There is much chatter about blockchain and how it could impact the way we do business today. Arvind Krishna, senior vice president at IBM Research, said that “over the past two decades, the internet has revolutionized many aspects of business and society … Blockchain could bring to those processes the openness and efficiency we have come to expect in the internet era.”

Three Experts Chat About Blockchain

I had the opportunity to discuss blockchain and its impact on cybersecurity with three leading experts: Netspective CEO Shahid Shah; Security Mentor Chief Security Officer (CSO) Dan Lohrmann; and Berkeley Varitronics President and CEO Scott Schober. Here’s what they had to say.

Question: Pundits have indicated that “if blockchain technology is more widely adopted, the probability of hacking could go down.” Do you agree?

Shahid Shah: There is some limited truth to the idea that blockchain technology, if it was more widely adopted, would reduce the probability of hacking. Because blockchain is more about guaranteeing the integrity of data rather than keeping data private, it’s not likely to reduce data breaches, but it could prevent — or in some cases, eliminate — tampering types of attack. Because blockchain’s immutability and transparency features form solid integrity networks, they can reduce the probability of certain kinds of hacking — especially those that seek to disrupt transactional agreements — because tamperproofing is a key goal.

Dan Lohrmann: Hackers will always hack, but I do agree that widely adopted blockchain technology can reduce the rapid growth of data breaches. Traditionally, we look at information security as the confidentiality, integrity and availability of the data. Blockchain is really helping with the integrity piece in the middle.

Blockchain’s distributed node structure can reduce the probability of successful hacking for nefarious purposes, and the application of blockchain technologies into diverse fields is a welcome and rare sight for cybersecurity professionals trying to fight daily online battles.

Scott Schober: Yes, blockchain technology will reduce hacking as well as enhance overall security when in use. Blockchain is transparent and unable to be altered by an administrator or anyone else in or outside of the chain. There is also a public history of all transactions so that no one can go back to cook the books.

In the world of digital currency, bitcoin is a great example of digital information that is distributed but not copied. There is a good track record with bitcoin blockchain operating successfully since 2008 without significant disruption. Of course, there is an associated stigma with bitcoin, but that is not a failure of the underlying blockchain architecture, but rather corrupt humans with bad intentions.

What industries are adopting blockchain and improving cybersecurity?

Shah: So far, only the financial services sector has adopted blockchain in any major way, primarily for secure payments and currency transfer. These solutions aren’t using blockchain specifically for cybersecurity but for tamper resistance and guaranteeing transactional integrity. The byproduct of blockchain, in this case, is security of the overall transaction.

Lohrmann: I see blockchain technologies being deployed across the board, from banks to health care to election technology in voting booths. There really is no business area that uses sensitive data that cannot benefit, and what business area does not use data?

I see virtually every industry benefiting, so just Google “blockchain” with your industry’s news channel, and you are bound to see interesting, new stories.

Schober: Since blockchain is a digital ledger for transactions, it can be programmed to record anything and everything of value, financial or otherwise. The natural blockchain adoption is for banks handling payments and money transfers. Since blockchain utilizes advanced cryptographic techniques, the cybersecurity industry is also excited to adopt blockchain technology. Some schools and universities are starting to adopt blockchain technologies to authenticate academic certificates.

The recent U.S. presidential election is yet another ideal area to implement blockchain technology by allowing elections to properly authenticate voter identity and reduce fraud. The automotive industry is investigating a more streamlined process to buy and lease vehicles courtesy of blockchain technology. The music industry has always had challenges with too many hands in the pot when it came to royalties, but with blockchain technology, streaming digital music promises to put more money in the artists’ pockets with fewer intermediaries.

How does blockchain impact the Internet of Things (IoT)?

Shah: Blockchain has the ability to create high-integrity, tamper-resistant, decentralized and distributed networks of IoT devices. Blockchain is great for cases when computers have to follow legal agreements without human intervention. That attribute makes blockchain almost tailor-made for IoT because we want devices to register themselves, properly authenticate on the network, securely contract with each other, and safely coordinate and communicate across the network using predefined agreements without human intervention. Blockchain will allow IoT interactions to be trusted, so there’s potentially a huge impact.

Lohrman: There are huge potential benefits with using blockchain for the Internet of Things. The distributed nature of IoT can allow devices to identify and authenticate each other without the need for central brokers or certification authorities. As VentureBeat pointed out: “Blockchain technology will enable the creation of secure mesh networks, where IoT devices will interconnect in a reliable way while avoiding threats such as device spoofing and impersonation.”

Schober: There is built-in robustness with blockchain technology, since blocks of information are stored identically across the network, disallowing the chain to be controlled by any single entity and with no single point of failure. I appreciate the fact that blockchain technology self-audits every 10 minutes by reconciling every transaction in these intervals. Each group of transactions is a block, resulting in transparency in that the data is public and embedded within the network as a whole.

Further, it cannot be easily corrupted, as altering any info on the blockchain would take a tremendous amount of computing power in altering the entire network. There are immediate security advantages to using blockchains in the world of IoT because we get away from the traditional, centralized points of vulnerability that hackers love to exploit. For instance, traditional login credentials such as username and password are compromised daily, making them a poor method to protect valuable data, whereas blockchain uses strong encryption technology throughout to secure data with fewer compromises.

Will 2017 be the year blockchain is widely adopted for cybersecurity?

Shah: 2017 will probably not be a year of wide adoption of blockchain, but it will be the first year where we’ll see real experiments rather than lots of talk of its possibilities.

Lohrmann: I think 2017 will be the year blockchain is widely tested and prototyped in new ways and socialized as never before. We will be seeing many more reports, white papers, reliable claims and exaggerated claims about return on investment (ROI) in global studies.

For wider adoption, I would say 2018 to 2020 is a more likely time frame, depending on the industry and the application. We are just starting down this Yellow Brick Road, and the Emerald City is still a ways off.

Schober: Blockchain is being effectively used across numerous industries and will certainly grow exponentially in the next few years. I think it is too optimistic to predict widespread acceptance and use in 2017, but blockchain is clearly a game changer over the next few years. Many will quickly adopt blockchain due to never-ending cyber hacks occurring globally. And while blockchain is decidedly more secure, I must point out that nothing is 100 percent secure.

More from Fraud Protection

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today