March 29, 2018
Benefits & Downfalls of Latest Tech Trend
The potential highs and lows of Blockchain
Every day it seems we’re inundated with news about Bitcoin and other cryptocurrencies. The headlines take us on a rollercoaster; one day cryptocurrency is projected to be a game changer and shape the future. The next it’s deemed risky, wild and volatile. The rollercoaster valuation makes for exciting news, but under the hood of these currencies lies blockchain, a distributed ledger technology. In that vein, is blockchain a game changer, or is it following a hyped, rollercoaster narrative, too?
We will explore this concept throughout a series of blog posts over the next few months. We’ll examine how different industries are evaluating solutions and how vendors are creating new products and exposing some of the challenges we forecast.
Today, we’ll start with a clear definition of blockchain, discuss the potential positives and negatives of the technology, and share our recommendations for establishing a strong cybersecurity program incorporating blockchain in today’s environment.
At its core, blockchain technology consists of a permanent ledger of all transactions to a record. This record lies in a distributed data architecture where any change or transaction contains a timestamp and digital signature.
These ledgers are viewable by all contributors and validated by miners who ensure the integrity of the blockchain. Mining is meant to be a trustworthy way of recording the transaction history so that it’s impossible to modify by any one entity. The transparent nature and cryptographic rigor of the chain is seen as one of the main selling points by blockchain supporters.
Positive applications beyond cryptocurrency
Various industries who see the potential benefits are jumping on the blockchain bandwagon. Financial industry leader JPMorgan Chase has plans for investment with blockchain technology. It has even made its ledger platform open source and available to the public through JPMorgan’s git hub repository. The blockchain provides strong credibility through its ledger infrastructure for the associate transactions and parties, aiding risk managers in ensuring that all parties involved are verified.
Walmart and IBM have partnered together to ensure food safety through a blockchain platform. Blockchain’s ability to provide traceability and accountability ensure that supplies are sourced and routed as expected.
Blockchaining could also have major implications for the cybersecurity industry. Proponents of the technology believe it’s an excellent solution for protecting digital identities and data integrity. Over the past decade, there has been a steady increase in identity fraud, including the compromise of millions of consumers records each year. With this growing impact of identity fraud, cybersecurity companies feel enormous pressure to find new and inventive solutions that can better protect consumers. Blockchain and its underlying distributed ledger technology, may provide a unique opportunity. The Cloud Security Alliance has an active working group for sharing blockchain best practices and promoting security and privacy as the technology develops.
Criminal adoption of blockchain technology
Cybercriminals have also adapted to using blockchain technology. Michael Marriott, Senior Research and Strategy Analyst of cybersecurity firm Digital Shadows offered insight into their research.
“Since the demise of criminal, darknet marketplaces such as AlphaBay and Hansa in July 2017, cybercriminals have become nervous and have sought new ways to conduct business with less risk.
One such example is Tralfamadore, a marketplace based on Ethereum blockchain. All transactions are made using the Ether cryptocurrency and are recorded as smart contracts on the blockchain. This addresses problems with user trust — if all transactions are permanently and immutably recorded, vendors who attempt to scam other users can be more easily identified. Furthermore, platform operators have no control over listings and the platform is split among many nodes, making it highly resilient to law enforcement takedowns or attacks by other criminal actors.”
“Another example,” Marriott continued, “is Joker’s Stash, a well-documented automated vending cart (AVC), which moved its site hosting to a blockchain-based domain name system (DNS) provided by the cryptocurrency Emercoin. We’ve seen adverts demonstrating this change since around the end of September 2017, on multiple clear web carding forums.
While other threat actors might seek to make use of blockchain technology for their hosting in the future, its use is not prolific. However, if the use of blockchain DNS proves successful for Joker’s Stash, there is a realistic possibility more will adopt it in the next year or so.”
The road to blockchain adoption
Knowing the potential benefits as well as some negative attributes of blockchain, it’s time to ask yourself if you’re ready to adopt blockchain as part of your cybersecurity program. If you are, note that to take full advantage of this technology, you must deploy it in a holistic manner, fully designed around a process. We see some vendors are now embedding the term “blockchain” into their marketing materials, claiming it to be the end-all-be-all. As new products emerge showcasing blockchain technology, be sure your investment is solving an existing problem rather than adopting technology for the sake of interacting with the latest, popular trend. Innovation without implementation is not a recipe for security success.
Right now, the best approach for a well-rounded cybersecurity program is to apply the defense-in-depth strategy and secure the network, harden computers, patch regularly, use antivirus software, monitor your networks, appropriately train your users, and have a game plan in the event of an incident Consistently utilizing industry research can help you stay on top of the evolving security landscape and leveraging outside parties when necessary can help ensure you are well-positioned to respond in the event of an attack.”
Should you consider new blockchain-based technologies? Yes, they should be evaluated. Likely solutions should be tested but remember: take a vendor’s claims with a grain of salt as we don’t quite know the broad impact of blockchain yet.
We’ll continue our deep dive into this hot topic throughout the year. Our next post will explore the concept of using blockchain for content protection. Stay tuned!
About the authors
Jeremiah Sahlberg is the Director of Compliance Services at Tevora.
David Grazer is the Privacy Practice Lead at Tevora.