There is much chatter about blockchain and how it could impact the way we do business today. Arvind Krishna, senior vice president at IBM Research, said that “over the past two decades, the internet has revolutionized many aspects of business and society … Blockchain could bring to those processes the openness and efficiency we have come to expect in the internet era.”

Three Experts Chat About Blockchain

I had the opportunity to discuss blockchain and its impact on cybersecurity with three leading experts: Netspective CEO Shahid Shah; Security Mentor Chief Security Officer (CSO) Dan Lohrmann; and Berkeley Varitronics President and CEO Scott Schober. Here’s what they had to say.

Question: Pundits have indicated that “if blockchain technology is more widely adopted, the probability of hacking could go down.” Do you agree?

Shahid Shah: There is some limited truth to the idea that blockchain technology, if it was more widely adopted, would reduce the probability of hacking. Because blockchain is more about guaranteeing the integrity of data rather than keeping data private, it’s not likely to reduce data breaches, but it could prevent — or in some cases, eliminate — tampering types of attack. Because blockchain’s immutability and transparency features form solid integrity networks, they can reduce the probability of certain kinds of hacking — especially those that seek to disrupt transactional agreements — because tamperproofing is a key goal.

Dan Lohrmann: Hackers will always hack, but I do agree that widely adopted blockchain technology can reduce the rapid growth of data breaches. Traditionally, we look at information security as the confidentiality, integrity and availability of the data. Blockchain is really helping with the integrity piece in the middle.

Blockchain’s distributed node structure can reduce the probability of successful hacking for nefarious purposes, and the application of blockchain technologies into diverse fields is a welcome and rare sight for cybersecurity professionals trying to fight daily online battles.

Scott Schober: Yes, blockchain technology will reduce hacking as well as enhance overall security when in use. Blockchain is transparent and unable to be altered by an administrator or anyone else in or outside of the chain. There is also a public history of all transactions so that no one can go back to cook the books.

In the world of digital currency, bitcoin is a great example of digital information that is distributed but not copied. There is a good track record with bitcoin blockchain operating successfully since 2008 without significant disruption. Of course, there is an associated stigma with bitcoin, but that is not a failure of the underlying blockchain architecture, but rather corrupt humans with bad intentions.

What industries are adopting blockchain and improving cybersecurity?

Shah: So far, only the financial services sector has adopted blockchain in any major way, primarily for secure payments and currency transfer. These solutions aren’t using blockchain specifically for cybersecurity but for tamper resistance and guaranteeing transactional integrity. The byproduct of blockchain, in this case, is security of the overall transaction.

Lohrmann: I see blockchain technologies being deployed across the board, from banks to health care to election technology in voting booths. There really is no business area that uses sensitive data that cannot benefit, and what business area does not use data?

I see virtually every industry benefiting, so just Google “blockchain” with your industry’s news channel, and you are bound to see interesting, new stories.

Schober: Since blockchain is a digital ledger for transactions, it can be programmed to record anything and everything of value, financial or otherwise. The natural blockchain adoption is for banks handling payments and money transfers. Since blockchain utilizes advanced cryptographic techniques, the cybersecurity industry is also excited to adopt blockchain technology. Some schools and universities are starting to adopt blockchain technologies to authenticate academic certificates.

The recent U.S. presidential election is yet another ideal area to implement blockchain technology by allowing elections to properly authenticate voter identity and reduce fraud. The automotive industry is investigating a more streamlined process to buy and lease vehicles courtesy of blockchain technology. The music industry has always had challenges with too many hands in the pot when it came to royalties, but with blockchain technology, streaming digital music promises to put more money in the artists’ pockets with fewer intermediaries.

How does blockchain impact the Internet of Things (IoT)?

Shah: Blockchain has the ability to create high-integrity, tamper-resistant, decentralized and distributed networks of IoT devices. Blockchain is great for cases when computers have to follow legal agreements without human intervention. That attribute makes blockchain almost tailor-made for IoT because we want devices to register themselves, properly authenticate on the network, securely contract with each other, and safely coordinate and communicate across the network using predefined agreements without human intervention. Blockchain will allow IoT interactions to be trusted, so there’s potentially a huge impact.

Lohrman: There are huge potential benefits with using blockchain for the Internet of Things. The distributed nature of IoT can allow devices to identify and authenticate each other without the need for central brokers or certification authorities. As VentureBeat pointed out: “Blockchain technology will enable the creation of secure mesh networks, where IoT devices will interconnect in a reliable way while avoiding threats such as device spoofing and impersonation.”

Schober: There is built-in robustness with blockchain technology, since blocks of information are stored identically across the network, disallowing the chain to be controlled by any single entity and with no single point of failure. I appreciate the fact that blockchain technology self-audits every 10 minutes by reconciling every transaction in these intervals. Each group of transactions is a block, resulting in transparency in that the data is public and embedded within the network as a whole.

Further, it cannot be easily corrupted, as altering any info on the blockchain would take a tremendous amount of computing power in altering the entire network. There are immediate security advantages to using blockchains in the world of IoT because we get away from the traditional, centralized points of vulnerability that hackers love to exploit. For instance, traditional login credentials such as username and password are compromised daily, making them a poor method to protect valuable data, whereas blockchain uses strong encryption technology throughout to secure data with fewer compromises.

Will 2017 be the year blockchain is widely adopted for cybersecurity?

Shah: 2017 will probably not be a year of wide adoption of blockchain, but it will be the first year where we’ll see real experiments rather than lots of talk of its possibilities.

Lohrmann: I think 2017 will be the year blockchain is widely tested and prototyped in new ways and socialized as never before. We will be seeing many more reports, white papers, reliable claims and exaggerated claims about return on investment (ROI) in global studies.

For wider adoption, I would say 2018 to 2020 is a more likely time frame, depending on the industry and the application. We are just starting down this Yellow Brick Road, and the Emerald City is still a ways off.

Schober: Blockchain is being effectively used across numerous industries and will certainly grow exponentially in the next few years. I think it is too optimistic to predict widespread acceptance and use in 2017, but blockchain is clearly a game changer over the next few years. Many will quickly adopt blockchain due to never-ending cyber hacks occurring globally. And while blockchain is decidedly more secure, I must point out that nothing is 100 percent secure.

More from Fraud Protection

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

How Security Teams Combat Disinformation and Misinformation

“A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we're talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but the idea that truth spreads slowly while lies spread quickly is at least several hundred years old. The “Twain” quote also serves to…

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…