May 2, 2022
By Murtuza Merchant
Even as the amount of data being generated with each passing day increases exponentially along with advances in technology to ensure its security, new techniques are being developed to execute cybercrimes.
According to statistics, in 2020, 95 percent of data breaches were caused due to human error and in the first half of 2020, data breaches exposed over 35 billion records. Of the recorded data breaches, 45 percent featured hacking, 22 percent involved phishing and 17 percent involved malware.
Also, over 90 percent of malware is delivered by email and over 200,000 malware samples are produced daily. This number is expected to rise with time.
The inherently decentralized nature of blockchain technology has several applications, of which cybersecurity should be explored. Data on blockchains cannot be tampered with, as network nodes automatically cross-reference each other and pinpoint the node with misrepresented information.
Blockchain technology provides the highest standards of data transparency and integrity. As blockchain technology automates data storage, it eliminates the leading cause of data breaches: human error. Cybercrime is the greatest threat to enterprises and blockchain technology could go a long way in fighting it.
Blockchain Asset Review spoke to Preetam Rao, CEO, QuillAudits, who explains how cyber security is a crucial component of the blockchain ecosystem.
Q: Which techniques have been adopted to achieve cybersecurity in the growing Blockchain ecosystem?
A: There are various techniques, such as authentication, non-repudiation, and confidentiality.
For authentication, we can say that a transaction on the blockchain or smart contracts can be used to authenticate different entities.
In complete non-repudiation, the actions of all entities are recorded in the blockchain. Some sort of non-repudiation is provided by blockchain technologies using digital signatures.
Confidentiality is analyzed within the blockchain network. In complete confidentiality, only selected entities can access information from other entities.
Then there’s partial and no confidentiality.
The information is accessible to only a particular set of entities in partial confidentiality, while other data is public. An example of this is the ‘voting system’ using blockchain, where votes are encrypted, but the registration content is not.
Q: Could you share some application areas where cybersecurity has been achieved with the help of blockchains?
A: We know that cybersecurity is the practice of protecting systems and networks from digital attacks. Three major use cases of blockchain for cybersecurity are:
IoT: Blockchain can enhance security by using device-to-device encryption for secure communication, key management techniques, and authentication is a potential use case to maintain cybersecurity in the IoT (Internet of Things) system.
Maintain Integrity: We can use blockchain to verify the updates to prevent devices from malicious software. We can do so as hashes are recorded in the blockchain; thus, identities of new software can be compared to hashes and we can verify the integrity of the downloads.
Prevent DDoS Attacks: It is one of the most popular attacks today. We can use properties of blockchain such as immutability and cryptography as an effective solution for these attacks.
Q: What is the current state of the cyberthreat landscape across the growing Web3 ecosystem? What are the new types of cyber threats that Web3 projects must work to combat?
A: Before getting into the current cyberthreat landscape, I would say that 85% of breaches in 2020 involved a human element, according to Verizon’s 2021 Data Breach Investigations Report.
Phishing attacks still account for most breaches via social engineering, which targets cloud-based email servers.
Most reported cyber incidents in the second half of 2021 were ransomware, crypto-mining, attacks on cloud services, software supply chain, etc.
Still, we can see an increase in cybersecurity threats through the following vectors: IoTs, cloud service providers, third parties, and social engineering.
These hacks can be carried out through actors such as cybercriminals, nation-states, hackers, third parties, and others.
Some of the novel threats that the third iteration of the Web must combat are smart contract logic hacks, crypto-jacking, rug pulls, ice phishing, and others.
The growing Web3 ecosystem can be made secure with the help of a thorough, smart contract audit, monitoring, and incorporation of bug bounty and pen-testing methods.
Q: Could you elaborate on the new developments in the cybersecurity field that are helping secure financial operations on blockchain?
A: Blockchain has emerged as one of the leading innovations in the financial sector. It holds a promise to mitigate frauds and ensure quick and secure transactions and trades.
The ultimate goal is to help financial institutions manage risk within the interconnected global financial system.
Blockchain applications can be seen in banking and finance in various forms, such as payments, KYC/AML and records management, capital markets, syndicated lending, etc.
Key developments such as distributed ledger and smart contracts have emerged as excellent methods to track transactions and ensure the accuracy and security of information.
With the help of these new developments, blockchain gave low-cost start-ups a chance to compete with large financial institutions promoting financial inclusion.
Blockchain has emerged as an alternative to banks with no minimum balance required, accessibility, and banking fee barriers.
Q: What are the cybersecurity trends you hope to see in the coming years?
A: First, we need to know what are the current key cybersecurity trends. And as discussed above, the most common cyberattacks experienced by companies are phishing attacks, network intrusion, and various others.
Phishing accounts for a major chunk of global frauds as well, along with other fraud types such as trojan horse.
If we analyze sector-wise, financial services are the most affected, followed by ICT, manufacturing, and retail.
Now, based on the analysis above, we can derive some key cybersecurity trends that we can see in the future such as geo-targeted phishing threats, cloud security, GDPR compliance, financial services cyber-attacks, increased ransomware attacks, and zero-trust security models.
About the author
Murtuza Merchant is a senior journalist and an avid follower of blockchain and cryptocurrencies.