In 2020 we saw the global pandemic force the rapid acceleration of organizations’ digital transformation plans. At the same time, the disruption faced by many companies, the rush to establish a new remote workforce and the acceleration of digital processes have all left organizations more vulnerable to cyberattacks.
With cybersecurity now a priority for so many companies, one technology is now emerging as a potentially useful weapon in the fight against cybercrime: blockchain.
Indeed, there was a significant increase in worldwide spending on blockchain solutions, which jumped more than 50 percent from 2019 to 2020, according to IDC. Further, blockchain spending is set to continue to grow at a rate of 46.4 percent, reaching nearly $17.9 billion in 2024.
So how can blockchain be used in the fight against cybercrime?
Blockchain: Immutability, Transparency, and Auditability
As we know, blockchain is a shared, immutable ledger that facilitates the process of recording transactions and tracking assets on a network. It provides immediate, shared and completely transparent information stored on an immutable ledger that can be accessed only by permissioned network members.
So how can it be applied in cybersecurity applications? Put simply, blockchain can help prevent fraudulent activities through its inherent consensus mechanisms and detect data tampering based on its underlying characteristics of immutability, transparency, and auditability.
The consensus model protocols used within the technology present organizations with a further level of assurance over the security of stored data, as generally 51 percent of users in public and private blockchains need to agree a transaction is valid before it is added to the platform. This can also remove single point of failure from the blockchain platform.
Cybersecurity scenarios where these blockchain capabilities could potentially prove useful include any situation where accurate data must be maintained,or where any changes to data must be easy to detect. Similarly, it can be deployed where multiple entities need to collaborate securely but without a centralized platform owner.
Blockchain: From Theory to Practice
As such, blockchain has been a natural fit for financial and related professional services which rely on the creation and validation of immutable contracts. We’re also seeing innovations in areas such as securing Internet of Things (IoT) devices, which can form their own consensus mechanism networks and block unauthorized tampering to any node. Elsewhere, there are exciting projects where domain name system (DNS) services are using blockchain to register and resolve domain names and are resilient to targeted DDoS and other types of spoofing attacks.
“The major advantage is that the blockchain doesn’t require passwords because it relies on either biometric data or private keys,” said Gbolabo Awelewa, CISO at digital security management firm, Sothese Inc., speaking recently at Corinium’s recent Security Champions Online West Africa event.
“Multiple step authentication ensure that the user is who the user says they are. And these systems are not only more effective [but] protecting information [such as] username and password will be easier [in the] future.”
According to Awelewa, the immutable nature of blockchain can be utilized to prevent any type of identity theft and deliver complete visibility into activities on the network domain, depending on the security controls in use.
Is 2021 the Year Blockchain Fulfils its Cybersecurity Potential?
Despite its potential, many of the blockchain-based cybersecurity solutions are still at an early stage of maturity – or in many cases, are merely collections of tools to allow bespoke development of additional functionality to sit alongside more established controls such as public key infrastructure (PKI).
While Bitcoin, the most proven of the blockchain-based platforms on the market, has not been fundamentally breached, there have been many instances of successful cyberattacks against cryptocurrencies using blockchain technology. This adds up to nearly $2 billion worth of thefts, mostly from exchanges, since 2017. The challenge is that blockchain is essentially a very smart ledgering system, and it needs to have additional security controls to protect the processes and keys that it uses to ensure that it cannot be compromised.
Nevertheless, several larger IT vendors including IBM and Microsoft have started offering blockchain-based systems and tools aimed at developers and to fulfil simple use cases such as immutable contacts.
For CISOs, the practical use of blockchain for cybersecurity is likely to emerge more within the supply chain. A great example of this is in authentication scenarios such as the work of NEC and Cisco which are using blockchain for confirming the authenticity of network equipment used for security areas and industrial infrastructure.
The two firms will use their proprietary technologies to verify the authenticity of equipment, and then commit the data to a blockchain. The system will use embedded software to monitor for any changes made to the devices and then crosscheck with the information recorded by the blockchain, to allow network administrators to verify authenticity across its lifecycle.
Blockchain has been hyped as having potential applications that span agriculture, healthcare, manufacturing, retail and banking. However, the last 12 months have seen the technology fully transition into the mainstream, with many business leaders now considering it a strategic priority. Indeed, Deloitte’s 2020 Global Blockchain Survey suggests that the technology is now “solidly entrenched in the strategic thinking of organizations across industries, sectors and applications.”
When it comes to cybersecurity applications, blockchain is quietly emerging as an important means for authenticating and authorizing transactions.