August 6, 2019 • Van Williams

Protecting Your Data: Blockchain and Its Impact on Information Security

Data breaches and cybersecurity hacks seem to be a common occurrence these days. Consider the recent headlines regarding Capitol One and the hack of the company’s cloud-based systems. The attack exposed more than 100 million customer accounts and close to 140,000 social security numbers. While the damage is still being assessed, the impact is likely to be severe and long-lasting.

Remember the attack on Yahoo that made headlines in 2016? Likely the victim of a state-sponsored attack, the hack exposed more than 3 billion user accounts and is still considered the largest breach in history, costing Yahoo an estimated $350 million in sales value. Then, there was the Marriott International attack in 2018, Equifax in 2017, and Target before that. The result of all these cybersecurity breaches was not only a huge loss of value in costs and stock, but a loss of consumers who could no longer trust the company to protect their data.

While these big-name breaches make headlines, smaller security breaches are taking place every day with equally devasting effect. In a world that increasingly relies on online systems and electronic data, ensuring your organization’s information security has become more challenging than ever. To combat these cybersecurity challenges, new technologies, like blockchain, are being explored as solutions. Using the three key principals at the core of information security efforts, let’s explore blockchain technology and its potential impact.

What is Blockchain?

Before we get into the details of blockchain as applied to information security, a brief overview of the technology is in order. Often, people have heard of blockchain in reference to cryptocurrencies like Bitcoin. But blockchain has applications far beyond just the financial system.

At its most basic, blockchain is a publicly recorded system of transactions involving data. These transactions are known as “blocks”, and they are linked cryptographically in chronological order. This means that blockchains are an immutable, transparent recording of data that cannot be altered. There is no central authority over a blockchain, making it nearly impossible to corrupt the system because everyone involved is held accountable for their actions in the chain.

While blockchain has proved a successful system for cryptocurrencies, the technology is also being explored for its potential to aid in the storage and processing of data for government and healthcare systems. Considering the current cybersecurity environment, let’s consider three ways blockchain can boost information security efforts.

1. Confidentiality in a Decentralized System

The first principle of a strong information security system is confidentiality, or the promise that sensitive data will not be disclosed to unauthorized parties. This principal aligns well with one of the key features of blockchain: the decentralization of the system.

To illustrate this concept, imagine your organization is a house and the valuables in your house represent the organization’s data and information. If you keep all your valuables in one room, a centralized system of storage, a thief breaking in will only need access to that one room to steal everything. If, on the other hand, your valuables are spread among the rooms and well hidden using a decentralized storage system, a robber would have to go through your entire home to steal all of your valuables.

Countless organizations have their systems and technologies centralized, making their records easier to hack and steal. Blockchain, on the other hand, is a decentralized system by nature, meaning there is no central point of entry. If a hacker does manage to get into one block of data, they can only steal what little information is stored in that block. Additionally, because every block in a blockchain is encrypted, it’s nearly impossible to hack a blockchain system. Ultimately, blockchain’s decentralization and encryption methods can help ensure the confidentiality of an organization’s information.

2. Data Integrity and Immutability

A second important goal of information security efforts is integrity. This means protecting data from improper modification or destruction to ensure data consistency. Remember when your math teacher told you to show your work? Documenting your problem solving allowed the teacher to note errors in your work and correct them, making sure you arrived at the right answer using the correct methods.

The same applies to data security. If information is lost or deleted in a centralized system, it can be difficult to recover. Continuing with the math metaphor, without showing your work, or in this case the necessary data, you won’t know how you arrived at the wrong result. That being said, a blockchain system is unchangeable. Each new block is added to the previous one using encryption so that the system is tamper proof. Furthermore, the data stored in a blockchain is transparent and visible to anyone with access to the system, allowing errors in data or gaps in information to be easily secured, and the culprit of the bad block identified. This system of recording and storing valuable data could offer just what organizations need to combat data fraud and losses that damage their business.

3. Availability and Attacks

The final critical element for a strong, secure system of information is timely and reliable access to an organization’s data, also known as availability. Cyberattacks often attempt to limit information availability using domain name server (DNS) or distributed denial-of-service (DDoS) attacks. The first allows hackers to break the connection between a website and it’s IP address, redirecting people to spam sites or making the site unavailable. This attack can be paired with a more serious DDoS hack, rendering a site unusable for extended periods of time.

Similarly, hacks on Internet of Things (IoT) devices are becoming increasingly commonplace. IoT devices like thermostats, doorbells, and home security cameras that exchange information in order to operate effectively are becoming targets due to their low level of security.

At present, the only solution for any of these attacks is to enable real-time suspicious activity alerts. However, with a blockchain system that is decentralized, hackers would only be able to target single points of vulnerability. The result is far less catastrophic; with domain information stored on blockchain’s distributed ledger, DNS and DDoS attacks would be minimized and data transmissions to IoT devices could be safely exchanged across distances, allowing them to communicate and function efficiently.

The Future of Blockchain

Blockchain technology has the potential to offer unparalleled solutions for information security efforts. The decentralized, transparent, and transmutable nature of blockchain can help with the confidentiality, integrity, and availability of data. Even so, no cybersecurity system is perfect. As technologies grow and develop, the methods invented to challenge them do the same. Blockchain has a bright future, but organizations must remain vigilant to protect against evolving cybersecurity threats.