Connect with us
blockchain cyber security blockchain cyber security

Companies

Blockchain and Cyber Security: the Equifax Episode

 7 min read / 

In sheer scale, the Equifax breach is small, impacting 143m people, when compared to other data breaches of the past year such as Yahoo’s 1bn user account violation. However, Avivah Litan, a fraud analyst at Gartner notes that Equifax’s hack is much more dangerous in terms of risk to the consumer. What makes this breach especially damaging is the type of data that was interdicted, the sensitivity rends the breach incomparably harmful and, in total, the credit card numbers for 209,000 consumers were stolen.

Blockchain as a Solution?

Blockchain’s composition lends itself well to cybersecurity. The very nature of how blockchain applications work means they are hard to hack and harder to corrupt; they are secure and tamper-proof by design. For starters, the distributed nature of Blockchain ledgers means that no single user will own the data (in a community project, for example) and that the data will be supported by several nodes in the company (where one company possesses all the data). For public projects, using blockchain technology to encrypt data and then storing such data on a cloud service not only means the data can be kept on your device, but any data stored on the cloud cannot be read by that platform. This removes the need for blind trust in third parties and makes it easier to keep your data safe. Moreover, blockchain transactions can be validated as they happen in real time without the need for later processing by human or software intermediaries.

As for attacks, hackers breach networks long before any actual damage takes place. Often, hackers will need to locate data, decrypt, exfiltrate data or damage systems and these activities can take some time to set up and execute effectively. Additionally, hackers need to cover their footprints and remove evidence of intrusion, which again increases the length of time it takes to execute an attack.

With blockchain, however, the distributed ledger system makes these type of attacks impossible. Any change on a node that alters the data or signature of the data can be identified and isolated from the network. If one node is changed, the other nodes can detect the disagreement and isolate it from the ledger network, thus alerting network administrators and cybersecurity personnel there has been an attempted hack. Further, the existence of identical nodes complicates altering information.

Harder to Hack

Not only could blockchain be extremely efficient in detecting attempted attacks, altering the data is also nearly impossible. The ledgers are practically incorruptible and even if one node is altered, it will not match and agree with other nodes in the network. This is further complicated when the network consists of multiple nodes, all validating transactions of data in real time. Furthermore, this provides a boost to anomaly detection, when data is transmitted, the information can be logged – from who, to whom, size, file type and so on. Any alteration or minuscule variation can be detected as it will not comply with established parameters.

Compromising data becomes a gargantuan task when financial information is stored across a network of computers. Breaching one server is not enough; attempts to commit fraud, falsify information and change entries requires a majority of the network to be altered. Moreover, each node updates in real time, requiring the attack to change the majority of nodes simultaneously. The combination of the peer to peer nature, the number of nodes, the network infrastructure and changing cyber security protocols and operating in a distributed, 24/7 manner make the platform operationally resilient.

Limitations

Despite Bitcoin’s seemingly perfect fit to protecting sensitive data, there are still limitations to the platform. Whilst hackers might not be able to compromise the blockchain itself, damage can still be done to the underlying systems. A DDoS attack to deny service can still interrupt processes, essentially rendering any network inoperable for the period of attack. Whilst the data will be safe, the network cannot continue to operate, meaning further changes to the ledger could be compromised.

Moreover, the attacks are not just limited to the blockchain portion of the infrastructure, should the company operate AI or use IoT technology, DDoS attacks could disrupt those systems by, for example, interrupting manufacturing processes by AI bots on a factory floor. As a result, the blockchain system would still be vulnerable to the inoperability of the technology that it underpins.

Harder Punishments

A key tool in combating cyber attacks is ensuring that a company’s cyber infrastructure is secure. Thus, it is necessary to regulate the minimum commitment to securing their networks to both protect themselves, other entities and their clients. Fundamentally, therefore, the law presents a powerful opportunity to set high standards and diminish the scope of power available to attackers. Certainly, the law will heed to technological advancements in the future but, by having a standard of cyber security that firms must adhere to, one can significantly reduce the risk of successful hacks.

Wharton professor, Gad Allon, opines that the technology in itself is not enough and rather governments must engage with tougher cybersecurity standards and encourage companies to adopt better practices through creating regulation designed to espouse cyber security principles. “The penalty for firms has to be heavier. We should also have specific regulations about who has the liability in these cases and how quickly firms should admit [they have been hacked],” Allon said, adding “We see more and more situations where firms only acknowledge these things months after they happen.… This is why people have to go to jail for these things.”

According to Suchitra Nair, Director at Deloitte U.K.’s Risk Advisory practice, “Operational resilience of the blockchain will be a key focus area for regulators and will need to be rigorously tested and evidenced by the firm to gain regulatory assurance.” The requirement to comply with cyber standards will be a key power of the law, hopefully shifting security to a key topic for consideration by CEOs and boards. One such legislative tool is the EU General Data Protection Regulation (GDPR).

The EU GDPR aims to reflect the exponential growth of personal data processing as the internet services continue to develop. Further, the regulation aims to put individuals in control of their data, instating strict conditions over consent for data to be captured and stored. This creates new obligations in areas such as data anonymisation, compulsory breach notifications and the appointment of Data Protection Officers, requiring organisations handling EU citizens’ data to make major changes in the way they operate. Comparatively, companies wanting to conduct business in Europe, either directly themselves or indirectly through a European subsidiary, will have to comply with certain standards. Thus this regulation has the potential to reach beyond the member states.

On the penalty issue, this regulation includes the appointment of dedicated Data Protection Officers within companies and the requirement to notify relevant authorities of a breach within 72 hours of becoming aware of it. Furthermore, non-compliance with the regulation could cost up to 4% of a company’s annual turnover or €20m, whichever is higher. As such, this figure is both eye-watering and attention-grabbing and is certain to not go unnoticed among executive-level decision makers.

Final Thoughts

The high level of dependency on technology, data and soon AI, mandates that companies adapt and adopt security protocols to protect themselves and their business partners, consumers and stakeholders. New business models and revenue streams have been facilitated by greater internet connectivity but with this “comes new gaps and opportunities for cyber attackers to exploit.” Ed Powers, Deloitte’s U.S. Cyber Risk Lead, states that “while still nascent, there is promising innovation in blockchain towards helping enterprises tackle immutable cyber risk challenges such as digital identities and maintaining data integrity.”

Certainly, no cybersecurity defence is 100% impregnable, blockchain may present today’s companies with a better option.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Asia

Google to Open Artificial Intelligence Centre in China

 2 min read / 

Google AI China

Google will be opening its first artificial intelligence (AI) research centre in China, despite many of its services being blocked there.

Fei-Fei Li, Chief Scientist of Google Cloud, said:

“I believe AI and its benefits have no borders. Whether a breakthrough occurs in Silicon Valley, Beijing or anywhere else, it has the potential to make everyone’s life better for the entire world. As an AI first company, this is an important part of our collective mission. And we want to work with the best AI talent, wherever that talent is, to achieve it.”

The research centre will focus on basic AI research, and will consist of a team in Beijing, who will be supported by Google China’s engineering teams.

Google’s search engine and its Gmail are banned in China. However, the country has 730 million internet users, making the market too large to ignore.

Google is not the only tech giant facing restrictions in China. Facebook is also banned, while Apple’ App Store has been subject to censorship. In order to comply with government requests, Apple removed many popular messaging and virtual private network (VPN) apps from its App Store in China earlier on this year.

China has recently announced plans to develop artificial intelligence, and wants to catch up with the US. However, human rights groups are concerned by China’s use of artificial intelligence to monitor its own citizens.

Keep reading |  2 min read

Companies

A Deal Looks Likely for Disney’s Fox Takeover

 2 min read / 

Disney's Fox Takeover

The Story

Disney is on the cusp of confirming a deal to buy most of 21st Century Fox in a $60bn deal, reports claim. The sale would see Disney acquire 20th Century Fox film studios as well as Sky and Star satellite broadcasts in the UK, Asia and Europe, according to the BBC.

21st Century Fox would retain broadcasting network Fox News and Fox Sports 1. While both would remain independent initially, they “could consider a merger later with the Murdochs’ publishing company, News Corp.,” reported Bloomberg’s David Hellier and Anousha Sakoui.

Fox CEO James Murdoch could potentially be offered a senior position at Disney once the deal is done.

Why It’s Important

Fox has reassessed its place in the current media landscape and decided that to in order to be successful it would need to scale up. Disney has the scale that Fox lacks. By consolidating their efforts around news and sports, Fox will be able to play an important role in the media industry.

On the other hand, Disney’s acquisition will extend the company’s reach. Plans to roll out a new Disney streaming service could benefit from the increased international exposure, where there appears to be the most growth.

Disney would also acquire Fox’s streaming service Hulu, opening new opportunities for Disney to compete with the likes of Netflix and Amazon Prime Video.

Keep reading |  2 min read

Companies

ExxonMobil under Shareholder Pressure

ExxonMobil Shareholder

The world’s largest oil group has agreed to publish the impact of climate policies on its bottom line.

In recent years, shareholders of the world’s largest oil and gas conglomerates have been pushing companies to publish analysis of the threat they face from climate change and the threat of green policies. In a regulatory filing, Exxon announced that it would change how it reports its results to include a paper on how climate policies are hurting its business. The proposal was backed by around 60% of Exxon’s shareholders back in May, which was led by the New York state employees’ retirement fund. The move follows Exxon’s gradual shift towards addressing climate change; in the 90s, the group campaigned against the Kyoto protocol but has since committed to reducing emissions.

Keep reading |  1 min read

Trending