Cyber security is a hot topic for corporations, governments, and private individuals across the globe. The frequency and severity of large-scale cyber attacks has increased substantially, whereby the World Economic Forum has recognized cyber attacks to be one of the biggest global risks in 2016.
Not surprisingly, there is heavy investment pouring into this sector and leading cyber security firms, such as Kaspersky Lab, Symantec, and Palo Alto Networks, are continuously developing new systems to mitigate cyber threats. However, there are also several small cyber security firms looking to protect companies, public entities, and individuals from cyber attacks and many of these are leveraging the beneficial features of blockchain technology to do so.
How can the Blockchain be used to Mitigate Damages from Cyber Attack?
The blockchain is the distributed ledger technology that underlies the cryptocurrency bitcoin. Participants in the blockchain hold copies of files, such as financial transactions in the case of bitcoin, and the network agrees on changes by consensus. Files are composed of blocks that include a cryptographic signature of each previous block, thereby creating an immutable record, which in the case of bitcoin can be publicly viewed on Blockchain.info.
Due to the blockchain’s open-source nature, it can be augmented to be used for a wide range of purposes, such as voter registration, proof of asset or land ownership, for the creation and recording of smart contracts, and much more.
The blockchain can also be used to improve cyber security by creating systems that are effectively impossible to hack.
The blockchain has three features that make it an excellent technology for cyber security; its decentralized nature, its immutability and its ability to share information with participants without having to decrypt more files than necessary.
Meet the Startups Leveraging the Blockchain to Improve Cyber Security
As the global DDoS attack of October 21, 2016, has shown, even large reputable online platforms, such as Netflix, Reddit, Twitter, Pinterest and CNN are not immune to cyber attacks. DDoS (Distributed Denial of Service) attacks are cyber attacks involving multiple “hijacked” systems that get used to take down online services and websites. This is what happened on October 21, 2016, when unknown hackers took down major sites across the US and Europe.
Nebulis is a US-based startup that aims to prevent such attacks from occurring in the future by leveraging the Ethereum blockchain to build a decentralized DNS system that is immune to DDoS attacks. The reason why DDoS attacks occur is due to the Internet’s reliance on domain name servers (DNS), which can be brought down with relative ease when too many IP addresses are trying to access them. By instead creating a decentralized DNS system built on a blockchain it would be impossible for DDoS attackers to take down any sites due to the decentralized nature of such a new system.
Other major cyber security issues include ransomware attacks and cyber theft involving sensitive data. This has emerged as a major issue for businesses and individuals. Ransomware attacks average 4,000 a day in the US alone, according to the Department of Justice. The secure storage of sensitive data is another area where the blockchain would be an ideal technology to implement due to the immutability of the distributed ledger technology.
As the blockchain combines decentralization with advanced cryptography and sequential hashing, it makes anything stored on the blockchain effectively immune to theft. Therefore, storing sensitive business data on the blockchain, for example, would make sense for large corporations that regularly face cyber attack.
A startup that is using the blockchain for that purpose is California-based Guardtime. Guardtime has created Keyless Signature Infrastructure (KSI) to replace the commonly method used to secure sensitive data, Public Key Infrastructure. So, instead of having to trust someone with the keys, you can let the KSI systems verify data integrity by running hash functions on it and comparing it to the original data stored on the blockchain. This alleviates the issue of having to trust individuals with the authentication of data.
According to Guardtime CTO Matthew Johnson:
“This is a fundamentally different approach to traditional security. Rather than using Anti-Virus, Anti-Malware and Intrusion Detection schemes that search for vulnerabilities, you have mathematical certainty over the provenance and integrity of every component in your system.”
The blockchain also provides a secure way to handle encrypted data. According to Guy Zyskind, CEO and founder of blockchain startup Enigma, there is currently no possibility for computing over encrypted files. Currently, when accessing encrypted data to make changes, one must decrypt it first to do so. This, in turn, raises the risk of cyber theft.
This is a problem that Zyskind is solving with a blockchain-based encrypted cloud platform, Enigma. Enigma’s platform allows users to keep data encrypted while making changes to it and sharing it with other invested parties but without revealing it to any third parties. The added privacy feature, on top of the added security through encryption, is a valuable service to businesses that regularly need to work on sensitive data together.
A further threat stemming from cyber criminals is online fraud. This is especially an issue for financial institutions that are regularly matched against cyber criminals who try to exploit loopholes in their systems. One startup aiming to prevent financial fraud is Singapore-based Kratos Innovation Lab.
Kratos has launched its fraud prevention platform called x-DeFraud, which aims to detect potential financial fraud in the trade finance sector before it occurs by storing all of the customer’s documents, such as purchase orders, invoices, certificates of authenticity, customs documents, on a distributed ledger. Pre-defined algorithms can then analyse the distributed ledger to detect fraudulent behavior.
Will the Blockchain Protect us from Cyber Attacks?
Implementing blockchain technology to secure valuable business or personal data will most likely bring about a decline in data theft and a decentralized blockchain-based DNS system would undoubtedly give DDoS attackers a very hard time. However, as cyber security is innovating, so are the cyber criminals. Hence, it would be foolish to say that implementing one single new technology will be the cure to cyber crime.
Furthermore, a substantial number of hacks are the outcome of social engineering. For example, if a cyber criminal wants access to a company’s systems, he or she may send a number of phishing emails to employees hoping that someone clicks on one and access to these systems is then granted. It is, therefore, vital for us as individuals to be aware of digital threats that could harm us, or our employer, and stay alert when online.