A few months ago, Lloyd’s of London estimated the global cost of a “serious” cyber-attack at more than £92bn. Since then, that warning has been amplified by news reports of troubling and costly hacks on multinational corporations such as Tesco, British Airways, Facebook and even the United Kingdom's governing Conservative Party.
There is little doubt that public servants take threats to cybersecurity seriously. After all, government IT systems are as vulnerable to an attack as anyone else’s – as we witnessed in last year’s WannaCry ransomware attack when National Health Service computers were put out of action.
So what are governments doing about it?
It doesn't really matter. Whatever legislation they may be considering or implementing, without blockchain it won’t be enough to combat the risks posed to organisations and individuals by criminal attacks and data leaks.
According to recent data from the National Cyber Security Centre, the UK alone has experienced 1,600 cyber attacks over the past two years. Our data is handled, and potentially mishandled, by multiple web services every day. And we can expect more of the same – because the traditional web platforms on which everything from banks to social media companies operate on are fundamentally insecure.
Blockchain technology is already re-tooling our digital infrastructure – and it’s constantly being refined and improved. Much of its utility lies not in tokens, but in solving actual, tangible problems posed to individuals, companies and networks by threats from password phishing, impersonation, software bugs and more.
Businesses and governments that adopt blockchain have the opportunity to reduce their risks and liabilities almost outright. Those that don’t stand to be held criminally negligent.
Here are some of the key ways in which we can anticipate emerging tech solutions mitigation and reducing costs for organisations.
Blockchain cybersecurity: A security solution for businesses
As blockchain technology develops, businesses should be looking to implement three fundamental layers of tech solutions to negate cyber attacks.
The first is integrating technology such as the EOSIO open-source blockchain protocol into operations and moving responsibility for authentication and authorisation processes to users themselves. If we all have private keys to authorise transactions, banks and other organisations won’t have access to them.
The second layer involves moving to even more secure authorisation with hardware keys. Thirdly, companies can adopt more standardised interfaces for requesting consent so that users don’t accidentally authorise malicious actions.
Let’s consider how a combination of blockchain and hardware keys might thwart hacks in the context of Twitter. First, by only allowing tweets signed by a hardware key – that’s an easily-protected, secure key that can’t be copied or stolen – to be posted, it would be virtually impossible for any bug or corrupt Twitter employee to enable a fake tweet (whether from Donald Trump or anyone else).
A blockchain on Twitter’s back-end, meanwhile, would make every user input attributable to a user who authorised an action, depriving rogue actors of the ability to modify or fake inputs.
In terms of improving consent, this requires the adoption of interfaces that present a stronger contract commitment to users. As web users, we’re constantly entering into binding contracts with service providers, whether that’s to transfer money from one bank account to another, or when we sign an agreement not to post offensive, or copyrighted, content on social media, or even when we agree to cookies.
However, too often users accept inputs that have real legal consequences without any real evidence of informed consent. Terms of service are often hidden away, or they’re too long to read. This ambiguity and absence of formal methods around capturing consent can be easily leveraged by hackers and scammers.
Together, better interfaces and blockchain-based backend architecture that automates processes and strengthens identity and authentication will correct the existing internet’s lack of security and auditability. And in that sense, embracing blockchain technology as it evolves is really just the next common-sense step, similar to how the migration from HTTP to HTTPS made the transfer of data between websites and web browsers more secure.
In the future, everyone will use blockchain technology without even being aware of it. Every company with a multi-user website will have one or more blockchains, ranging from private, to hybrid (part-public, part-private) to fully public blockchains. And when we’ve reached that level of adoption, users will have control of their digital lives, they’ll be free from long and ever-changing passwords, and liabilities for business will be significantly reduced.
With blockchain, data is secure because there is no single point of failure, and because the cryptographic security of each block is verified by the network, and nearly impossible to hack or access.
Had the Conservatives or British Airways secured their data using blockchain, their recent woes could easily have been avoided.