frankly. But the last suggestion I make at the very end of the book is one that I think you can apply to a lot of other areas. That is, we need better leaders. We need people who understand issues. We need people with the courage to take them on. We need people who are going to solve problems. Without leadership, none of these problems are going to be fixed. I have no confidence that they’ll be fixed. We can talk about them, we can write about them, we can have discussions about them. Without leadership, they’re not going to be fixed.
Amato: Tom, thank you very much.
Vartanian: Thank you, Neil.