When I became Global Blockchain Lead for Security Services at IBM in January 2016, I had no idea what kind of year awaited me. Just a few highlights:

  • In February, IBM introduced developer services on the Bluemix cloud to enable rapid creation and monitoring of blockchain applications.
  • In April, IBM launched a new set of highly secure blockchain services on the IBM Cloud for financial services, government and health care.
  • In June, IBM and Crédit Mutuel Arkéa completed the first blockchain project to apply the secure ledger technology to customer identity verification.
  • In October, a group that includes 70 of the world’s largest financial institutions open-sourced its blockchain platform.
  • Also in October, a startup called Chain, which is working with some of the world’s biggest financial companies, announced that it would open-source its blockchain platform.
  • In the wake of last month’s massively distributed denial-of-service (DDoS) attack, blockchain has been touted as the best bet for improving Internet of Things (IoT) security.
  • As Ars Technica recently put it, blockchain has “shaved off the startup hipster beard, put on a tie and gone mainstream.”

This is the time of year when people make predictions, so allow me to offer three of my own for 2017.

Blockchain Gets Real

We’re wrapping up a year of enormous innovation in the world of blockchain, in which the technology has been applied to everything from stock photo services to voting. During this tire-kicking period, a lot of bad ideas are tried out, and during 2017, many of them will be discarded. I’m not suggesting that blockchain will enter a “trough of disillusionment,” but businesses will turn their attention to practical applications — and that’s good.

I also expect the dominant conversation will move from “How do we use it?” to “How do we secure it?” That’s right, secure it. Although blockchains rely on layers of advanced encryption, allowing for greater privacy and security for participants and data (all derived from its four underlying characteristics of consensus, immutability, provenance and finality), there’s a myth that blockchain provides the ultimate in security. There’s considerable work still to be done here in a variety of areas, from identity and access control to security analytics and incident response.

For one thing, blockchain networks operate on a variety of “consensus models” — the verification process whereby participants in the chain sign off on the validity of information. Different consensus models change the resiliency of blockchain networks, so adaptability is key to ensuring security, especially in multijurisdictional environments.

We are working on a full methodology for penetration testing in a chain. Bear in mind that we don’t yet have standards in place to guide the industry on best practices, yet every relevant regulator will want to see a company’s blockchain security assessment. Until these issues are solved — and they will be — enterprises need to be smart about how they approach this issue.

Blockchain Gets Smaller

One of the intriguing features of blockchain is its scalability. In theory, blockchain networks can include members from all over the globe. The reality, however, is that testing applications on a global scale is scary under the best of circumstances.

There’s an additional wrinkle in regional encryption standards. For example, Korea, Russia and China use national standards of encryption that are different from those in the U.S. and Europe, and which are incompatible with each other. It’s not that users in those countries are trying to be difficult; the government mandates those national encryption standards. Until all countries can find work-arounds that satisfy individual standards yet don’t compromise interoperability, global rollouts will be more deliberate, especially in highly regulated industries.

I expect we’ll see more blockchain tests move to regional and industry settings in which the players know each other, or at least use the same protocols. Controlled testing will yield success scenarios that are then adopted more broadly. That’s the way enterprise-grade technology has always matured. This will drive “regional” blockchains, so expect to see interesting divergence in interpretations of the blockchain principle next year.

Blockchain Goes Broader

Many people associate blockchain exclusively with Bitcoin, the cryptocurrency that enables trusted financial transactions between parties that don’t know each other. But currency is only one application of the technology, albeit a powerful one. Blockchain can be used in any context in which trusted relationships between peers can make transactions simpler and faster.

Expect to see some notable use cases in different industries, such as partners in supply chains using blockchain to manage goods and payments, or blockchain enabling communications between devices in an IoT network. This is where things get exciting. The recent open-sourcing of powerful blockchain technology, combined with tools like those available in the Bluemix garage, will unleash a wave of innovation in this area. For a fun list of potential blockchain applications, check out this post from the Ledra Capital blog.

Summing Up

It’s always fun to speculate about game-changing technology, but the real test is putting those concepts into practice. This past year has been full of fascinating discussion about blue-sky possibilities. In 2017, blockchain gets serious. That’s when the game-changing potential will be realized.

More from Banking & Finance

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

BlotchyQuasar: X-Force Hive0129 targeting financial institutions in LATAM with a custom banking trojan

16 min read - In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations conducted in late 2022 have also been noted delivering an earlier variant of this modified QuasarRAT by likely Spanish-speaking actors. BlotchyQuasar, which X-Force describes as…