Global trade has been transformed repeatedly throughout history, driven by new business processes and new policies. The new advances in digitalization now promise further transformation by making it faster, more transparent, reducing risks of red tape and corruption. With the increase in global trade, technology is at the core of every supply chain transaction. Through the simplification and harmonization of processes, procedures and information flows, UNECE and its subsidiary inter-governmental body UN/CEFACT contribute to the digitalization of trade and the growth of global commerce, as highlighted by the newly released WTO-ICC Standards Toolkit for Cross-border Paperless Trade.

Timely and harmonized standards can play a pivotal role in shaping the digital transformation process, complementing regulations and contributing to digital transformation governance. Standards have an impact on the economy through a wide range of channels. On the one hand, they provide technical information on products and services; on the other hand, they facilitate communication between different stakeholders. Furthermore, standards serve as accelerators of change as they promote innovation and the uptake of new digital technologies.

UNECE through UN/CEFACT serves as a focal point within the United Nations Economic and Social Council (ECOSOC) for trade facilitation recommendations and electronic business standards. UN/CEFACT can help increase the effectiveness of international trade procedures, hence helping foster trade – much needed as a tool of economic recovery. Through its new generation of digital standards and artefacts UN/CEFACT provides interoperability for the digital exchange of data between modes of transport, sectors, companies, government agencies, and countries.

Here are the main instruments developed by UN/CEFACT emphasized in the WTO-ICC Toolkit, which support international trade:

  • FIATA Multimodal Bill of Lading (eFBL) data standard newly released by UNECE and the International Federation of Freight-Forwarders Associations (FIATA) – allows the exchange of BL data in a standardized way, facilitating interoperability between all modes of transport and industry stakeholders.
  • Mapping for IMO FAL requirements created by UNECE UN/CEFACT which is compatible with its Multi-Modal Transport Reference Data Model (MMT-RDM) – offers a source of reference to IMO FAL documents that are required for nearly all maritime transport consignments arriving at the port.
  • Buy-Ship-Pay Reference Data Model (BSP RDM) developed by UN/CEFACT – describes the main process and parties in the international supply chain and the relationship between the high-level data entities of the involved international sales and transport contracts.
  • Cross Industry Invoice (CII), developed by UN/CEFACT – provides an executive guide to helping governments, government agencies, industries, and private companies better understand how this e-invoicing standard can be used to improve the exchange of data.

The WTO-ICC Toolkit identifies standards that are currently available and widely recognized to help facilitate basic data sharing, reporting, due diligence, and compliance requirements. Out of 100 standards presented in the Toolkit, around 20 derive from frameworks and initiatives of UNECE. The aim of UNECE standards is seamless and highly efficient exchange of data, while limiting person-to-person contacts in the supply chain, with the use of United Nations standards and modern IT tools.

Multiple standards exist, developed by multiple organizations; what is lacking is an alignment of existing standards. In response to this challenge, this new WTO toolkit equips every supply chain participant, both public and private, with some of the most notable and widely used standards to help advance trade digitalization. In addition to this, UN/CEFACT aims to be a hub for the semantic base of such digitalization initiatives.

The United Nations Capital Development Fund (UNCDF) held two virtual information sharing sessions on the Request for Applications (RFA) on “Digital Finance for Women Entrepreneurs – Innovation Fund Papua New Guinea” on Wednesday, 30th March, and Wednesday, 06th March 2022.

The Challenge Fund was launched and implemented by UNCDF to offer support in tackling the economic impacts on the formal and informal economy in the country. It was aimed to strengthen the Government of Papua New Guinea (GoPNG)’s ongoing efforts in achieving broader macroeconomic targets in the National SME Policy and National Financial Inclusion Strategy.

Invitations had gone out to applicants that ran businesses in Papua New Guinea (PNG) to increase access to Digital Financial Services (DFS), delivery channels and business model innovation for Women led Micro, Small and Medium Enterprises (MSMEs) and women entrepreneurs in informal sector across four regions of the country – Southern Region (focus Port Moresby), Momase (Focus on Lae and Wewak), Islands region (focus on Arawa/ Bougainville) and the Highlands region.

The applicants could pick one or more of above-mentioned locations for their interventions and could be financial institutions (e.g., banks, microfinance institutions, savings, and loan societies), mobile network providers, non-bank financial service providers and Fintechs.

The Fund supports applicants that have existing and innovative solutions to run projects within the country and capacitate the business resilience for Women-led MSMEs and women entrepreneurs in formal and informal sector (e.g., trading, agri-business, textile, food, and beverage) to increase access and uses of digital financial services against the economic recession caused by COVID-19.

The fund will increase access to Digital Financial Services (DFS), delivery channels and business model innovation for women-led micro, small and medium enterprises (MSMEs) and women entrepreneurs in formal and informal sectors across the four regions and would also increase delivery channels and business model innovation through partnering with financial service providers who have digital financial services to bridge the “unbankable” gap for the women-led MSMEs and women entrepreneurs.

All applications for this fund will close on the 12th of April 2022. Apply here.

Please contact Ms. Lorraine Basse on email: for more details.

In Ziguinchor, Mrs. CISSE now manages her finances and the repayments of her microloan from her shop. Thanks to a technical solution provided by GSIE Technology, her bank account is directly linked to her mobile money account.

Mrs. Cisse is a faithful client of the Alliance de Crédit et d’Epargne pour la Production (ACEP), a well-known microfinance institution (MFI) in Senegal. She has been granted three successive loans by ACEP Senegal to develop her kiosk shop. Her excellent reputation with the institution comes from her ability to pay back her loans on time. In addition, today, thanks to ACEP FEEP (“everywhere” in Wolof), she can credit her bank account using her e-wallet. With this new service that links her MFI account to her mobile money account, she no longer must close her kiosk to go to the branch to deposit the amount due every month.

The technical solution used by Mrs. Cisse when she uses ACEP FEEP is known as IntercoMobile. GSIE Technology developed the solution and integrated it into the MFI’s information system via an API (Application Protocol Interface) to link the client’s bank account to an e-wallet. Unfortunately, to date, only Orange Money is available on the platform. However, GSIE Technology is negotiating with other e-money issuers to expand the solution’s reach.

Furthermore, GSIE Technology’s teams support ACEP and other MFIs throughout the integration process by delivering technical assistance and customer support. In the field, GSIE Technology’s teams train the MFIs’ agents, provide a user platform and participate in customer enrolment campaigns.

Following the example of ACEP Senegal, other MFIs in Senegal wish to implement this “Bank to Wallet” and “Wallet to Bank” link. However, for these MFIs, the technical challenges linked to this integration or the commercial negotiations with e-money issuers often hinder the implementation of a digital transformation within their organization.

Since June 2021, UNCDF works with GSIE Technology to support the deployment of IntercoMobile in Senegal. The objectives of UNCDF are to accelerate the identification of new MFIs and grow the adoption of the services by clients like Mrs. Cisse. Today, 6 500 clients benefit from the IntercoMobile solution, and the objective is to reach 10 000 clients by June 2022.

To measure the impact of IntercoMobile, UNCDF followed the marketing campaign organized by ACEP Senegal from 21 to 25 March in the branches of the Ziguinchor region, as well as in the field during customer visits. This visit allowed UNCDF to measure customer satisfaction, and the feedback from users was very positive. The application is mainly described as “practical” because it saves the need to go to a branch to withdraw or deposit money.

However, some customers are still reluctant to use e-money and will need further support from ACEP Senegal agents. Blaise DIAGNE, ACEP Senegal branch manager in Ziguinchor, explains that the population’s appropriation of new digital channels takes time, especially in rural areas. It often requires word of mouth. The branch manager believes that “ambassadors” such as wholesalers or community leaders adopting and recommending the ACEP FEEP solution will quickly allow practices to change.

Chérif Diatta, Head of Distribution Channels at ACEP Senegal, is delighted with the success of the integration of IntercoMobile within ACEP. He plans to launch commercial challenges within the network to accelerate the adoption of the solution and awareness campaigns, such as the one conducted in Ziguinchor, to support ACEP customers in digitalizing transactions.

To learn more about this solution for MFIs, don’t hesitate to get in touch with our project manager in Senegal, Claire Kalonji

The e-Governance Conference 2022, this year reaching its 8th edition, welcomes digital leaders and experts over the three years in Tallinn and online at This year the main focus is on the resilience of digital governance in times of crisis and the next step in the path of digitalization – seamlessness. Hannes Astok, Managing Director at e-Governance Academy, joined us in another episode of the Digital Government Podcast to give a sneak peek into this year’s event. And why you should all join, of course.

Seamless and resilient governments, in peace and emergency

The past two years have been characterized by governments’ responses to the pandemic. First, it was about shifting to online services and remote working. Secondly, on the rollout of vaccines and digital certificates, consolidating operational practices.

Recently, other crises have hit Tonga and Ukraine – respectively, a natural calamity and war. “So, I think the question of resilience has become very important throughout this year. Those crises bring plenty of challenges for public service delivery and digital transformation,” Astok says.

“But on the other hand, the topic of seamless government is very much related to resilience: even in peaceful times, people want services delivered with this approach. It means that citizens won’t have to apply online or offline for one or another service. Rather, people want to get them directly, with the government notifying you that a deadline is approaching or that you are eligible for a given benefit,” he continues.

Digital leaders of Estonia,  the UK, and beyond will shed light on the latest innovations in public service provision. As Estonia works as a role model and inspiration for many countries, the Conference features Government CIO Luukas Kristjan Ilves and Chief Data Officer Ott Velsberg to get the freshest insights on data management and AI for service provision. Also, you can join Siim Sikkut, the former Government CIO of Estonia, in a discussion on how effectively lead the digital transformation in the government.

The Conference speakers include the President of Estonia, Mr. Alar Karis, the President of the Future of Life Institute Max Tegmark, Author and UX consultant Vitaly Friedman, Research Fellow at the University of Oxford Paul Timmers,  Lisa Talia Moretti, Digital Sociologist at Ministry of Justice Digital (UK) among others.

Is it still possible to innovate during a crisis?

In a sense, the two years of the COVID-19 pandemic already provided an answer to this question. But things may change when the crisis at hand is a natural disaster or an active conflict.

“It’s a good question, but I think crises are always a good environment for innovation. Let me bring up an example from medicine. Surgery, in particular, has developed a lot during times of war. The comparison here is that if you have a critical situation to face and the time slot available for a decision is very short, you need to take shortcuts, experiment, or at least try new methods, and processes. There is room to take risks because, if you don’t, you fail to address the problem at hand anyway,” Astok explains.

The Conference will shed light on how governments reacted during such periods. “From those areas where deep crises took place or are still happening, we can learn how governments acted rapidly, how they innovated and invented new ways of delivering services. This, of course, entailed creating shortcuts and eliminating useless, obsolete, time-consuming processes to provide for citizens quickly and in a digital format.”

You are all invited. May 10-12, in Tallinn or online

Resilience and seamlessness are the central umbrella under which we will contextualize the experience of governments in times of crisis. But our Conference topics do not stop there: we will also address participatory practices in policymakingcybersecurity, design of public services, the implementation and responsible use of artificial intelligence, and much more.

“You can go online and follow the three conference days by registering at But this year there is also a great opportunity to join the conference in Tallinn! The pandemic is increasingly fading and going easy on Estonia, spring is set to make Tallinn look even more beautiful, and we’re in a safe and secure environment. So, it’s worth coming, listening to our high-level keynote speakers and panellists, joining the discussion, and finding out more about digital governance’s resilience and seamlessness,” Astok concludes.

Interested in more? Join the e-Governance Conference on May 10-12, 2022, to get the best insights and lessons learnt about how digital governments cope with times of crisis and create seamless online services to make citizens’ life easier.

The rapid global response to the outbreak of the COVID-19 pandemic shows how innovative activity can adapt quickly to shifting priorities and a similar effect is needed to urgently address climate change, according to WIPO’s World Intellectual Property Report, which probes the complex sets of decisions that direct the development of life-changing innovations.

The report launched today finds that human innovation is inevitable, but its outcomes are not: The direction of innovation is the result of multiple actions by entrepreneurs, researchers, consumers and policy-makers, and society’s needs can change quickly as they did during the fast-spreading COVID-19 pandemic.


With the onset of the pandemic, innovators shifted efforts to address the new realities of remote work, suppressed demand for a variety of services and, critically, the need for new medical products. These include anti-virals and the mRNA vaccines whose quick development benefitted from an emerging platform that was quickly employed to address COVID-19, with funding and other support of governments and a wide range of players in the innovation ecosystem.

This important report helps us understand what we all need to do to ensure that human ingenuity is harnessed and directed efficiently and with the greatest impact towards a range of common global challenges, notably climate change,

said Mr. Tang, adding that governments have a critical role to play:

Governments are uniquely placed to promote innovation, for example, by mobilizing resources, offering a wider perspective of society’s needs and generally creating the right incentives and enabling environment to promote and harness human potential.

Among the report’s key findings:

  1. The report looked at patenting rates over the past century – a period marked by a number of major pulses in innovative activity – and found a 25-fold increase in overall growth, or about 3% each year. This growth was driven by a number of technologies:
    • Innovation in the transport sector doubled in only 30 years to 1925, when it represented 28% of all patents, with a 21% annual growth rate in the period
    • Medical innovation more than tripled in only 30 years upto 1960, when the area represented 7% of all patents, with a 5% annual growth rate in the period
    • Computer and related innovation (ICTs) tripled in 35 years through 2000, when the sector represented 24% of all patents and an 8% annual growth rate in the period
  1. Digitalization is the new big innovation revolution: It is now transforming industries, by changing who innovates, the types and process of innovation.
    • Digital innovation quadrupled in the 20 years upto 2020, when it represented 12% of all patent applications, with a 13% annual growth rate
  1. New technologies can be leveraged to achieve economic development at a large scale. In East Asia, Japan, Republic of Korea and China have each leveraged their scientific capacity, technological capital and skilled labor to fully integrate into the global economy as core and active participants in IT global value chains:
    • By 2020, Japan-based innovators held 25% of the world’s ICT-related patents, followed by Republic of Korea with 18% and China, at 14%
  1. Since the oil price shock in 1973, global innovation in low-carbon emission technologies has growing by 6% annually until 2012, but green innovation has stagnated since then.

As part of the Ready4Trade Central Asia project funded by the European Union, ITC just launched its e-commerce enterprise training in Kazakhstan, Kyrgyzstan and Uzbekistan with the support of QazTrade, the Union of Artisans of Kazakhstan, the Investment promotion and protection agency of the Kyrgyz Republic, and the IT Park and Hunarmand Association of Uzbekistan.

40 advisors have been selected in these 3 Central Asian countries to work with up to 200 SMEs from the handicraft, textile and agribusiness sectors to help them sell through new online channels.

The chosen advisors will receive in depth training from the ITC ecomConnect team with the support of national e-commerce experts. They will then individually mentor a pool of businesses, which they will follow through the different stages of e-commerce development from market research and e-commerce strategy to digitization of content, selection of an online channel, using online payment solutions, developing a digital marketing strategy and understanding logistics for e-commerce.

As stated by Ms. Saltanat Abdykerimova, one of the advisors benefitting from this project:

‘My participation in the e-commerce component will not only allow me to deepen my experience, but it will also give me an opportunity to help kyrgyz companies follow international trends and be more competitive in the global markets.

Following the launch of this foundation phase, beneficiary SMEs will further benefit from several e-labs to provide specific support to the most advanced companies. The e-labs combine testing, measuring and learning. By testing different online channels and digital marketing techniques, and measuring the performance, the more advanced companies can develop their e-commerce strategy and share lessons learned with beginners.

With the project ‘Ready4Trade Central Asia’, the European Union (EU) and the International Trade Centre (ITC) are joining forces to contribute to the overall sustainable and inclusive economic development of Central Asia by boosting intra-regional and international trade in the region. Beneficiaries of the Ready4Trade Central Asia project include governments, small and medium-sized enterprises (SMEs), in particular women-led enterprises, and Business Support Organizations (BSOs). The project operates in 5 countries: Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan.

The Internet is facing an unprecedented threat. As the war in Ukraine evolves, governments, businesses and other organizations are considering sanctions to thwart Russia’s invasion that would damage the global Internet.

In the short term, people will lose access to a critical lifeline for safety and accurate information. In the long term, actions that undermine the apolitical nature of the network would divide the Internet along geopolitical lines and irreversibly alter the Internet we know today.

We cannot let the Internet become a pawn of geopolitics. Politicizing decisions about the Internet’s inner workings sets a dangerous precedent that puts us on the fast track to a ‘splinternet’ — an Internet artificially carved up along political, economic, and technological boundaries. The effects may be irreversible, opening the door for further restrictions across the globe.

The Internet Society, a global community of members and chapters in over 105 countries and territories, calls for governments, businesses, and organizations worldwide to ensure:

  • The day-to-day technical governance of the Internet is not politicized. Management and operations of Internet infrastructure, including the naming, addressing, routing and security systems, should remain apolitical.
  • Sanctions do not disrupt access and use of the Internet. Where needed, sanctions regimes should offer exemptions to ensure continued service of Internet infrastructure.

We must protect the open, globally connected Internet and hold governments and service providers to account for their actions. Safeguarding one of humanity’s best tools to solve global challenges is everyone’s responsibility, especially in times of crisis.

The United Nations Economic and Social Commission for Western Asia (ESCWAlaunched today the eCommerce Acceleration Programme (eCAP), with the support of the ICC-ESCWA Centre of Entrepreneurship (CoE) and the International Trade Centre, to empower Arab small and medium enterprises (SMEs) through their transition journey into online selling.

The eCAP programme will build the capacity of up to 100 SMEs from the Arab region to transition into online selling, either by developing their transactional eCommerce websites or by selling on existing online marketplaces. Participating SMEs will benefit from business and technical expertise, one-year support and critical setup fees to build/optimize the online platform or sell on existing marketplaces, one-on-one coaching, in addition to exposure and access to networking opportunities.

Eligible SMEs must be registered and operational in one of the Arab countries and should have a working product or service that can be sold online. Moreover, SMEs must have an online presence through social media or through an existing website not fully optimized, and should be willing to dedicate 1-2 team members for the project.

SMEs can sign up to the programme here by filling in the online application form, which is available in EnglishArabic, and French. The deadline for submitting the online application form is 20 April 2022 at 23.00 Beirut time (GMT+3).

An informative session is being hosted on 7 April. Enroll here to learn more about the eCAP programme and to ask your questions.

Costa Rica’s Solirsa plant processes a steady stream of e-waste – everything from discarded computers, smartphones, and tablets to disused batteries, printers, chargers and other electronic devices.

The Central American country of five million inhabitants is known for its rich biodiversity. This vital waste-management operation northwest of the capital, San José, is helping Costa Rica tackle the dirty side of digital transformation and close the production loop for information and communication technologies (ICTs).

Operators at Solirsa – an acronym for Integral Recycling Solutions – manually dismantle dust-coated equipment and separate the parts based on component materials. E-waste shipments are then prepared for recycling, smelting, or chemical treatment to create new products at other facilities.

Costa Rica generates 67,000 tonnes of e-waste annually – the region’s highest output per inhabitant. But the country also collects and treats 8 per cent of this, the highest share across Latin America, according to its first regional e-waste monitor report.

The report is part of a project coordinated by the United Nations Industrial Development Organization (UNIDO), which aims to extend technical and financial assistance to 13 Latin American countries to better manage digital discards. Worldwide, e-waste has become one of the most challenging consequences of rapid technology uptake.

A fundamental building block

How to manage e-waste sustainably was one of the challenges discussed at the Global Standards Symposium held earlier this year by the International Telecommunication Union (ITU). The problem is particularly acute in developing countries, which may receive waste shipments from richer parts of the world.

“A large share of used consumer electronics from developed countries are shipped to the Global South for processing and recycling, due to less strict environmental rules and lower costs,” explained Susanne Pedersen, Director of the Copenhagen Climate Centre for the United Nations Environment Programme (UNEP).

Annual e-waste production is projected to swell to 74.7 million metric tonnes (Mt) in 2030, up from an estimated 53.6 Mt in 2019.

In the long run, achieving environmental sustainability will depend on committing to the circular economy, incorporating environmental considerations into national digital transformation strategies, and adopting relevant international ICT standards, symposium participants said.

In its Connect 2030 agenda, ITU set a target to increase the global e-waste recycling rate to 30 per cent and raise the percentage of countries with e-waste legislation to 50 percent by 2023.

“Standards are a fundamental building block for shaping a sustainable digital transformation,” said Paolo Gemma, co-Chairman of the ITU Focus Group on Environmental Efficiency for Artificial Intelligence and other Emerging Technologies. “They can help define what is sustainable and provide the necessary guidance to implement it.”

Tech companies and organizations, he added, need to accelerate their own net-zero efforts and simultaneously “see the potential of ICTs to help other sectors achieve sustainability.”

A language to address everyone

Digital technologies and services could account for as much as one-fifth of global electricity demand by 2030, with one-third of that coming from data centres alone, experts say.

The Focus Group co-chaired by Gemma reports to ITU-T Study Group 5, ITU’s standardization expert group for environment, electromagnetic fields and circular economy – where governments, industry and academia are working together on international standards to curb the high energy consumption of ICTs.

These standards include sustainable power-feeding solutions for 5G networks, as well as smart energy solutions for telecom sites and data centres that prioritize the intake of power from renewable energy sources. They also cover the use of AI and big data in optimizing data centre energy efficiency and innovative techniques to reduce the energy required for data centre cooling.

Another new standard provides new power-supply technologies and specifications to promote the upgrade of industry technologies towards greener solutions.

Even if environmental impact varies from place to place, international standards can unite people, countries and regions, enabling them “to talk the same language” about digital sustainability, said Per Beming, Vice President of Standards & Industry Initiatives at Ericsson Group.

Digital transformation strategies, whether governmental or corporate, must leave no one behind, added Costa Rica’s Vice-Minister for Science, Technology and Telecommunications, Teodoro Willink. This means being applicable and accessible regardless of people’s origin, age, and social or economic status.

“Digital transformation is not sustainable if I can stream a 4K movie using Wi‑Fi at home in the city, but there are a half million rural children in Costa Rica who can’t access remote basic education,” he said. “It is not sustainable if my own aunt thinks she should change her phone just because it ran out of storage space.”

Learn more about key ITU standards for green ICTs, including emission-reduction trajectories for the ICT sector to cut its emissions by 45 per cent, in line with the 2015 Paris Agreement.

IDB Lab, the innovation laboratory of the Inter-American Development Bank (IDB) Group, will invest $1.5 million in Brazilian startup, Dolado, to promote the digitalization of micro, small, and medium-sized enterprises (MSMEs) operating in Brazil’s favelas. This capital will allow for the development of a platform that provides small merchants with access to credit and supply chains, as well as management tools that are custom-tailored for their specificities.

Nearly 14 million low-income people live in these informal settlements whose businesses are affected by weak supply chains along with inefficient logistics, high prices, poor payment terms, and poor customer service experiences. IDB Lab’s investment, which joins Valor Capital, Flourish (Omidyar Network Group), Clocktower Ventures, GFC, and Endeavor in a $10 million investment round, will directly benefit more than 35,000 MSME owners and indirectly benefit favela consumers who shop locally and lack access to digital payments or have otherwise been neglected by online shopping and merchandise delivery channels.

Dolado provides a platform allowing merchants a complete digital experience, including an electronic catalog to share with users, finance management, lines of credit or acquisition of goods to resell, the benefits of wholesale purchasing, connections with suppliers, payment terms, safe delivery, and returns. This system makes it possible to overcome the traditional transfers of small merchants to large cities to acquire the products that they will use for sale, avoiding security problems and purchases from illegal distributors, and further formalizing the process.

Putting technology at the service of the most vulnerable allows us to advance by leaps and bounds in inclusion,” said Irene Arias, CEO of IDB Lab. “The digitalization of small and medium-sized companies operating in Brazilian favelas opens new paths that will translate into both a positive and disruptive impact for underserved populations.”

IDB Lab’s direct financing of this business model, focused on favela communities, is one more step in the IDB Group’s support of early-stage companies using technology and innovation to advance financial inclusion for the benefit of vulnerable communities and joins other initiatives developed by the innovation laboratory in the region. One of them, INTEcGRA, launched an open call in September 2020 to support projects contributing to the continuity and resilience of independent neighborhood stores affected by the COVID-19 pandemic in Latin America and the Caribbean. The call, led by IDB Lab, had the collaboration of IDB Invest, the IDB’s strategic alliances office, and a significant group of large consumer goods companies to finance projects currently in the disbursement phase or close to approval.

This investment is part of IDB Lab’s new direct investment thesis which prioritizes early-stage startups (late seed series to series B), addressing the most relevant development challenges facing Latin America and the Caribbean.

In 2016, the top 1% of the world’s population owned half of the global wealth. But for the past two years, the income of 99% of the global population has worsened while the income of the top 10 richest people has doubled, of which eight out of ten are Technology Titans.

Digital transformation is one of the most crucial factors changing modern human life – from steam engines, electronic machinery, digital computers, and artificial intelligence (AI). Recent AI-related technologies include Software as a Service, Robotics, the Internet of Things, and Virtual Reality.

In the last decade, the annual number of installations of industrial robots worldwide has more than doubled, with more than 400,000 in 2021. China, Japan, the US, Korea, and Germany accounted for 76% of total industrial robot installations.

In the last 5 years, investment in AI increased by almost six-fold from USD 13 billion in 2015 to USD 68 billion in 2020. Brazil, India, Canada, and South Africa are among countries with the highest growth in AI hiring.

Digital Transformation reduces the costs of sharing information leading to unprecedented changes in what and how we trade. The pandemic has even accelerated digital transformation and digital trade. The development of digital trade includes digital payments and digital services delivery.

Global retail e-commerce sales in 2020 increased by almost 30% from 2019 levels (Statista, 2021). In 2020, around 24% of firms received orders online and over 40% of firms placed orders online (UNCTAD, 2022).  Digital trade reached USD 4,9 trillion last year, is estimated to reach USD 5,5 trillion this year, and more than USD 10 trillion by 2030.

Overall, digital transformation improves productivity and trade. Technological advances can work faster and in greater precision and accuracy, and thus reduce production and operational costs. Industrial robots and AI can also help markets to function more efficiently and will improve human welfare overall.

While digital transformation improves productivity and trade, it also raises inequality in at least two ways. First, displacement effects: capital and technology take over tasks previously performed by labor and automation reduces the share of labor in value added. This displacement will impact both employment and wages, particularly for less-skilled workers who can be replaced by robots and AI.

Second, premature deindustrialization effects: digital transformation may also impact developing countries, including potential premature deindustrialization and disappearance of manual and routine jobs.

On top of inequality issues, we face key challenges in Digital transformation including Digital Trade. First, Privacy: private individual information and data are exposed to services providers, including pervasive exchange of data that has fuelled concerns about the use and misuse of data.

Second, Cyber Security: the expansion of rapid digitalization and the use of data by businesses and consumers for communication, digital trade, and as a source of access to information and innovation, comes along with increased threats: threats against data, against systems, and against people.

Third, Competition: technological advancement enables firms to produce and operate in massive economies of scales, leading to market concentration. Market concentration reduces competition and can create barriers to MSMEs and start-ups resulting in an unlevel playing field, with big tech players using integration as their strategy to dominate markets and capture more revenues at the cost of consumers.

Last, Digital Divide: digitalized systems and digitally deliverable goods and services still account for lower shares in the least developed countries than in other parts of the world. To give you an idea, only 2% of the population in low-income countries conducted digital trade. Countries, firms, and individuals are varying greatly in their digital trade readiness depending on education, skills, and infrastructure.

Considering the advantages and challenges of digital transformation and digital trade, what can G20 do?

First, it is important for G20 to implement the commitments made in digital transformation and digital trade, including among others the Industrial Revolution Action Plan, Roadmap for Digitalization, and recently the Adoption of AI. What we need now is to operationalize and implement these frameworks and commitments.

Second, improve the quality of key digital enablers, including data security and data governance, law and regulations, digital infrastructure, and skills. This requires G20 commitments to ensure digital inclusiveness for all.

Third, promote efforts to improve individual preparedness as digital transformation at the end is about people. G20 should promote efforts to improve preparedness for digital and AI technologies to reduce digital divides within and between countries. This calls for better G20 cooperation in providing incentives for ‘good technology’ adoption for developing countries.

Last, improve the quality of privacy law and competition/antitrust law, and it is crucial to ensure its implementation of them worldwide.

It is a must for G20 to ensure ‘Digital Transformation: Development for All’.

This is a guest post about digital entrepreneurship by Sunny Business Services, an experienced corporate services provider helping founders of Estonian companies with the full range of business services. A member of the group, e-resident store by Sunny, has been serving e-residents since 2015 and is an authorised member of the e-Residency Marketplace.


More and more, entrepreneurship takes place digitally. And thanks to secure digital identity solutions like e-Residency, digital entrepreneurship is easier than ever.

When it comes to speed and access, technology seems to get faster and more open all the time. Digital transformation across the globe has had ripple effects across the way we live, work, do business and spend our free time. Entrepreneurship has itself transformed digitally.

More and more, entrepreneurship takes place within the digital environment. The pandemic has made businesses adapt to use digital solutions – like online stores and selling platforms – at a fast rate too. And, thanks to secure digital identity solutions like e-Residency, access to entrepreneurship is easier than ever. In this article, let’s dig a little deeper into the concept of digital entrepreneurship and learn how to get started.

What is digital entrepreneurship?

Digital entrepreneurship can be thought of as a subset of entrepreneurship – which put simply is really just self-employment. To be a bit more descriptive, entrepreneurship is the set of efforts, opportunities, and projects in which a person or a group finds a way to create an innovative company or solution, not only with the idea of ​​making money but also of adding value for consumers and society.

Now, extend this clear idea of entrepreneurship into the digital environment. Imagine an undertaking – be it a company, product or service – that is carried out through digital platforms and social networks. This is digital entrepreneurship.

The digital world has reduced the barriers to start a new business and offered various paths to develop it. Through the digital environment, you have the possibility of starting an online business without investing too much money.

What does it mean to be a digital entrepreneur?

Digital entrepreneurship won’t generally suit the traditional business model of offering a product or service to a local market. Now, the focus of the business is broader – maybe even global. And digital tools help the digital entrepreneur know the habits and behavior of all their customers. In this way, you are able to detect new opportunities and implement new business models.

Digital entrepreneurs must adapt to the local particularities of their target audience and generate content that is relevant to said audience and in line with their brand identity. In addition, it is essential to know the competition and what actions they carry out within the market. On the other hand, a digital entrepreneur must know the necessary tools to optimize their content and time invested.

Get started in digital entrepreneurship

There are several stages to starting a digital business. The beginning can be intimidating – perhaps you think there are many obstacles – and so getting started is often the hardest part. Here are our some of our recommendations to overcome your doubts.

Analyze the current situation

At this point, it is necessary to carry out both an external and internal analysis. Analyze the strengths, weaknesses, opportunities, and threats within the sector/industry of interest.

Define the undertaking

After analyzing the market and the competition, the important thing here is that you can define your project’s vision – the ‘why’. This can help you be clear about what kind of digital entrepreneurship you want to carry out.

Set goals

Clear objectives are essential to do business online. At this point in your journey towards digital entrepreneurship, the most important thing is to establish SMART goals. This means that they must be: specific, measurable, achievable, relevant and that they can be achieved within a particular time.

Define your branding strategies

The important thing here is to establish brand values ​​that differentiate you from the competition and thus achieve relevance within the market. To do this, you must know what your strengths and weaknesses are.

Make a marketing plan

Making a marketing plan will be helpful for your digital entrepreneurship, as it will help you direct and position your business in the market. A good marketing plan is essential to achieve more visibility and reach a wider audience.

Monitor and analyze the results obtained

For your digital entrepreneurship project to grow, it is essential that you study the results you have obtained. In this way, you will be able to know where to invest more time and money and what to improve. It’ll help you to optimise your business and also give a complete picture of how its doing.

Digital transformation calls into question traditional business models and positions digital entrepreneurship as a job of the future. A high percentage of the future professionals will be independent entrepreneurs who create their projects and rely on digital tools to carry them out.

Why is estonia a paradise for digital entrepreneurship?

The rise of digital companies in Estonia is not a coincidence. It’s a causality of the opportunities offered by their commitment to technological development, entrepreneurship, and innovation. Estonia is the country with the fastest growth within the EU and the most entrepreneurs per capita in Europe. It’s also number one in tax competitiveness, adding to high levels of transparency and trust in its people and companies. In short, a truly digital nation. Capital city Tallinn was recently named Europe’s second most enterprising city after Cambridge in the UK. These two cities beat London, Paris and other major commercial centres to top spot.

In Estonia, the creation of a company is easier and cheaper than in most other countries. With e-Residency, foreigners are afforded with a unique, state-issued digital identity. This secure ID is the key to the country’s business environment. It provides access to a wide range of online services, such as creating a company and filing annual reports. Plus, e-residents can call on expert service providers from the e-Residency Marketplace to help with company formation, bookkeeping, and taxes.

E-Residency is designed above all for the business world. So more and more digital entrepreneurs can establish and manage their business online in Estonia. And with it, they can access the whole European market and beyond.

E-Residency is the first step to Digital Entrepreneurship

  • Create and manage an online company.
  • Open an account at the bank. Estonian banks require at least one personal visit, and the final decision is up to their KYC decision-making policies and procedures.
  • Declare and pay company taxes in Estonia. It is essential to keep in mind that Estonia is not a tax haven. Your company may have tax obligations in another country if it has a Permanent Establishment there.

At Sunny Business Services, we share a passion for entrepreneurship without borders and digitalization. We are convinced of e-Residency and the benefits it offers. And we can help you register your Estonian company and give you the banking and accounting support you need.

Access all our services here on our website.

Setting up a company in Estonia and managing it from anywhere is possible thanks to the e-Residency program. And we can help you every step of the way. Access the advantages of being immersed in the digital world without the need to be physically in the country or the European Union.

Now you know everything you need to get digital company status in Estonia. At Sunny Business Services, we are waiting to help you take the next step!

If you are in Spain or in a Spanish speaking country or person and willing to know more about digital entrepreneurship in Estonia, are group member Sunny Latam is ready to help you too.

Contact us at Sunny LATAM.

Game-changing innovation has a key role in supercharging the sustainable development of Commonwealth member countries.

Opening the latest in a series of Data, Technology and Digitalisation workshops organised by the Secretariat, Secretary-General Patricia Scotland emphasised how transformative technologies, combined with good quality accessible data and digital skills, are part of the Commonwealth’s vision and practical action towards a more inclusive world.

The Secretary-General said: “I am delighted to open an event with such distinguished experts, who will guide us through the process of applying transformative technologies in all kinds of situations – whether tackling entrenched inequalities, sudden crises, natural disasters or the pandemic.”

Ground-breaking technology

The Secretary-General cited examples of how ground-breaking technologies have the potential to improve the design, implementation, and evaluation of public policies.

In Nigeria, it is estimated that a move by the government to digitise payments could save nearly 2% of the country’s entire GDP.

“When governments put technology into practice millions of people can be helped,” she said.

The Secretary-General said this was particularly evident in Sierra Leone during the Ebola outbreak when some emergency responders had to leave their patients for days to collect payments from a regional office.

“By introducing a mobile wallet system, the government was able to save lives and better allocate resources where they were needed most.”

Other transformative technologies speeding up the pace of change across the Commonwealth include the use of Chatbots to improve national Covid response in South Africa, drones to deliver medical supplies in Rwanda, digital identity to enhance government service provision in India, 3-D printing in various sectors in Jamaica and blockchain in supply chains in Canada.

Benefits for all citizens

The Secretary-General said: “These technologies are there for our member states to exploit in pursuit of the Sustainable Development Goals, and the delivery of national and regional priorities. And I can assure you that the Commonwealth Secretariat is totally committed to supporting our member states to harness transformative technologies – for the benefit of every one of the Commonwealth’s 2.5 billion citizens.”

The webinar was delivered virtually through panel discussion, expert presentations, and impact stories, with aim to contribute to the Secretariat’s agenda on technology and digitalisation and outputs to be used to enrich discussions leading up to CHOGM 2022.

Advances in technology – from the invention of the transistor to the fourth industrial revolution – propel substantial shifts in the skills needed on the labour market.

Social and digital skills are mandatory for success in today’s job market. Yet scarcity persists for these skills worldwide – especially in developing countries, and most acutely in Africa.

The digital skills shortage requires educational and capacity-building organizations, along with all other stakeholders, to urgently reform their training programmes. Only then can they equip the workforce with the necessary skills for countries’ economic development in the digital era.

Indispensable competencies

According to the United Nations Commission on Science and Technology Development, “digital skills” entail the indispensable competencies any individual needs in order to use information and communication technologies (ICTs) effectively in their personal or professional life.

To participate actively in modern digital life, people need a range of digital skills.

Constraints imposed by the COVID-19 pandemic stimulated even greater demand for digital solutions and competencies. But some of these changes made a permanent imprint.

Now, we are starting to witness a post-COVID boom in digital solutions, platforms, products and services, which further amplifies the need for digital business processes and a digitally skilled workforce.

Types and gaps

People’s digital skills can be broadly categorized as basic, intermediate, and advanced. Basic digital skills relate to basic manipulation of digital devices, email communication, web search and online transactions; while intermediate skills relate to professional use of business software and data management. Advanced skills relate to data analysis, software development and high-level computing competences in the range of emerging technologies such as artificial intelligence and machine learning.  While the precise nomenclature is context-dependent, many job profiles require basic and intermediate digital skills, while high-tech industries call for advanced or specialized digital skillsets to sustain innovation momentum.

While digital skills gaps have been noted by employers worldwide, managers across Africa are witnessing how a relative lag in digital readiness is increasingly hindering the continent’s competitiveness in the global economy.

The majority of developed countries, along with some Asian and Latin American states, have adopted frameworks to measure digital skills across their populations, as well as to support the development of education and training materials. In contrast, most African countries still lack a comprehensive digital skills framework.

More than half of school-age children and adolescents in developing countries fall short of the minimum proficiency levels in mathematics and reading. The lack of this foundation, even by the time they complete primary and lower secondary education, impedes their acquisition of digital skills.

The way forward

The time has come to turn digital skills challenges into opportunities. New and emerging digital technologies are creating millions of jobs, requiring people to learn new, initially unfamiliar, skillsets. For new graduates, the window is currently wide open for to add digital skills and information-technology certifications to their resumes and to pick the best tech jobs.

Still, any country’s success on this journey requires high-level synchronization between all stakeholders, from government leaders to the everyday citizen.

Decision-makers need to create an enabling policy environment, education providers need to address the surge in digital skills demand, and the private sector needs to invest in the workforce alongside all the other infrastructure and solutions to enable sustainable digital transformation.

Multi-stakeholder dialogues are needed across the public and private sectors to identify the key skills and competencies for tomorrow’s digital workforce. Education systems must also be adapted for the digital era, addressing the needs of the planet as well as each country, region, and locality, with sufficient investments in distance education for the most vulnerable.

Adapted from the article Skill sets required due to the digital transformation by Gedeon Hakizimana. Read the full article in Digital Skills Insights 2021.

Even in 2022, women’s participation in formal economies across the world is often limited.

As entrepreneurs, women experience limited access to hired labour, equipment, technology, training, finance and markets. For women retail customers, their ability to travel and move around, participate in markets, gain employment, and open and use financial accounts can often be defined by country specific and local gender norms. Coupled with lockdowns and social distancing, the challenges women face to access services and goods have become even more pronounced because of the pandemic.

However, digital platforms can be an important avenue to empower women across the world. If designed correctly, these platforms offer the opportunity to access skills, markets, customers, partnerships, and more. In a world, where women and girls tend to be digitally excluded more often than men, many women users – both women entrepreneurs and women retail customers – struggle to partake in the digital economy and connect to digital platforms.

Advancing digital and financial inclusion with the help of digital platforms can help ensure that women are not left behind and have access to services to increase their quality of life. But what can we do to help more women log on to digital platforms?

UNCDF organized a technical assistance workshop (‘Chicken or Egg’) to help partners from the Women Enterprise Recovery Fund (WERF)* find solutions to engage more women on digital platforms. The WERF is helping ten private sector partners from Bangladesh, Cambodia, Indonesia, Nepal and Viet Nam with COVID-19 economic recovery and digitalization solutions for women enterprises. These solutions represent a range of cutting-edge, innovative business models, including agritechs, insurtechs, digital supply chain financing, e-commerce platforms, digitally enabled lending, and digital and financial literacy training portals.

Why was there demand for a gender-lens technical assistance workshop?

Women’s economic empowerment is a priority area for UNCDF. All performance-based agreements between UNCDF and the WERF partners require the achievement of specific targets for the number of women users on the partners’ digital platforms. However, many partners struggle with meeting these targets.

Through the technical assistance workshop born out of a series of interviews with the WERF partners over one and a half months, UNCDF Senior Advisor and Lead Focal Point on Gender Equality, Nandini Harihareswara, provided data and evidence-backed solutions to the challenges faced by WERF partners. Many of these solutions leverage the UNCDF Inclusive Digital Economies and Gender Playbook.

The Playbook is a practical tool to help policymakers and practitioners address the common constraints women face across the world in being financially and digitally included in their communities and economies. Applying the insights from the Playbook and other relevant research to the specific challenges the WERF partners shared during conversations in the preparation for the workshop, Nandini shared eight challenges partners face across platforms and solutions on how to overcome them to increase the number of women users, and ultimately help women become the builders of digital economies.

What are the eight challenges and how can we solve them?

1. COVID-19.

The pandemic has forced businesses to close, reduced mobility of business owners, especially women, and, depending on the nature of lockdowns, obstructed the launch, delivery and production of goods and services. To combat the effect of the global crisis, digital finance service providers could offer women-owned businesses smaller lending amounts with more flexible repayment terms. In addition, they could demonstrate via video and word-of-mouth, financial and digital inclusion success stories with similar personas in COVID-19 settings, and allow users to try lending platforms with test user profiles and ‘fake money’ so they do not have to worry about losing funds if they “push the wrong button”. COVID-19 has brought many challenges to entrepreneurs, and it has also in some ways lowered the risk tolerance for women entrepreneurs taking on debt, especially in new, digital forms.

Source: Women And E-commerce In Southeast Asia, IFC, 2021

2. Incomplete user journey analysis.

User journeys are not a single process done in the beginning of product development. It is important to see it as an iterative process deployed at a good frequency. Many partners either had not conducted a user journey analysis, or had only done it once, at the beginning of their product launch. The analysis needs to be conducted with users themselves – not just staff or internal teams – to truly know the differences between “expected” and “reality” for the user experience. The user’s perspective on how long it takes for them to be informed a decision has been made, for example the acceptance of their product for an e-commerce platform or loan approval for a lending product plays a key role in the user journey analysis. The Center for Financial Inclusion provides a helpful overview of how to conduct a user journey analysis.

Source: Charting the Customer Journey, Center for Financial Inclusion, May 2019

3. The lack of investment in data and iterative testing.

While most partners collect sex-aggregated data of their users, not all invest in data collection and usage infrastructure, which includes systems, internal policies, and dedicated personnel. They may know the gender of some people along their stakeholder value chain – including entrepreneurs, retail customers, agents and channel partners – but not necessarily all of them. Comprehensive data collection can and should play a key role in iterated product development.

4. Sub-optimal recruitment strategies.

Recruitment is essential to increasing the number of women users. The WERF partners use one or more of the following three methods of recruitment:

  • Partnerships. 60 percent of partners use organization collaborations as a recruitment strategy. Some of these partnerships also play a role in relationship management between users and financial institutions, mainly banks and microfinance institutions, nongovernmental organizations, local government programmes, and associations. Reaching out to fast-moving goods companies and women’s groups could improve the onboarding of women users on digital platforms. Despite the wide range of partners they have, the WERF partners often did not know or recognize the power structure between the intermediary partner and individuals representing that partner and potential users. The analysis of the gender dynamics and the understanding of the financial and non-financial incentive structure can help the intermediary partners to successfully recruit and retain women users.
  • Informal online commerce. About 40 percent of WERF partners use some form of informal online commerce, for example Facebook, Instagram or WhatsApp, as a recruitment tool, but it might be underutilized in some contexts. CGAP gives a very good set of personas to better understand the kinds of users that use informal online commerce as channels, what drives them, and how they can be more easily recruited in their Business Her Own Way: Creating Livelihoods Through Online Commerce Focus Note.

Source: Business Her Own Way: Creating Livelihoods Through Online Commerce, CGAP, 2021

  • Agent networks – About 55 percent of WERF partners rely on an agent network to recruit, manage and retain women users as part of their platforms. Incorporating an agent journey analysis could help determine success factors and “headaches” for agents. This analysis could include the examination of the gender dynamics and incentive structures coupled with a better understanding of the tools and training that the members of the agent networks use through formal feedback loops with the agents. Helix Institute’s report on successful agent networks is a specifically helpful and eye-opening piece of research for such an analysis.

Source: Successful Agent Networks, Helix, 2016

5. First-generation vs second-generation users’ challenges.

Almost all the WERF partners aim to recruit different kinds of women users to their platforms. First-generation women users lack a phone or a bank account, which are often a precondition for using the digital platform. Second-generation women users have a phone and a bank account, but they face secondary challenges – in the words of one of the partners: “They can send a WhatsApp, but they can’t send an email”. The partners’ business models can help these challenges as well as partnering with other organizations who work to increase access to phones and bank accounts.

6. Trust in digital lending.

Some users have direct or indirect poor experiences with digital lending. Trust in new products and businesses can be very low, especially when there is little risk tolerance. USAID and NetHope’s paper The Role of Trust in Increasing Women’s Access to Finance Through Digital Technologies provides a useful framework that connects trust to the active use of products.

The three most relevant questions from this framework to ask to increase trust in digital lending are:

  • Do you think the users understand and trust the product recourse system and how do you know this?
  • Do you have a trusted advocate, and how do you know they are trusted?
  • Do users have a technical understanding of the product?

7. Training vs. lending products.

Most of the digital platforms have both training and lending components. However, the lending product is usually not a strong part of the recruitment process. Including it earlier in the user journey as a “teachable moment,” even with a game with “fake money” or a demonstration product, could make a digital platform more enticing and appealing for users while reducing their risk concerns. Given that digital lending products that do not require collateral address a real problem for women, it might accelerate their understanding of how and why they should use them.

8. Social and cultural norms.

Gendered social norms, or gender norms, are defined as the collectively held expectations and perceived rules for how individuals should behave based on their gender identity.” There are strong links between gender norms and women’s behaviour, linked to their access and use of digital products stemming from women not having a phone or being digitally literate. Second-generation women users are also constricted by gender norms – often their households and communities believe they would be “better at detail-oriented” tasks rather than a management role. As a result, they do not take on the leadership role of the growing enterprise.

CGAP suggests four ways to address gender norms that challenge women’s access to and usage of financial products. These four categories match well with the recommendations to improve recruitment strategies and could be done in combination with such efforts:

  • Leverage partnerships and local organizations. Local nongovernmental organizations, United Nations agencies and others may be already tackling these challenges, and by creating partnerships with them, in addition to using this as a recruitment tactic, may serve to help address barriers to onboarding to digital platforms.
  • Identify champions. Identifying women champions to be digital platforms advocates – including through promotional videos – can help women and their families visualize how to address the relevant gender norms. The champions are those who have had positive gender-transformative experiences with the product that have benefited their community or household.
  • Support capacity-building. Since most projects include a digital and financial literacy training, capacity-building can also include engagement at key milestone periods that could address gender norms in a community.’s Women & Money life stages report gives good examples of how to do this.
  • Engage gatekeepers. “Working with men [and other leaders in a community] is critical as they are often the gatekeepers of customary practices that limit women’s access to resources or public spaces.” Gatekeepers can reflect on their role as enablers for women’s digital and financial inclusion and understand their perspective on relevant gender norms.

Source: CGAP, Technical Guide: Addressing Gender Norms To Increase Financial Inclusion, 2021

Chicken and egg: Supply balancing demand

The “Chicken or Egg” workshop reflects the challenges that private sector partners face in increasing the number of women users. In the old days of digital financial services, this issue reflected the necessary balance between attracting sufficient active customers and increasing the number of agents to create financially sustainable business models. Nowadays, e-commerce platforms need to both increase the number of retail customers and attract vendors to use the platform.

Sometimes the rise in retail customers and the uptake in vendors go hand-in-hand as women bring in their traditional brick-and-mortar customers onto the platforms. Other times it is mutually exclusive. Some digital lending platforms require a user to use their platform for a set time, for three or six months before sufficient data are collected for them to successfully lend to them using a data algorithm as a replacement for collateral as a risk mitigant. But how do we encourage users to actively engage on a platform long enough for them to a) improve their required financial and digital literacy skills and b) generate sufficient data to provide them with an incredibly helpful service?

The answer lies within the eight challenges and solutions shared above. The better you understand and invest in your customer, partnership channels, and data, the more you can create the virtuous cycles to address the “chicken or egg problem”. The research to address this question begins with the 4 Pillars of Ecommerce Profitability.

UNCDF is committed to helping our partners address these challenges as part of our Vision Equal Economies and making Women Builders of Digital Economies.


* The Women Enterprise Recovery Fund is supported by the Dutch Entrepreneurial Development Bank (FMO), the Government of Canada, and Visa Inc. The Fund is jointly implemented by the United Nations Economic and Social Commission for Asia and the Pacific (ESCAP) Catalyzing Women’s Entrepreneurship programme in partnership with the United Nations Capital Development Fund’s (UNCDF), under its “no-one left behind in the digital era” strategy. The Fund is hosted by UNCDF’s Fund Facility Investment mechanism, through the UNCDF ASEAN programmatic agenda, which is supported by the Australian Government.

Development through digital transformation has gained significant traction over the last two years. United Nations agencies and other stakeholders have relied substantially on the digital component in their ongoing assistance to countries amid the COVID-19 pandemic.

Their ability to leverage digital progress has helped build resilience – and will remain crucial as the world recovers and, hopefully, builds back better.

But the pandemic is not the only crisis where information and communication technologies (ICTs) have come to play a fundamental role. Just a few months ago, the UN Country Team in Ukraine was finalizing its Digital Development Country Profile, broadly analysing the country’s digitalization status, providing updates on national and regional projects and activities, equipping decision-makers to advance digital development, guiding UN engagement in the country.

According to the latest International Telecommunication Union (ITU) data, 75 per cent of people in Ukraine used the Internet in 2020. Although this falls below the European average of nearly 85 per cent, Internet use grew steadily over the past decade. But what is Ukraine’s digital and ICT situation now?

The ITU Council recently adopted a resolution on “Assistance and support to Ukraine for rebuilding their telecommunication sector”. I was very pleased to see this reaffirmation of how ICTs can drive development and peace, and we at ITU look forward to implementing it in collaboration with UN partners once the war is stopped.

Expanding information and knowledge societies

Almost 20 years ago, the World Summit on the Information Society (WSIS) laid out a vision for a world where everyone can create, access, utilize, and share information and knowledge online.

Since then, more people have had access to ever more promising technologies. As the recent UN progress report on the implementation of the WSIS outcomes notes, many expectations relating to technology and services have been exceeded—and successive waves of innovation in digital technology have shown significant development potential.

During my tenure as ITU’s Deputy Secretary-General, I have seen the WSIS community grow in diversity and strength. It now includes innovative thinkers, policy-makers, mayors, civil society, and business leaders from developed and developing countries alike – each bringing new perspectives.

The WSIS Forum is exemplary in bringing people together from around the world with the simple but powerful objective of sharing good ideas on practical ways to bring the benefits of the Information Society to people everywhere, making a real difference to people’s lives. Initiatives like the WSIS Stocktaking Repository of Women in Technology, the WSIS Multi-stakeholder Alliance on ICTs and Older Persons, and the WSIS Youth Campaigners embody this collaborative spirit, and seek the widest and most equitable distribution of digital assets and benefits.

The Forum’s interactive and far-reaching agenda highlights the benefits of ICTs in education, health, financial inclusion, climate change, accessibility, cybersecurity, smart cities, and more. This diverse and inclusive dialogue has been a driving force in extending global connectivity.

What’s next for WSIS?

The annual Council session over the past two weeks reaffirmed ITU’s leading role in the WSIS process in line with the wider pursuit of UN Sustainable Development Goals. The Council also appreciated the roadmap proposed by ITU Secretary-General Houlin Zhao for a 20-year review, with a focus on implementing the WSIS Action Lines for future global digital development beyond 2025.

Implementing WSIS outcomes is a collective effort. ITU looks forward to working closely with the UN Commission on Science and Technology for Development (UNCSTD), the UN Group on the Information Society (UNGIS), and other UN Agencies involved, as we continue advancing digital collaboration for social good.

Towards a sustainable digital future

Now, more than ever, the keywords are collaboration, coordination, and cooperation – nationally, regionally, and internationally. These objectives are on prominent display at ITU this year, with three of our global conferences happening in the span of a few months.

The World Telecommunication Standardization Assembly in early March highlighted how digital technical standards can help create a more prosperous and sustainable future for all. The World Telecommunication Development Conference – set to take place in Kigali, Rwanda, in June – promises to mobilize unprecedented partnerships for global connectivity.

The proposed roadmap on the 20-year WSIS review, looking beyond 2025, will be submitted for consideration at the Plenipotentiary Conference, ITU’s highest decision-making body, which is to meet in Bucharest, Romania in September and October.

Discussions on the roadmap will continue at this year’s WSIS Forum, with weekly virtual sessions now underway. WSIS Forum 2022 will conclude with a week of both online and physical sessions at ITU Headquarters in Geneva, Switzerland, between 30 May and 3 June. By participating actively in either format, you can help us shape a more sustainable digital future.

Let us focus on what unites us and not what divides us. Together we can build peaceful, sustainable societies and economies, where everyone, everywhere enjoys the many opportunities digital technologies can bring.

Based on Mr. Johnson’s remarks at the 25th session of the United Nations Commission on Science and Technology for Development.

Listen the interview at Radio Davos

It’s boom time for cyber criminals trying to make easy money by taking computer data hostage and demanding ransom. As online working surged during the pandemic, so did cybercrime – ransomware attacks rose 151% in 2021. The World Economic Forum’s Global Cybersecurity Outlook found there were on average 270 cyberattacks per organization that year, with each successful cyber breach costing a company $3.6m.

On this podcast, we speak to Jim Guinn, Senior Managing Director Security, Strategy and Consulting Lead at Accenture, a company that had its own, well-publicized ransomware attack last year, and to Algirde Pipikaite, Cybersecurity Strategy Lead at the World Economic Forum.

And to talk about how ransomware can often be considered ‘ransom-war’, we speak to Alex Klimburg, head of the World Economic Forum’s Centre for Cybersecurity.

Read the Forum’s Global Cybersecurity Outlook 2022.

This is a transcript of the interviews from the Radio Davos episode: ‘Ransom war’

Alex Klimburg, Head, Centre for Cybersecurity, World Economic Forum: Ransomware is one of the rising political weapons in cyberspace. I actually, in my publications, have referred to political ransomware attacks as ‘ransom war’. It’s certainly the weapon of choice in cyber conflict in the last couple of years.

Ransomware attacks have been part of the global landscape for a while now, but we can go back to around 2015, 2016, when a group of cyber actors, criminal hackers, but probably intelligence service, secured themselves an NSA cyber weapon called EternalBlue. So, EternalBlue was a massive Windows exploit, a security vulnerability in the Windows operating system that was very difficult to patch and was unknown at that time. So, basically, anybody who had this vulnerability would have access to any Windows machine.

And that tool, supposedly maintained by the US intelligence service, was stolen by this hacker community and put online. Now the suspicion in 2016 around the US elections was that this was actually Russian military intelligence that was trying to not only embarrass the US intelligence but also try to cause problems by creating more cyber criminal activity – the more cyber criminal activity occurs, the more busy the cyber defenders are, the more difficulty they have dealing with cyber crime activities and also then cyber war and cyber intelligence activities. So, basically, it’s a bit of a win-win sometimes for some actors to increase the level of cybercrime.

So they put out this vulnerability called EternalBlue. And they said, Hey, does somebody want to pick this up? Does somebody want to use this? Nobody actually did, which was kind of bizarre, for a couple of years.

And then suddenly, in 2017, actors that were associated with North Korea put out something called WannaCry. And WannaCry was an extremely destructive ransomware attack that hit, for instance, the UK National Health Service so bad that a quarter of the hospitals were at one point offline. So, to put that in context, there’s no doubt that many people died as a result of this attack. This was quite clearly an attempt to road-test the EternalBlue vulnerability, but also to try to get other actors to see the attraction of ransomware because basically, you could pay to have your data decrypted and restored and returned to you. It wasn’t destroyed in the WannaCry context.

The more cyber criminal activity occurs, the busier cyber defenders are and the more difficulty they have dealing with cyber crime activities, cyber war and cyber intelligence activities.

—Alex Klimburg, Head, Centre for Cybersecurity, World Economic Forum

In theory, it was possible for you to pay money and get your data back, or at least get your system to operate again. It turned out, however, that the hackers were not very responsive to requests of some individuals to effectively get their data released to them. So, therefore it became rather obvious it was more of a political attack. It was more that the attackers were more interested in causing damage than in making money.

So, that attack came and went, and that was pretty bad. But then what happened afterwards was even worse, and that was only six months later. And that was NotPetya. NotPetya has now been considered the most destructive cyberattack ever, and it came out of Ukraine. So it looks like a Russian intelligence or cyber operator intentionally infected a Ukrainian business software company that had links to a number of external companies all over the world. And these companies included, for instance, FedEx and Maersk.

And the ransomware spreads so quickly – two days – and succeeded in causing severe disruption to, for instance, Maersk and FedEx and dozens of other companies that the total damage has now been assessed at over $2 billion, which is quite an astronomical sum. For Maersk alone the damage was 300 million over that particular period, which is one of the highest recorded cyber damages that have ever been been put on paper.

Ukraine was always connected with field testing new cyber weapons. Ransom war attacks were first tested in Ukraine.

—Alex Klimburg, Head, Centre for Cybersecurity, World Economic Forum

And the thing about this attack was is that even though theoretically it was a criminal attack, there were claims that you could get your data back if you only paid a little bit of ransom, there was actually no way to pay. Nobody ever answered the email and there was no data ever decrypted, so it was a fake ransomware attack. It was a ‘ransom war’ attack. The primary intent was to cause damage and political disruption.

So, Ukraine was always connected with field testing and new cyber weapons. Ransom war attacks were first tested in Ukraine, and a lot of the activity that we see right now internationally is sometimes considered to be ransomware really done by actual cyber criminals who are really only interested in money. But sometimes it might be politically minded actors that are more trying to cause disruption. This is the lesson that we learnt from 2017 that it’s an extremely effective weapon both in causing political insecurity, but also raising the temperature overall. So, it’s basically a very efficient tool to use if you want to cause disruption on a massive scale.

Robin Pomeroy: And are we seeing that increase now since the invasion of Ukraine?

Alex Klimburg: What we are seeing is a very high level of ransomware that had already been active previous to the invasion. So, the invasion alert more or less happened already in October of last year and from that period onwards we did see an increase in ransomware attacks across, in particular, Europe. Europe lagged behind North America for quite a while, which is another indication that most ransomware attacks were actually political and not criminal, because Europe would have been just as juicy a target as most American enterprises would have been, but, for political reasons, the US was the primary target, and suddenly the focus started to shift. More European enterprises were hit.

We saw, for instance, a rather significant attack on the fuel retail business in Germany as well as a large oil refinery in Rotterdam. And there’s been a number of other attacks reported, for instance, also in transport companies and similar. Sometimes these attacks have a payment option, but the payment option is either fake, so it takes so long to exercise that it’s effectively useless. Or the amount of data that has been encrypted and which needs to be recovered is so large that it is basically pointless – the data is effectively destroyed.

The cyber weapon of choice these days is ransomware, and very often it is political and therefore really ransom war. Although the lines are intentionally blurred between political actors and cyber criminals.

Company leaders over-confident on cyber risk?

Algirde Pipikaite, Cybersecurity Strategy Lead, World Economic Forum: Actually, I would love to say I’m surprised to see the statistics that you just mentioned but, sadly, I don’t think it was surprising to the cybersecurity community. I think we surprised a lot of CEOs and board members that they feel so much more confident about their resilience and about their ability to respond to an incident if an incident occurs. Jim, what’s your take there?

Jim Guinn, Senior Managing Director – Security, Strategy and Consulting Lead, Accenture: You hit it right on the head. We’ve seen the same sort of trend in all of the years that I’ve participated in trying to help secure critical infrastructure organisations. And the trend is a belief that we have this problem called cybersecurity and we understand it and we can conquer it from the executive level. But then once you start going down into the organisation for the people that have to live it every day, they’re less confident in the ability to thwart an attack because they know that they’re constantly evolving, they’re constantly changing.

So, when you do give a board presentation or a board update at the macro level, at the very high level, and you say, here’s where we are, here are the things that we’ve done to become more cyber resilient, and here’s our journey to continue on that path – in three weeks that may have changed, and the report is already out, your executives have seen it and they’re thinking, gosh, I feel very confident we have a handle on this. But then the climate changes or the environment changes, or there’s Eastern European tensions between two countries which elevate the risk level for all countries. So, things happen so rapidly in cyberspace that the ability for a senior executive to feel very comfortable about one cybersecurity posture versus being actually very strong and resilient are not necessarily always connected. They ebb and flow at various times, and it’s an unfortunate reality of the world that we live in today.

Algirde Pipikaite: Do you think this reality is upon us because we are so massively connected? And does COVID have any role to play with it? Or do you foresee that with kind of the dawn of the [end of the] pandemic, hopefully the cybersecurity situation will improve? What’s your take there?

If you increase the number of attachments or connections, you increase the attack surface. And when you increase the attack surface you give bad actors a better opportunity to try to navigate to get in.

—Jim Guinn, Senior Managing Director – Security, Strategy and Consulting Lead, Accenture

Jim Guinn: Roll back the clock circa 2019. In 2019, there were a significant number of cyber events that occurred on a continuous basis. And we can go all the way back, whether it’s Stuxnet, WannaCry, Wannacrypto, or any number of significant global cyber events that occurred. And when the world had to shift from working the way that we used to circa 2019 to the way that we work today – very, very connected in your home networks, on your mobile devices, on potentially unsecure networks, to be able to communicate with corporate assets, we did see an increase in cyber activity just simply because of the connectivity.

Now I am one that subscribes to the belief that we will not ever go back to the way that it was again circa 2019 with how we worked and what we did. And there will be an evolution of more remote working or continual remote working, and that’s going to increase the number of, in the most simplistic terms, IP addressable assets. And if you have an IP addressable asset, meaning a human working on a thing, attaching to a thing and doing their job, if you increase the number of attachments or connections, you increase the attack surface. And when you increase the attack surface you give bad actors a better opportunity to try to navigate to get in. If you pivot to the things like the metaverse or other, responsible AI and 5G, and the things that are really going to accelerate the adoption of technology more broad-spectrum, I think that this problem is only going to get worse. It’s not going to get easier or better. I think it’s going to continue to evolve and we just have to be very vigilant in how we approach the cyber measures that we have in our organisations today.

Algirde Pipikaite: Let me follow up actually on the AI and blockchain and 5G, and the new technologies, the new realities that we are introducing, like augmented reality and the metaverse. Combined with what we’ve seen with ransomware attacks – the rise last year in 2021 at least by 150% if not more. And cryptocurrency is being used on an enormous scale for payments and then for tracking those payments. My question is do you still see that we will be suffering from ransomware with very basic attacks? Or do you foresee that the introduction of new technologies or the combination of technologies that we will be using will introduce really sophisticated attacks?

If somebody wants to break in and they are funded by a nation-state or an affiliate, it is going to be impossible to stop them.

—Jim Guinn, Senior Managing Director – Security, Strategy and Consulting Lead, Accenture

Jim Guinn: I think both, and history has proven that it will be both. And one of the common things that we have seen, not always, but a common theme, is not having the simplistic things like multifactor authentication enabled on various devices. And therefore someone can get in because they have harvested a credential from some other means.

Until we can get the fundamentals right – like multi-factor authentication across the enterprise, and I’m talking about operational technology assets to enterprise IT assets, to our mobile devices, to all of it, all of our endpoints – until we can get that done you will still see the less sophisticated actors get in and do harm – cyber gangs trying to make a quick buck.

The second thing is, with all respect for all nations, if any nation-state, as well-funded as they are, that has really strong cyber capabilities, if they wanted to do harm through a nation-state actor or an affiliate, you cannot stop them. It is simply a matter of time.

There’s been a number of recent multinational ‘zero-days’ – no one knew it was coming – nation-state affiliates and/or direct nation-states who have caused some real upheaval. And it’s near impossible. If somebody wants to break in and they are funded by a nation-state or an affiliate, it is going to be impossible to stop them. It’s a matter of time.

So, I think you’re going to have both. I think you going to have the very less than sophisticated gangs that try to make a quick buck by leveraging harvesting credentials and get in, and you’re going to have very sophisticated nation-state actors who want to cause disruption in the globe.

Robin Pomeroy: That’s pretty scary. So, in the first category there you have to plug all those holes like a leaky ship in some ways. If you plug those holes – ways of accessing those networks – then you should be able to stop criminal ransomware gangs. But the other category you are talking about – these state actors – which have been going on now for well over a decade, to my amateur knowledge – you’re saying it’s impossible to stop them. So what do we do to stop a health service from being stopped in its tracks or the energy grid of a country being blocked out? You have to tackle that after the fact, is that what the situation is?

Jim Guinn: Yes. And I will stick with your analogy because it’s a very good one and it’s used quite often. There’s a great philosopher that once said ‘the moment that the ship was created, we also created the shipwreck,’ meaning once you build a ship and you sail it, it is going to crash, one will crash at some point and it is a tragedy. Having spent the early part of my career working offshore and working on vessels, the first thing that you learn how to do is you learn how to exit the vessel in the event of an emergency. And so what that means is you have a safety plan and you have a security plan and you know where to muster and everybody knows what their role is.

We always try to avoid a shipwreck – cyber shipwreck. However, if it does happen, it’s not about that it happened, it’s about the resilience and how quickly you can isolate, contain, recover and respond to it in a very orderly fashion. If you can think about the ship, in your analogy, if you did have a major catastrophe on a ship and everyone panicked, then it would be very tragic. So it’s about planning, it’s about execution, it’s about being deliberate in your moves so that when it occurs to an organisation that you’re a part of, in whatever form it appears, that you have a very, very tested and true plan so that you can be more resilient, so you can recover from it very quickly.

We’re all going to get sick. We’re going to get the flu, we’re going to get a cold or, you know, God forbid, we’ll get COVID, but we will all get sick. But we should all be able to recover if we have the right plan. If we have the right pharmaceutical capabilities, we can all get better. Same thing with cyber, it’s going to happen. So let’s talk about how we recover from it in a very logical and structured way so that we minimise the impacts to the organisation or our customers or our suppliers in the future.

Algirde Pipikaite: At the very beginning, Robin mentioned that on average it takes around 280 days for a company or organisation to identify and respond, start responding, to an incident. That means that if someone was hacked on 1 January, they potentially only around mid-October will get to know about that hack.

If resilience is our mantra, how can we actually prevent and how would you even tackle an attacker who sits in our networks potentially for 280 days? The reconnaissance that they are doing and the way they identify your sensitive data, your vulnerabilities, your access management and everything, their navigation through your network during nine, 10 months is spectacular. So do you still believe it’s a winnable battle or it’s kind of like once we find it, then we will try to prevent that situation?

Precautions against cyberattacks

Jim Guinn: That may be some organisations’ strategy: ‘once we find it, we’ll try to prevent it’. That’s not necessarily what we would advise, even with our own experience.

It’s about the preparedness. It’s about planning in advance. Because the closer you can get to impact – meaning day one: infiltration occurs or someone has gotten in, some bad actor’s gotten in. Now it’s about trying to roll the clock back from hundreds of days down to a handful of days so that you can reduce the impact.

And there’s a there’s a lot of things that we can do. And I would gladly share a good reference architecture with anyone that listens to the podcast here or beyond. There are some very, albeit difficult to execute, simple philosophies. If you use them, you can actually decrease that time from impact to extrication – removing them, getting them out of your network.

It’s things like multifactor authentication. If every device needs multiple credentials to get in it’s really hard to move laterally in the network.

Zero trust. What does zero trust mean? I don’t trust anybody that’s on the network, so I need to have multiple ways to authenticate to a given set of assets in a business context to protect them so that we don’t have loss of IP or loss of data.

There’s some really fundamental things. And, again, they’re not easy to implement and they cost both time and money to do. But the the most spectacular – and I’m using that word in a negative context, not a positive context – the most spectacular cyber events we have seen have been on flat networks, without multifactor authentication, without the ability to see the environment, to know what’s happening.

We try to describe this in simple terms: if you can’t see it you can’t protect it. Literally, if you cannot see it, you cannot protect it. So the ability to see in your environment across the entire landscape and be able to correlate events gives you a better chance to reduce that dwell time from hundreds of days down to a few hours.

And even in our own case, where we had the event last year, where a LockBit ransomware gang was able to infiltrate a particular set of servers that were misconfigured, quite frankly, we had them locked out within five hours under five hours. So we know it can be done. And so if just our own experience of what we had to live through because of a misconfiguration with multifactor authentication, we were able to identify and isolate and eradicate a threat actor in less than five hours

Algirde Pipikaite: In the blurry lines of us working from home, many people using work devices for their personal life and personal errands, or their personal devices for work, is it easy to identify when an intruder gets into the network when so many different devices are connected and so many different routers that are actually not corporate-secured and they are home-security or maybe not even secured, are sitting on our networks? How are you identifying? And once you identify, what are those steps? What do you do to actually contain an incident and how do you know it’s not Jim, it’s not Kelly, it’s not Diana sitting on a network.

The best protection from a threat actor is your own people. Our own people are probably our greatest strength and potentially our biggest weakness when it comes to cyber events.

—Jim Guinn, Senior Managing Director – Security, Strategy and Consulting Lead, Accenture

Jim Guinn: There are so many things that go into a cyber strategy, but being able to understand usage patterns or understand personas and what that persona should be doing and how they interact with their job, also known as, or AKA, ‘roles’ – what is my role in the organisation? What should I be interacting with? What data should I be touching? When do I typically touch it?

There’s a lot of things that we can use – data analytics and AI – responsible AI, meaning understanding it and not using it for ill gotten gains, but responsible AI – there’s a lot of things that we can learn about our environments just watching the way that humans interact with technology and interact with machines.

The fundamentals of something like zero trust is really having a set of roles and personas and IDs that are going to interact with a set of systems in a certain way and knowing what that is, and then allowing access to those through a ‘trust yet verify’ mechanism.

And so if organisations – and the unfortunate thing is, and we talked about it in the report, many of the organisations that are smaller, which are very, very critical to the ecosystem, they do have folks who are using multiple devices to attach to corporate assets. They do have less than sophisticated cyber postures – because of the cost and time to implement. You may have an organisation that has 100 people that’s very critical to part of the supply chain for durable goods or pharmaceuticals, and they can have a vulnerability and someone can infiltrate that organisation to get to your organisation. And those are not impossible to stop, but they’re very difficult to stop.

And it goes back to – if you don’t know what individuals are supposed to be doing while they’re on a network, then you can’t really predict what they should be doing. So it’s back to the ‘if you can’t see it, you can’t protect it’ or ‘if you don’t know you can’t protect it. So it’s not easy. It’s doable, but it takes time and it takes some fortitude to really invest both the corporate assets, intellectual assets. and our people.

Let’s not forget our people. The best thing to to avoid a threat actor from getting in is your own people. Our own people being diligent, not clicking on links, not having shared assets where I’m reading my web mail on the same thing as my computer and someone sends me a video of something that’s supposed to be funny and it had malware and now it’s on my corporate asset, and now it can traverse the network and get in. So our own people are probably our greatest strength and potentially our biggest weakness as it comes to cyber events.

Robin Pomeroy: Can we talk about what it’s like to be victim of a ransomware attack? People think about ransom, they get a note through the door with the letters cut out from a newspaper ‘we’re holding your your puppy, give us $50 and you’ll get it back’. In a way, it’s not that far off, is it? I was reading about this attack that you experienced last year, and is it true to say they paste something up on as wallpaper on your screen that actually says, ‘Yeah, we’ve now taken over this computer. Here we are. Ha ha ha. Send us the money’. I mean, it’s kind of that basic. Is that how you first realise you’re under attack?

Jim Guinn: Hopefully not, because at that point they have gone completely laterally across your network, they’ve infiltrated multiple devices, and now they have what effectively would be a choke hold on your infrastructure. By the time that comes up, it’s really bad. I mean, it’s really, really bad. Ideally, you will catch them in the act. You will see network traffic that is anomalous. You will see activity that is not normal.

You know, say your MXDR platform. We’ve got one of the best in the world. We use it for hundreds and hundreds of clients. When it detects an anomaly and it pops a flare, you immediately go and investigate what happened. And so hopefully you catch it before you get that notification. But if you get that notification, there’s a whole new series of activities that you’re going to have to go through that are going to be less than ideal both for yourself, for your people, for your clients, for your suppliers. So hopefully you get to it before that occurs. Does that make sense?

Robin Pomeroy: Yeah, absolutely. The acronym caught me out though – MXDR – could you explain what that is?

Jim Guinn: It’s ‘manage, extend, detect and respond’. It’s a set of technologies that is a big, if you will, kaleidoscope of all the activities going across your network and everything – it enables the seeing of what’s happening.

And it’s the ability to manage and extend and detect and respond to a particular event. It may be anomalous. It may be good. It may be bad. But it’s something that’s different. So you have to investigate it. So it’s a bit of fabric that lays over the top of the network that identifies a ripple. And then we go look at the ripple and figure out what that is and why is it correlating in other areas and why is it appearing in other places. So it’s a way to better detect when there is an incident or the potential of an incident.

Robin Pomeroy: So you’ll be able to tell us what you are able to tell us about this attack last year, but it’s been fairly widely reported this ransomware group LockBit – maybe you could tell us who they are or who they might be. They were asking for $50 million in ransom. So how did it all unfold from where you were sitting?

Jim Guinn: We were immensely transparent with all of our clients. The event occurred on 30 July and I want to say that was a Sunday and I’m having to roll back the clock in my mind, I believe it was a Sunday. And I remember getting up on Monday morning. I’m pretty sure it was a Sunday, but I remember Monday morning, my boss at the time, I had a text from him and I got up, it was like, 5-5.15 in the morning. Usually when I get up I go and take the dog for a walk. I’m still in the outfit that I took the dogs for walk in. And occasionally when I walk past my phone, I don’t keep it with me, and I go into the office and I tap the screen and I see that, you know, I’d gotten the message and I’m like, that’s not ever good. It’s just not good to have a message at that time in the morning.

So I look at the message and the world changed.

And and you know, what I will say is you can’t always believe what you read from a threat actor. And there’s a couple of different reasons. Number one, it was not $50 million. We don’t disclose what they wanted, but I can tell you it was significantly less. It happened – within less than five hours we had it contained. So from the time that someone got in and our alerts went off and we knew that something was anomalous and we had to go investigate it, it was isolated inside of five hours. So the ability to exfiltrate whatever it was – data – as it turned out, and as we widely shared with many clients, it was mostly seating charts, internal communication emails, some benchmarking data that was publicly available, just a series of things – the value of the data was not there.

Threat actors will – LockBit, any of them – threat actors like to boast what they have so that if they can’t get it from the entity that they have harvested it from, then they try to sell it on the dark web by increasing the perceived value of it. And in this case, it was a rock that was spray-painted gold. Yes, there was something there. It was material. It was not material from a financial sense, but it was data. But they spray painted it gold to make it seem like it was more important or bigger. And thank goodness it wasn’t because it’d be a different set of circumstances. But the reality is they realised what they had and when we said, yeah, we’re not going to pay, then it became widely public. Once we knew what they had and once we felt comfortable that we had it contained and isolated, then it became more of a stalling technique than really a negotiation to be able to defer until publicly known what we knew and what our internal cert [computer emergency response team] team and our internal CISO [chief information security officer] was trying to get their arms around. So it for sure was not that amount of ransom. And for sure, we did not pay, just to be really clear.

Ransomware: to pay or not to pay

Algirde Pipikaite: How hard is the decision to pay or not to pay. And do normally companies decide to pay and get rid of the problem. Or is it less complicated not to pay and try to rebuild the network? There are two different philosophies. Which one do you normally lean towards and what do you see much more happening in the market?

If it is going to impact health, safety or the environment, you need to have a protocol for decision-making as to whether you’re going to pay or not.

—Jim Guinn, Senior Managing Director – Security, Strategy and Consulting Lead, Accenture

Jim Guinn: That is a fantastic question. And it’s not an easy one to answer. Some believe you should always pay, some believe you should never pay. What I try to distill it down to, at least with the clients that I and my team serve, especially in criticial infrastructure, if it is going to impact health, safety or the environment – I want to be really clear – health, safety, environment – you need to have a protocol for decision making as to whether you’re going to pay or not. If you’re going to have a significant impact that could impact the environment in a very, very negative way or the safety of our people or others in a very negative way or the health of of patients and patient care, you have to have a decision tree that you’ve already run through numerous times through tabletop exercises and executive discussions to figure out if we pay, what does that mean, if we don’t pay, what does that mean? So that you’re not trying to do it in real time.

I personally subscribe to you have to determine what is a payable event and what is not well before you actually have an event. And then you have to run those protocols when or if you do get into that set of scenarios, and you have to live by the decisions that you made, because trying to make real-time decisions that are massively critical with the emotions running high – in the midst of a cyber event, generally speaking, you may not make the best decision, generally speaking.

So if you think about it when times are calm and people are not upset and it’s not a panic or hair-on-fire unfortunate situation. The act of planning for war is not necessarily the plan itself, it’s that you plan for it. And going through that plan, both in a cyber event or in business critical operations gives you just a better chance of making the best decision at that moment in time.

So I don’t subscribe to either. I am actually right down the middle of the road. It’s that every company needs to have the ability. within the legal requirements of the jurisdiction they operate in, to determine whether or not they should or should not pay, because of impacts to health, safety and environmental concerns.

Robin Pomeroy: So do companies actually run those scenarios, those war games? I’m assuming that’s big companies that have the capacity to do that, but are you aware that companies do that kind of thing?

Jim Guinn: Yes, they do. We’ve evolved from the early 2000s, you know, ’98, ’99, 2000, 2001, 2002, when some of these emerging technologies were really taking off. We’ve evolved quite significantly that really, really large institutions that have a decent enough budget will go through red teaming exercises and tabletop exercises and decision-making processes to figure out how they would respond in a particular an event and what the protocol should be to guide that decision.

And then smaller organisations actually have – there are now mechanisms through many of the the governments that we see across, whether it’s through Australia or Singapore or in the EU or in the United States and Canada, that facilitate those sort of capabilities for smaller organisations to be able to leverage, albeit not at the scale and capacity of every organisation that might need it at that moment, or want it at that moment.

But we’re getting better. And those that actually do prepare are probably in the best position to to shrink that window, not just of dwell time, but of potential loss of IP, data or other material assets.

For the estimated 1 billion people worldwide without a legal ID, digital identity programmes provide a unique opportunity for increased inclusivity, better financial participation, and wider access to government resources and initiatives.

However, for the countries implementing these programmes, the associated benefits come with a host of thorny tradeoffs surrounding privacy, security and logistics.

Following a landmark ruling by the highest court in Kenya in 2021, which concluded that the rollout of a country-wide biometric ID scheme was illegal, many countries continue to grapple with the legal, regulatory, and ethical boundaries of national identification systems.

Nationally, many countries lack clear legal precedents to govern processes and infrastructure in the digital identity space, and international consensus is just as, if not more, jumbled.

The Kenyan case echoes challenges faced by the EU, the US, and other governing bodies when it comes to digitization of national ID programmes, and the subsequent expectations of privacy for individuals and groups.

Countries are at different stages
Countries are at different stages of introducing digital ID systems. Image: Gelb, A and Diofasi, A


Kenya’s digital ID scheme ruled illegal

Kenya’s digital ID programme, called the National Integrated Identity Management System (NIIMS), was ruled illegal by the highest court because there was no clear documentation of the data privacy risks, nor was there a clear strategy for measuring, mitigating and dealing with those risks.

Related concerns about data privacy and security have arisen in other digital ID platforms as well. For example, India’s Aadhaar is the world’s largest biometric digital ID system.

Registration is linked to biometrics and demographics, and can connect to services including SIM cards, bank accounts, and government aid programmes, making financial systems more inclusive.

Despite these advantages, Aadhaar has seen pushback regarding feasibility and privacy. For example, there are concerns that the Aadhaar database can be used to profile ethnic minorities or violate the privacy of residents.

Issues faced by many national digital ID systems

The Kenyan NIIMS ruling and experiences from other global digital ID platforms highlight three major recurring issues that characterize many national systems:

  • Keeping too much personally identifiable information in one place creates new and major targets for potential attacks, including data exfiltration.
  • Many countries lack the security infrastructure to protect sensitive data and maintain rigorous privacy standards.
  • National digital ID programmes open the door to the further exclusion of vulnerable groups, based on factors like demographics (such as ethnicity) or socioeconomic status (for example, digital connectivity).

At their core, these concerns stem from the centralization of data, which increases the likelihood and potential damage of external cyberattacks. It also increases the viability of insider threats and lowers barriers to systematic discrimination from within government.

Reasons to reduce centralization of ID data

These threats become even more pronounced to the extent that digital ID platforms are linked to different services and use cases within a nation. As digital ID systems become more prevalent, there are compelling reasons to reduce the degree of centralization inherent to their architecture and operation.

However, managing and mitigating the degree of centralization in digital ID systems is highly nontrivial; the design space is vast, with subtle tradeoffs. Nation states should consider both technical and nontechnical approaches to manage centralization of ID databases.

First and foremost, to navigate this complex landscape, a multi-stakeholder approach should be taken to consider a variety of voices before rolling out new digital ID programmes. For example, many digital ID schemes (such as Estonia’s, Aadhar and MOSIP) were developed through public-private collaboration.

Access controls for digital ID systems

Many governments simply do not have the in-house capacity to roll out and maintain a new digital ID system. At the same time, care must be taken when outsourcing development and maintenance.

ID systems are critical infrastructure, and once governments are locked into a vendor, it can be difficult to back out or make changes, due to technical debt and interoperability requirements with downstream users.

From a technical standpoint, one technique for reducing the implications of data centralization involves partitioning databases and enacting appropriate access controls. This enables a database of digital IDs to be split according to attributes, such as the region where the identifier was first registered.

Operators can be given access to only a subset of the data. Such access controls reduce the damage that any single malicious agent can exact, at the expense of greater system complexity and fragmentation.

Mitigate risks of biometrics through encryption

However, access controls alone are not enough to mitigate the risks associated with storing sensitive ID information, such as biometrics.

A major risk surrounding biometrics in particular is that if, and when, an attacker obtains these credentials for a victim, they may be able to impersonate the victim indefinitely, since a user’s biometrics do not change.

These risks can be mitigated using emerging technologies like computation over encrypted data with rotating keys. For example, homomorphic encryption could be used to store only encrypted iris scans and conduct authentication over encrypted data – thereby significantly reducing the information that is available to the ID database operator, as well as to potential hackers.

Standardize ID systems for better interoperability

At the other extreme, a significant problem with existing ID solutions today is their lack of interoperability, both across nations and services. For example, registration systems for nationalized healthcare do not necessarily communicate with systems for government aid.

The fragmented state of digital ID systems inherently limits data centralization, but it can also hamper their potential benefits. Possible solutions to this problem include standardization of digital ID.

For example, MOSIP is intended to be an open-source digital ID platform for multiple nations and use cases. Others have proposed decentralized, interoperable architectures for storing digital identifiers.

These architectures would enable existing ID issuers to issue their own identifiers while maintaining ID databases in a decentralized manner – for example, on a blockchain maintained by different stakeholders.

Decentralized ID systems may pose challenges

Such technologies are relatively untested compared to more classical databases, and could introduce new challenges surrounding governance and database maintenance.

Notice that decentralized architectures do not inherently help with the problem of centralized data aggregation; many blockchain-based data storage architectures are designed mainly to provide transparency, not confidentiality.

Privacy considerations, and well as the potential for exploitation, are incredibly important when it comes to building inclusive and valuable national digital ID systems.

Privacy vital for digital ID platforms

This infrastructure has the potential to generate value and usher in a new era of legal, digital and financial inclusion.

However, there must be a solid foundation of data protection, decentralization, and an environment of digital trust for these programmes to succeed.

The Kenyan courts have simply done the work for the rest of their peers by flagging these issues at the outset.

Over the past two years, e-commerce with its astonishing growth rates became a popular headline of postal news. Deadly for certain industries, the pandemic has turned into a powerful catalyzer for others, putting pressure on companies to search for additional capacity to keep up with the ever-growing demand. That was the case for Ecuadorian start-up “Tipti”. Led by a woman entrepreneur, this online marketplace experienced ten-fold growth, making it the fastest growing e-commerce company in the country. Its CEO and Co-Founder Pierangela Sierra provides a benchmark and inspiration for many women across Latin America. On the 10th episode of Voice Mail, Ian Kerr talked to Pierangela, who is also an UNCTAD eTrade for Women Advocate for Latin America, about the e-commerce landscape in the region, the challenges of overcoming the digital divide, meeting the escalating demand for convenient service and building an e-commerce career as a woman.

A new report, South Asia’s Digital Opportunity: Accelerating Growth, Transforming Lives, looks at the opportunities and challenges related to digitalizing the economies, societies and governments of Afghanistan, Bangladesh, Bhutan, India, Maldives, Nepal, Pakistan and Sri Lanka.

The report finds that while some countries are benefiting from expanded access to services and markets, new jobs, innovation, reduced transaction costs and a better quality of life due to increased digitalization, its full game-changing potential remains untapped. A concrete, comprehensive approach to digitalization can help advance South Asia’s green, resilient and inclusive development.

Main Challenges to Digitalization:

  • Most South Asian countries have expanded 4G mobile networks in the last five years, but broadband internet and smartphones remain unaffordable for the region’s poorest people.  61% of South Asians live within range of a telecom network, but still do not use the internet, the largest usage gap in the world. International bandwidth is especially expensive in landlocked countries such as Nepal.
  • Digital transformation of government, including digital public platforms and digital stacks, can make government services and support more inclusive, accessible and effective. Digitalization of governments in South Asia has progressed steadily but more needs to be done to improve interoperability, integration, data protection and cybersecurity, and to make digital platforms more accessible to the most vulnerable people.
  • Stronger, more accessible digital financial services could improve financial inclusion in South Asia, which accounts for more than 20 percent of the world’s unbanked adults.
  • Digital businesses create value for economies, but across South Asia, some digital business ecosystems are more mature than others. This is due to varying levels of support from government institutions and other organizations, and differences in the enabling environment and access to early-stage financing.
  • Digital skills are critical for a globally competitive workforce and digitally literate citizens. However, there remain low levels of digital literacy in the region, especially among women.
  • South Asian countries are making progress in creating environments and frameworks that encourage digital confidence and trust, with several countries considering legislation on data protection.  More can be done to implement cybersecurity protections, both within the legal framework and in eventual implementation.
  • Regional cooperation on cross-border connectivity and data infrastructure, cross-border data flows, and cross-border payment systems can enable greater access to markets, improve knowledge, capital and innovation and help countries achieve development goals.

Policy Recommendations:

  • Increase affordability of data and devices, ensure reliable and affordable international connectivity and build infrastructure to allow more people to connect.
  • A “whole-of-government approach” to digitalization of government that consolidates and coordinates policy, strategy, planning and operational responsibilities should be adopted. This approach should be supported by policies that promote data protection and cybersecurity, stronger data governance and interoperability frameworks and a focus on human-centered design to bridge gender and digital divides.
  • Build “digital stacks” — including digital ID, digital payments, and trusted data sharing platforms, which are the basis for most transactions — as “rails” to allow governments and businesses to build and innovate digital services.
  • Implement government policies that encourage innovation in the digital financial ecosystem, actions to modernize credit reporting systems, initiatives to promote financial literacy and greater trust in digital financial services and reforms to facilitate cross-border payments to make digital financial services accessible to more people.
  • To support digital businesses, the report recommends developing “digital business” enabling frameworks and that governments provide financial incentives for early-stage financing. To close the gender gap, greater focus should be put on training, supporting and funding women-led businesses.
  • To boost digital skills in South Asia, the report recommends that governments make the digital skills agenda a key part of their national strategies. The education sector can also play a key role in developing digital skills and literacy by including digital skills in curriculums from primary school onwards, in technical and vocational education and training, and in on-the-job training programs developed in collaboration with the private sector. Fostering women’s access to educational opportunities will also be vital.
  • The report finds that more progress to build digital confidence and trust can be made by developing robust legal and regulatory frameworks for data protection, and establishing independent and competent institutions to enforce data protection and cybersecurity.
  • Infrastructure sharing — for example, of mobile network towers — between countries can help make infrastructure deployment more affordable.
  • A collaborative and robust regional digital economy could also pave the way for smoother intraregional trade, expanded e-commerce markets and greater financial inclusion. To build a thriving regional digital economy, South Asian countries could consider regional coordination in three areas: cross-border connectivity and data infrastructure, an enabling environment for cross-border data flows; and integrated cross-border payment systems.

Subscribe to our Newsletter

Contact Us