Spending on cyber security has grown dramatically over the past decade, with no signs of slowing down. Globally, organizations plan to spend more than $1 trillion between 2017 and 2021 to protect themselves from online threats, according to an industry report.
Despite this staggering investment, criminal hackers continue to exploit both publicly known and unknown vulnerabilities, eavesdropping devices, applications and network communications. ‘CB Insights’ estimates that about 6 billion confidential files were stolen between 2017 and 2018 alone. Other industry research shows that the number and cost of cyber-attacks has increased since then.
These sophisticated attacks often defeat traditional security methods, including authentication, key management, cryptography, and privacy protection. With a large percentage of employees working from home due to the coronavirus pandemic, vulnerabilities are growing in new ways. So instead of building more powerful tools, many companies are rebuilding the systems that created these vulnerabilities.
A new approach to cyber security
Blockchain provides an additional route to higher security that is less traversed and less inviting to attackers. This strategy reduces risks, offers robust encryption, and effectively verifies ownership and integrity of data. Even the use of passwords; frequently referred to as the weakest link in cybersecurity, could potentially be done away with. This is because blockchain uses a distributed ledger. By removing the most obvious targets, the decentralized public key infrastructure paradigm reduces many of the hazards related to centrally held data. Unless there is a platform-level vulnerability, it is difficult for attackers to steal, compromise, or change data since transactions are recorded at every node (computer) in the network.
Another traditional weakness is addressed by blockchain’s collaborative consensus algorithm. It can search for malicious actions, anomalies and false positives without the need for a central authority. One pair of eyes can be deceiving, but not thousands. This strengthens authentication and ensures data communication and records management.
Although blockchain has many unconventional features, it uses one of the most important tools of cybersecurity: encryption. A distributed ledger can use public key infrastructure (the same thing that secures email and end-to-end message encryption) to secure communications, authenticate devices, verify configuration changes, and discover confidential devices in a single Internet of Things (IoT) ecosystem. Through encryption and digital signatures, a blockchain system can protect connected thermostats, smart doorbells, security cameras, and other vulnerable edge devices. A recent Palo Alto Networks report stated that 98% of IoT device traffic is unencrypted and described this as “low hanging fruit for attackers”
This technology can also be a weapon against distributed denial-of-service (DDoS) attacks. A blockchain-based Domain Name System (DNS) — a protocol for managing Internet traffic — can eliminate one point at which these attacks can succeed. In 2016, a large part of the internet went down due to a DDoS attack.
Blockchain challenges
Governments and international corporations alike are yearning to implement blockchain-based cybersecurity because they perceive it as the future. But it’s not as easy as just updating a toolkit that already exists.
This interweaving of blockchain and cybersecurity is an ever-evolving approach. Not all research ideas related to digital identities, decentralized storage, content device security, and smart contracts are compatible with business needs. Without proper thought, implementation can be difficult or impossible. Here are some challenges businesses may encounter when incorporating blockchain into their cybersecurity plan.
Protection of personal data
Anyone can view and receive transaction data on a public blockchain. This is relevant to businesses who want to strictly regulate the public’s access to information. Many privacy concerns can be reduced with the aid of a permissioned blockchain. Only trusted parties are able to participate in, evaluate, and vote on transactions thanks to the blockchain platform’s network of permissions.
Scalability
Because of block size (how much data is verified at a time) and response time (time to make a call and get a response), scalability in blockchain implementation can be a problem. To protect confidentiality and anonymity, each node in this system saves, processes, and maintains transactions in a block. Small and medium-sized businesses, however, struggle with the growing number of transactions in a single block as the volume of transactions rises. The verification process can be slowed down by these additions. Scalability is the antithesis of decentralization because it has constrained computation and storage capabilities.
Regulations
Organizations are still trying to understand how the structure and complexity of blockchain fits into the evolving privacy, compliance and regulatory environment. The European General Data Protection Regulation (GDPR) and similar laws allow individuals to request the erasure of their data; these laws also create a “right to be forgotten” in some cases. Because blockchain prevents parties from modifying or deleting data, the technology risks violating government regulations.
Interoperability
Other blockchain platforms use different ecosystems for their smart contract logic, transaction schedules, and consensus models. Poor interoperability limits scalability. From a developer perspective, barriers can also arise from platform misconfiguration, communication uncertainty, errors in application development specifications, and cross-chain logic issues. which is a smart contract.
Fortunately, open protocols, multi-chain frameworks, and algorithms are rooted in blockchain and mitigate this problem. Business communications organization GS1 publishes global standards for blockchain interoperability and works with Microsoft and IBM to incorporate the standards into their business blockchain applications. The Enterprise Ethereum Alliance also develops enterprise standards.
Technological risks
Blockchain offers many benefits such as efficiency, optimization, cost reduction and better security. However, technology also introduces new risks to systems if not properly managed. These risks include:
Improper key management and access control.
Unlike traditional methods, end users are fully responsible for managing their digital assets. Private keys are mapped to the user’s assets, so unauthorized access or theft of cryptographic keys can result in total and irreversible loss.
Random forks and split chain attacks.
During the smart contract upgrade process, there is a chance that some nodes will not support the changes made during the consensus phase. This can lead to a new chain that splits off from the old one, introducing blockchain-specific risks such as replay, double-spending, and 51% attacks. In these cases, unauthorized parties can block, reverse or redo transactions.
Inadequate choice of encryption scheme and insecure operations.
Sending or storing sensitive data using cryptographic algorithms is not enough to protect against man-in-the-middle attacks. A number of factors can make a blockchain vulnerable to this type of breach, including insufficient encryption, weak or incorrect keys, poor governance factors, incorrect cryptographic implementation, or improper verification of digital signatures or certificates.
Application Programming Interface (API) integration.
3rd parties are required for API integration, either private or public blockchain. This leads to trust issues and inadvertent leaks of sensitive data.
Advantages of blockchain
Despite the potential obstacles, the combination of blockchain and cybersecurity has caught the attention of executives and technology experts. In a 2019 Infosys research report, one in three respondents cited the use of blockchain in the development of security solutions as a leading trend in cybersecurity.
Here are some of the factors that make blockchain so promising and the ways it should be managed:
Data protection and privacy.
This technology provides selective access to transactions and information within a distributed ledger with minimal oversight. Blockchain also does not provide cyber attackers with traditional data protection objectives and the ability to mitigate privacy concerns. In general, this makes it difficult to obtain or change information in blockchain ecosystems.
Smart contract security
Blockchain components such as smart contracts, applications, APIs, digital assets, and wallets must be tested for access control, authentication, data security, and business logic validation. This gives permissioned chain participants more confidence.
Public Key Infrastructure Management.
Asymmetric cryptographic keys and digital signatures are fundamental aspects of blockchain security. The public key in its implementation defines the digital identity of the participants of the node. However, the private key enables actions including securely encrypting, signing, and verifying transactions. Asymmetric cryptography in blockchain offers benefits similar to traditional encrypted transactions.
Despite these benefits, companies must still adhere to security best practices such as speed limits, encrypting sensitive configuration files, and patching process vulnerabilities. Cybersecurity and blockchain aren’t necessarily two ideas that leap out at you when you think about each other. Considering how blockchain was developed, though, it is perhaps surprising that these two concepts haven’t been brought together sooner. The nature of the system makes it the perfect place to reinvent the way we approach cybersecurity, especially when it comes to protecting some of our most sensitive data. This can be pivotal moving forward.