[BreachExchange] Blockchain can be the good guy in the cyber wild west

Audrey McNeil audrey at riskbasedsecurity.com
Thu Aug 3 19:10:30 EDT 2017


http://www.itproportal.com/features/blockchain-can-be-
the-good-guy-in-the-cyber-wild-west/

The press over the past few weeks have been pretty bleak for those working
in IT. Be it cyber-attacks, data theft or concerns around security and the
Internet of Things, the headlines may make you believe that working in the
profession is crisis after crisis.

One thing that is clear, is the need for IT professionals to keep their
houses in order. By this, I mean doing the basics well – keeping everything
stored correctly, having strong defences in place and secure database
management, so you know exactly what has happened, when.

Blockchains are one indisputable technology that could help address a range
of security concerns, and are at the heart of many of the new developments
in IT. Specifically, they make crypto-currencies, such as Bitcoin more
secured and are developed utilising them – bringing together a new age of
traditional ledger technologies and traditional computing. Since the advent
of Bitcoin, the use of blockchains has developed and grown, working with
cryptocurrencies and making them more secure, by keeping records of
transactions and logging what’s happened, when, in a sophisticated manner.
Although it’s still relatively in its nascence, in a time when our data has
never been under more threat, blockchain has the potential to be the good
guy in an often villainous tale.

But how can blockchain save the day? Well, put simply, it has the
opportunity to reduce and even mitigate fraud or malpractice in firms, and
in the future could change how we approach contracts, by making process
more iron-clad by utilising advanced computer protocols.

Blockchain, being the giant ledger that it is, provides a sense of security
to firms that they can share and access data across multiple touch points.
Due to the way it’s created and its server agnostic approach, users can
edit an ‘asset’ on one server, with others then able to track the progress
of it almost simultaneously on another. But this history is different to
that of a word document or a bank statement which show granular
information. It provides a detailed overview of the transactions around the
asset, including what has been done, and when. Plus, with those accessing
or editing the asset potentially identifiable via their public key,
blockchain is now presenting opportunities to track every movement around
an asset, providing a greater sense of accountability and security.

Whilst it may add a layer of Big Brother to how firms can track what
employees are up to, it also enables businesses to be acutely aware of
what’s happening to its assets. Whilst it can sometimes be seen as a taboo
topic, employee fraud is not uncommon, so technology to prevent this is
surely a welcome prognosis to IT departments. For example, it is estimated
that one in five small businesses have been defrauded by an employee during
their trading history. Especially for firms with fewer resources to call
on, preventing assets being misappropriated would make a significant
difference to the balance sheet, so utilising tools like blockchain could
put a stop to malpractice, as each edit to the ‘asset’ will be tracked with
acute detail.

In practical terms, blockchain has the potential to mitigate common online
fraud by employees. Most notably, this could take action against payment
fraud, such as ‘double spend’, where two payments are made closely
together, to trick the system into thinking the supplier has been paid. In
fact, the money has been sent to another account or digital wallet, owned
by the perpetrator. Blockchain will enable this to be picked up more
easily, and identify who has processed the payment.

Another way it can help firms fight back against corruption or wrongdoing,
is its security. With the biggest brands being exposed on a weekly basis
due to insufficient cyber defences, blockchain can help mitigate this
exposure via its server agnostic approach. Unlike a suite of tools created
by a technology company and then licensed to a professional services firm,
blockchain’s distributed ledger has many access points, meaning there is no
weak point for a hacker to concentrate on. By spreading the risk,
blockchain would need to come under a sustained, widespread attack for its
defences to be tested. When you add to that the high levels of end-to-end
encryption and multiple storage points, its security credentials stand tall
at a time where others’ fall short.

Blockchain can also help with futureproofing a business. With the advent of
Bitcoin and other crypto-currencies coming to the fore, using tools such as
Blockchain can help enable firms to trade in these currencies more readily,
opening up new financial opportunities. Whilst I don’t expect Sterling to
ever cease, we have seen a large rise in businesses such as Microsoft and
Dell adopting Bitcoin, both in business-to-business and
business-to-consumer transactions.

Legally, it also has benefits, notably around smart contracts, a
computerised transaction protocol that executes the terms of a contract. A
blockchain-based smart contract is visible to all users of said blockchain.
Therefore, like the advantages of tracking how an asset is being used,
blockchain can be used to ensure contracts are not tampered with – as a
result of backdating or signature forging. The integrity of the contract
could be proved, due to the logged timings proving each stage of the legal
process. Blockchain doesn’t let you edit the asset (the contract), just the
process by creating a transaction with the asset, adding another layer of
legal security.

Despite the fact that the technology is still in its infancy, blockchain is
already presenting new opportunities for firms both in terms of security
and financial gains. Due to its multiple implementations, blockchain is set
to expand over the next few years, and may well soon become engrained in
business IT infrastructure. Of course it is not without its faults, as seen
by the fact the technology itself is safe, but things built around it are
not so safe (Bitcoin, for example is stolen a surprising amount for a
secure currency, with the responsibility often sitting with the end user
not putting adequate safeguards in place). There is also a skills issue, as
like with most technology, it takes time to have enough skilled people to
use the technology and train others to make it more widespread.

The next five years will be critical for the technology, and whether it
will overcome some of the hurdles it currently faces. However, with sectors
such as financial services using it more and more, it seems like it has a
bright future. Personally, I think this has the potential to become the
most important anti-fraud mechanism known to business, and I’d bet my
Bitcoins that many will share my view very soon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170803/07230a8b/attachment.html>


More information about the BreachExchange mailing list