Mega Data Breaches Could Drive the Blockchain Revolution – Infosecurity Magazine
Mega Data Breaches Could Drive the Blockchain Revolution
Last year broke all records for data breaches according to IBM X-Force Threat Intelligence Index. With over four billion records stolen last year, two thousand sixteen eyed more records exfiltrated than two thousand fourteen and two thousand fifteen combined. Beyond just attempting to stop a breach, businesses have an enlargening financial incentive to protect their data.
The McKinsey Global Institute estimates that, as of 2014, all types of international data flows have raised the world’s GDP by toughly Three.5% with it accounting for $Two.8 trillion in annual revenue for businesses.
Therefore, something with that much influence to global GDP should be worth protecting. Come in blockchain “an open, distributed ledger that can record transactions inbetween two parties efficiently and in a verifiable and permanent way”.
Put another way, it is a distributed, immutable database that is autonomously managed without the need for a trusted third party. This makes it the ideal candidate for a diversity of data security applications and the information security world has already begun to take notice.
It’s core algorithm relies on two kinds of records: individual transactions and transaction blocks. Blockchain’s code very first makes each transaction into a unique hash value. The hash values are then combined in a hash tree, or Merkle Tree, with a specified group of hashed transitions creating a block. Each block is given a unique hash that includes the hash of the prior block’s header and a timestamp.
Since each block’s header includes the hash of the prior block, the two are linked, creating the very first links of a chain. Since this chain is created by using information from each other block, each link is immutably strapped together.
Originally invented by the as-of-yet-unknown Satoshi Nakamoto (most likely a pseudonym), blockchain is an open-source application whose core software is developed and maintained by a worldwide team of volunteers around the world.
While the underlying code is open-source, companies are quickly innovating that code and bringing their proprietary versions to market. Of course, “legal disputes have cropped up over who actually possesses the rights to the innovations built using that code,” reports the Boston Globe; but it has not stopped strenuous hitters like Goldman Sachs, Bank of America, MasterCard, and many others from focusing resources (and patents) into the technology. Let’s take a look at two verticals already being revolutionized by blockchain.
Blockchain, with it’s distributed ledger technology, is a potential game changer for those in FinTech. The World Economic Forum estimates that blockchain has captured the imagination and wallets of the financial services industry to the tune of $1.Four billion in investments in the last three years. Blockchain in FinTech applications has the capability to better secure financial transactions inbetween institutions without the need for a trusted third party. It also has the capability to improve the capability of regulators to ensure the security and stability of the financial markets.
In their most latest report on global FinTech trends, PwC reported that 77% of respondents planned to adopt blockchain as part of their production or process system by 2020. This is a massive adoption rate. The report noted the “large back-office cost savings and transparency gains” were what made blockchain most attractive. These emerging products enable financial institutions to increase efficiency in their payment processes with real-time payments and lower operational costs.
Most blockchain products available now feature a permissioned, distributed ledger; which means that participating financial institutions have greater security as all entities validating transactions are authorized.
PwC also noted three areas facing the largest disruption (and benefits) from blockchain within FinTech. Here is what ISVs (and others) are presently working toward:
- Payments & Fund Transfer Infrastructure: Since blockchain’s distributed ledger is able to validate every transaction (achieving consensus across the network of ledgers) and since the ledger is decentralized and immutable; it promises to reduce fraud or other forms of hacking.
- Regulatory Technology (RegTech): With its “native regulatory capabilities” intrinsic within the technology, blockchain transactions can be validated as they happen, instead of at a later period of time by human or software intermediaries.
- Digital Identity Management:IBM summed up blockchain’s benefits best in this area in that by using append-only ledgers, prior agreed-upon sets of identity attributes, and all within a permissioned network – companies will have the capability to establish trust and greatly reduce fraud and user mistakes.
Another area in which blockchain could revolutionize an industry is in data security. Traditional encryption for data-at-rest and data-in-flight rely on a sturdy encryption algorithm, centralized encryption key management, and thorough auditing to make sure everyone is playing by the rules. Blockchain has the capability to liquidate the need for a trusted third party with data sharing and enhance auditing capabilities for organizations to quickly spot inwards and outside threats.
When it comes to data breaches, the truth is, hackers often infiltrate a network days, weeks, or even months before they are able to access and exfiltrate sensitive data. Hackers often attempt to mask their footprints by modifying security logs. As many of these logs are just text files, once accessed, they can lightly delete entire sections with a keystroke.
With blockchain, its distributed ledger all but makes that unlikely. If one knot is switched, the other knots detect that they are not in agreement with the tampered knot and isolate it from the ledger network, thus alerting network administrators. Blockchain could be enormously efficient in retaining the integrity of security logs.
Along with that, one of the best ways to detect malicious activity within your network is anomaly detection. With blockchain, each time a network’s sensitive data is retrieved the ‘who’ and the ‘when’ can be recorded within the distributed ledger. If any of those parameters do not conform to established norms, alerts can be registered within a company’s SIEM. If the activity proves malicious, a response team can stir quickly to shut the internal or outward threat out of the network to minimize any harm.
The blockchain revolution is just in it’s infancy. Venture capitalists worldwide are pouring billions of dollars into research and development. As well they should, as blockchain promises to address some of the vulnerabilities of our current data security.