Mega Data Breaches Could Drive the Blockchain Revolution

Last year broke all records for data breaches according to IBM X-Force Threat Intelligence Index. With over four billion records stolen last year, 2016 saw more records exfiltrated than 2014 and 2015 combined. Beyond just trying to stop a breach, businesses have an increasing financial incentive to protect their data.

The McKinsey Global Institute estimates that, as of 2014, all types of international data flows have raised the world’s GDP by roughly 3.5% with it accounting for $2.8 trillion in annual revenue for businesses.

Therefore, something with that much impact to global GDP should be worth protecting. Enter blockchain “an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way”.

Put another way, it is a distributed, immutable database that is autonomously managed without the need for a trusted third party. This makes it the ideal candidate for a variety of data security applications and the information security world has already begun to take notice.

It’s core algorithm relies on two kinds of records: individual transactions and transaction blocks. Blockchain’s code first makes each transaction into a unique hash value. The hash values are then combined in a hash tree, or Merkle Tree, with a specified group of hashed transitions creating a block. Each block is given a unique hash that includes the hash of the prior block’s header and a timestamp.

Since each block’s header includes the hash of the prior block, the two are linked, creating the first links of a chain. Since this chain is created by using information from each other block, each link is immutably bound together.

Originally invented by the as-of-yet-unknown Satoshi Nakamoto (most likely a pseudonym), blockchain is an open-source application whose core software is developed and maintained by a worldwide team of volunteers around the world.

While the underlying code is open-source, companies are quickly innovating that code and bringing their proprietary versions to market. Of course, “legal disputes have cropped up over who actually owns the rights to the innovations built using that code,” reports the Boston Globe; but it has not stopped heavy hitters like Goldman Sachs, Bank of America, MasterCard, and many others from focusing resources (and patents) into the technology. Let’s take a look at two verticals already being revolutionized by blockchain.

Finance & Banking

Blockchain, with it’s distributed ledger technology, is a potential game changer for those in FinTech. The World Economic Forum estimates that blockchain has captured the imagination and wallets of the financial services industry to the tune of $1.4 billion in investments in the last three years. Blockchain in FinTech applications has the capability to better secure financial transactions between institutions without the need for a trusted third party. It also has the ability to improve the capability of regulators to ensure the security and stability of the financial markets.

In their most recent report on global FinTech trends, PwC reported that 77% of respondents planned to adopt blockchain as part of their production or process system by 2020. This is a massive adoption rate. The report noted the “large back-office cost savings and transparency gains” were what made blockchain most attractive. These emerging products enable financial institutions to increase efficiency in their payment processes with real-time payments and lower operational costs.

Most blockchain products available now feature a permissioned, distributed ledger; which means that participating financial institutions have greater security as all entities validating transactions are authorized.

PwC also noted three areas facing the biggest disruption (and benefits) from blockchain within FinTech. Here is what ISVs (and others) are currently working toward:

  • Payments & Fund Transfer Infrastructure: Since blockchain’s distributed ledger is able to validate every transaction (achieving consensus across the network of ledgers) and since the ledger is decentralized and immutable; it promises to reduce fraud or other forms of hacking.
  • Regulatory Technology (RegTech): With its “native regulatory capabilities” intrinsic within the technology, blockchain transactions can be validated as they happen, instead of at a later period of time by human or software intermediaries.
  • Digital Identity Management: IBM summed up blockchain’s benefits best in this area in that by using append-only ledgers, prior agreed-upon sets of identity attributes, and all within a permissioned network - companies will have the ability to establish trust and greatly reduce fraud and user mistakes.

Data Security

Another area in which blockchain could revolutionize an industry is in data security. Traditional encryption for data-at-rest and data-in-flight rely on a robust encryption algorithm, centralized encryption key management, and thorough auditing to make sure everyone is playing by the rules. Blockchain has the capability to remove the need for a trusted third party with data sharing and enhance auditing capabilities for organizations to quickly spot inside and outside threats.

When it comes to data breaches, the truth is, hackers often infiltrate a network days, weeks, or even months before they are able to access and exfiltrate sensitive data. Hackers often try to mask their footprints by modifying security logs. As many of these logs are just text files, once accessed, they can easily delete whole sections with a keystroke.

With blockchain, its distributed ledger all but makes that impossible. If one node is changed, the other nodes detect that they are not in agreement with the tampered node and isolate it from the ledger network, thus alerting network administrators. Blockchain could be extremely efficient in retaining the integrity of security logs.

Along with that, one of the best ways to detect malicious activity within your network is anomaly detection. With blockchain, each time a network’s sensitive data is retrieved the ‘who’ and the ‘when’ can be recorded within the distributed ledger. If any of those parameters do not conform to established norms, alerts can be registered within a company’s SIEM. If the activity proves malicious, a response team can move quickly to shut the internal or external threat out of the network to minimize any damage.

The blockchain revolution is just in it’s infancy. Venture capitalists worldwide are pouring billions of dollars into research and development. As well they should, as blockchain promises to address some of the vulnerabilities of our current data security.

In fact, in February of this year, the U.S. Congress took note of blockchain as Rep. Jared Polis (D) and David Schweikert (R) announced the launch of the Congressional Blockchain Caucus. In their announcement they said, “Blockchain’s potential to reshape everything from the financial industry, to supply chains, to cybersecurity, to health care is something we should embrace.” Now comes the hard part of bringing a technology to full maturity.

What’s Hot on Infosecurity Magazine?