The Future Use Cases of Blockchain for Cybersecurity
Date: 4 September 2020
A successful cyber-attack can be the downfall of any well-positioned business. Data breaches not only cause significant financial losses but are also the leading cause of a bad reputation for victim companies. Companies that handle consumer data to some degree like Equifax or USCB America require cybersecurity because of the type of information they process and store.
Blockchain started out as the technology behind Bitcoin but has popularly grown into a promising mitigation technology for cybersecurity.
In this blog, we cover:
It is quite a tough and challenging time for businesses that operate on digital network platforms. Cyber-attacks and breaches continue to haunt online activities at even more sophisticated and damaging levels. As this nightmare continues to escalate, it is not only small businesses that fall prey to the attacks but also large IT companies like Siemens, Facebook, Yahoo, Microsoft, and LG, just to mention a few.
Ransomware attacks and other forms of data breaches have now become a day to day challenge for companies. Recent analysis and statistics indicate that even sacrosanct state procedures like Presidential elections are not safe from these attacks. This shows that cybersecurity is no longer an issue to companies alone, but also to governments and other agencies.
For the development of viable cybersecurity protection strategies, it would be prudent to analyse the recent cyber-attack trends and statistics.
According to Juniper Research, the damages caused by cyber-attacks in 2019 amounted to $2 trillion. With such tremendous financial impacts, companies continue to increase their investment in cybersecurity. It is estimated that by 2030, the global cybersecurity spending will be $2 billion in a bid to mitigate these malicious attacks.
Attention-catching Cybersecurity Trends & Stats:
• Bitcoin involved in Almost $76 Billion of Illegal Activities: Unlike other currencies, Bitcoin offers a fantastic form of quick transactions with anonymity and safety. The cryptocurrency is unregularised by legacy government currency rates.
This has quickly transformed it into the most preferred mode of anonymous operation in illegal activities like the cyber crime and drug trade. According to a study by the University of Sydney in Australia, bitcoin facilitated $76 billion of illegal business transactions around the world. It is not just bitcoin alone that offers this anonymity and other popular cryptocurrencies like Ethereum and Ripple are also catching on with many enquiring how to buy XRP on popular search engines.
• Ransomware Attack Every 14 Seconds: It is estimated that after every 14 seconds, an individual or company falls prey to a ransomware attack. This is according to the 2019 Official Annual Cybercrime Report (ACR) that also indicated that most of these attacks go unreported. With a new person joining social media platforms every 15 seconds, the ransomware vulnerability scope continues to widen.
• Small Businesses are the primary targets of Cyber-attacks: Most small businesses consider themselves 'unlikely' to suffer from cyber-attacks. According to reports by Cybint, two-thirds of companies have experienced attacks such as social engineering incidents, phishing, and DDoS attacks in the last three years. Small businesses continue being the smallest investors in cybersecurity despite making up 13% of the cybercrime market.
• Cyber threat Costs: As per the Security Intelligence Report, the average cost of a cyber-attack data breach as of 2019 was $3.92 million. On the contrary, the cost of hacking is almost insignificant, with cyber-attack tools now available on the Dark Web for as low as one dollar, with other complementary services being offered for free. It becomes more alarming that it takes an average of 5 minutes to hack an IoT device.
The Future of these Cyber-attacks & Malware
The current fast-paced advancement in technology also offers an incubating effect to cyber-attacks to continue becoming more sophisticated and executable. With the rolling out of the game-changing fifth-generation (5G) networks that offer ten times faster download speeds, this will inevitably create more opportunities for hackers. Faster speeds will increase the chances of more devices being hacked and the execution of larger cyber-attacks.
There is a huge commercial appetite for the Internet of Things (IoT). Almost everything, ranging from furniture to utility equipment, is being fitted with internet-connected sensors. According to Gartner, by 2021, there will be an increase in the number of things connected to the internet, from 14 billion to 25 billion. Most of these new technologies have patchy security features that tend to attract hackers. Also, home automation features could lead to more homes being vulnerable to cyber-attacks by criminals.
What is Blockchain?
Blockchain technology is a distributed and decentralised ledger system that can record transactions between multiple computers. Blockchain started as the technology behind bitcoin but has popularly grown into a promising mitigation technology for cybersecurity.
Notably, human error remains to be the leading cause of data breaches. Blockchain fully automates data storage hence reducing the human element in these data storage systems.
Blockchain can be utilised in any sector or industry. This is because any kind of digital asset or transaction can be inserted in blockchain, from any industry. The new technology is considered a reliable cybersecurity protocol due to its capabilities of indicating any foul play and providing certainty in the integrity of transactions.
Blockchain technology was designed to be transparent. Therefore, opposing the famous misconception, blockchain offers no privacy or confidentiality of any transactions made through it. When termed as secure, it is meant to describe the integrity of the transactions, not its privacy.
Blockchain Use Cases for Cybersecurity
Although not unbreakable, blockchain has evolved to become one of the most foolproof forms of transacting in the digital network realm. As designed and intended, the technology has been credited for its information integrity assurance. If well-utilised, many sectors can benefit from it.
With the potential of being practical to many utilisations, blockchain can be implemented into many uses. One of the best uses would be utilising its integrity assurance for building cybersecurity solutions for many other technologies. Below are some use cases of future beneficial use of blockchain to strengthen cybersecurity:
1. Securing Private Messaging: With the internet shrinking the world into a global village, more and more people are joining social media. The number of social media platforms is also on the rise. More social apps are being launched with each dawn as conversational commerce gains popularity. Huge amounts of metadata are collected during these interactions. Most social media platform users protect the services and their data with weak, unreliable passwords.
Most messaging companies are warming up to blockchain for securing user data as a superior option to the end-to-end encryption which they currently use. Blockchain can be used to create a standard security protocol. For enabling cross-messenger communication capabilities, blockchain can be used to form a unified API framework.
In the recent past, numerous attacks have been executed against social platforms like Twitter and Facebook. These attacks resulted in data breaches with millions of accounts being breached and user information landing into the wrong hands. Blockchain technologies, if well implemented in these messaging systems, may prevent such future cyberattacks.
2. IoT Security: Hackers have increasingly used edge devices, such as thermostats and routers, to gain access to overall systems. With the current obsession for Artificial Intelligence (AI), it has become easier for hackers to access overall systems like home automation through edge devices like 'smart' switches. In most cases, a large number of these IoT devices have sketchy security features.
In this case, blockchain can be used to secure such overall systems or devices by decentralising their administration. The approach will give the capabilities of the device to make security decisions on their own. Not depending on the central admin or authority makes the edge devices more secure by detecting and acting on suspicious commands from unknown networks.
Normally, hackers penetrate the central administration of a device and automatically gain full control of the devices and systems. By decentralising such device authority systems, blockchain ensures such attacks are harder to execute (if even possible).
3. Securing DNS and DDoS: A Distributed Denial of Service (DDoS) attack occurs when users of a target resource, such as a network resource, server, or website, are denied access or service to the target resource. These attacks shut down or slow down the resource systems.
On the other hand, an intact Domain Name System (DNS) is very centralised, making it a perfect target for hackers who infiltrate the connection between the IP address and the name of a website. This attack renders a website inaccessible, cashable, and even redirectable to other scam websites.
Fortunately, blockchain can be used to diminish such kinds of attacks by decentralising the DNS entries. By applying decentralised solutions, blockchain would have removed the vulnerable single points exploited by hackers.
4. Decentralising Medium Storage: Business data hacks and theft are becoming a primary evident cause of concern to organisations. Most companies still use the centralised form of the storage medium. To access the entire data stored in these systems, a hacker simply exploits but a single vulnerable point. Such an attack leaves sensitive and confidential data, such as business financial records, in the possession of a criminal.
By using blockchain, sensitive data may be protected by ensuring a decentralised form of data storage. This mitigation method would make it harder and even impossible for hackers to penetrate data storage systems. Many storage service companies are assessing ways blockchain can protect data from hackers. Apollo Currency Team is a good example of an organisation that has already embraced the blockchain technology in their systems (The Apollo Data Cloud).
5. The Provenance of Computer Software: Blockchain can be used to ensure the integrity of software downloads to prevent foreign intrusion. Just as the MD5 hashes are utilised, blockchain can be applied to verify activities, such as firmware updates, installers, and patches, to prevent the entry of malicious software in computers. In the MD5 scenario, new software identity is compared to hashes available on the vendor websites. This method is not completely foolproof as the hashes available on the provider’s platform may already be compromised.
However, in the case of blockchain technology, the hashes are permanently recorded in the blockchain. The information recorded in the technology is not mutable or changeable; hence blockchain may be more efficient in verifying the integrity of software by comparing it to the hashes against the ones on the blockchain.
6. Verification of Cyber-Physical Infrastructures: Data tampering, systems misconfiguration together with component failure have marred the integrity of information generated from cyber-physical systems. However, the capabilities of blockchain technology in information integrity and verification may be utilised to authenticate the status of any cyber-physical infrastructures. Information generated on the infrastructure’s components through blockchain can be more assuring to the complete chain of custody.
7. Protecting Data Transmission: Blockchain can be used in the future to prevent unauthorized access to data while in transit. By utilising the complete encryption feature of the technology, data transmission can be secured to prevent malicious actors from accessing it, be it an individual or an organisation. This approach would lead to a general increase in the confidence and integrity of data transmitted through blockchain. Hackers with malicious intent tap into data amid transit to either alter it or completely delete its existence. This leaves a huge gap in inefficient communication channels, such as emails.
8. Diminish Human Safety Adversity caused by
Cyber-attacks: Thanks to innovative technological advancements, we have recently seen the roll-out of unmanned military equipment and public transportation. These automated vehicles and weapons are possible thanks to the Internet that facilitates the transfer of data from the sensors to the remote-control databases. However, hackers have been on the job to break and gain access to networks, such as Car Area Network (CAN). When tapped into, these networks offer complete control access to vital automotive functions to the hackers. Such occurrences would have a direct impact on the safety of humans. But through data verification conducted on blockchain for any data that goes in and through such systems, many adversities would be prevented.
No matter how it is utilised, the key component of blockchain technology is its ability to decentralise. This feature removes the single target point that can be compromised. As a result, it becomes utterly impossible to infiltrate systems or sites whose access control, data storage, and network traffic are no longer in a single location. Therefore, blockchain may be one of the most efficient mitigation strategies for cyber threats in the coming days. Nevertheless, blockchain, just as with any other new technologies, faces many startup challenges as it undergoes the painful process of growth.
Julien is a passionate and experienced technology & cybersecurity specialist with a particular focus on data protection, risk management, identity and access management, penetration testing and cryptography.
He is a regular speaker at external conferences and a technology writer for international newspapers on a variety of technology and cybersecurity topics. Julien is also a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and Certified Ethical Hacker (CEH). He holds a master's degree in computer science, cryptography and network security