More Innovation:
The Benefits and Vulnerabilities of Blockchain Security
Updated: November 18, 2021
Blockchain is a technology that’s still in its infant stage.
Commonly associated with cryptocurrencies, numerous industries are starting to move their payments and transaction needs to the blockchain.
Blockchain is so versatile that besides recording financial transactions, it can store medical records, conclude binding agreements, track the flow of goods, store personal credit records, track the provenance of artwork, and even verify payments through a supply chain (Source: Appinventiv).
Blockchain started as the technology behind Bitcoin and has since grown into a promising mitigation technology for cybersecurity.
As data breaches continue to be a problem for organizations worldwide, with each breach costing an average of $3.86 million in 2020 (Source: Ponemon Institute), blockchain offers companies a way to save money and safeguard their data and operations.
Before we jump into how different industries are leveraging blockchain security, let’s understand blockchain technology.
What is Blockchain?
Blockchain is a data structure, or distributed ledger technology (DLT), that records transactions between multiple computers, ensuring more security, transparency, and decentralization for user and company operations (Source: Hackernoon). The blocks of data are interconnected, forming a chain of records controlled by no single authority and open to any and every member of the blockchain.
Thus, the chances of fraudulent activity or duplication of transactions are eliminated without the need of a third party.
Once information is stored on the blockchain, it’s immutable. The blockchain secures each transaction with a digital signature that proves its authenticity. Through the technology’s encryption and digital signatures, the data stored is tamper-proof and cannot be changed.
Any industry can use blockchain. This is because any digital asset or transaction can be inserted into the blockchain. The new technology is considered a reliable cybersecurity protocol due to its capabilities of indicating any foul play and providing certainty in the integrity of transactions (Source: Cyber Management Alliance).
Is Blockchain Security the Future?
Like many innovations, blockchain started as the supporting technology for a specific disruptive product: Bitcoin. Now, blockchain’s popularity has expanded across the cloud, growing into a promising mitigation technology for cybersecurity at large.
In today’s digital age, our information is being stored and shared online. Almost all businesses and organizations rely on digital means to conduct transactions and record history. This dependence on ever-evolving cloud storage technology and online data transfers has brought lapses in security protocols that regularly expose sensitive information to malicious actors. Therefore, finding a reliable cybersecurity protocol that can handle the always-changing way society deals with big data is vital.
Industries across the board are latching onto new technologies that aim to improve data and network integrity, and right now, blockchain security is leading the way.
Blockchain presents many benefits to cybersecurity, but it doesn’t come without its vulnerabilities too.
Let’s look at the benefits first.
Benefits of Blockchain Security
The advantages of blockchain revolve around one of its main characteristics – decentralization, ensuring a higher level of data integrity throughout multiple operations.
Decentralization of Storage Systems
In recent years, there have been millions of cyber attacks on organizations. And one common element between all the organizations is that they used a centralized system. This means that a hacker can access a large amount of a company’s critical data in one place (Source: Medium).
Take, for example, the WannaCry ransomware attack in 2017. The attacks impacted roughly 230,000 computers in 150 countries. WannaCry targeted vulnerable computers that had yet to update their Microsoft Windows operating system (Source: Kaspersky).
Once inside the computers, attackers stole user information, which would be returned for a ransom. Although there’s no guarantee, if not paid, hackers would permanently delete the data. It’s estimated that the WannaCry ransomware attack caused $4 billion in losses across the globe.
Shifting to decentralized systems is a way to prevent ransomware, like WannaCry, from taking advantage of a single vulnerability point in a computer.
With a centralized system, data is typically stored, updated, and managed through one location rather than spread out across many. In contrast, with a decentralized system, data relevant to respective sites are stored and maintained independently of a central hub. (Source: Medium)
Blockchain follows this rule with data spread across multiple computers. Since the same data is distributed and synchronized in several independent locations, the prospect of hacking the entire system makes cyber attacking complex and cumbersome.
IoT Security
Edge devices such as mobile phones, cameras, routers, and switches are becoming a point of interest for hackers. With technologies like artificial intelligence (AI) and 5G enabling the growth of the Internet of Things (IoT), if a malicious threat gains access to one device, it can compromise your entire system.
Understand how 5G’s impact on IoT-enabled applications is leading us into the future. Read our blog, The Smart Cities of Tomorrow Enabled by 5G and IoT.
Organizations can use blockchain to secure interconnected devices and systems by decentralizing their administration. Blockchain technology gives devices the capability to make security decisions on their own by analyzing the network and forming a consensus on what constitutes regular and suspicious activity in the chain (Source: Forbes). In essence, each point in the blockchain is another hurdle for the hacker to deceive instead of having one central administration or authority for the cyber attack to overcome.
IoT Applications have increased the demand for stronger security solutions. CENGN works with Canadian SMEs to test and validate innovative network security approaches to ensure modern and future networks remain protected from cyberattacks. Find out how we can help on our Security page.
Secure Messaging Communication
The advancement of our networks has led to an evolution of how we communicate. Currently, organizations send messages through multiple digital channels allowing the transfer of various file formats. This flexibility has improved production and collaboration but has also brought its risks through increased vulnerability points.
To maintain secure networks, message platform developers implement end-to-end encryption (E2EE) in their applications. This method encrypts information so that only the players engaged in communication can read the messages, excluding Internet service providers, the app developer, the government, or anyone else (Source: Stream).
Blockchain can build on the advantages of current E2EE solutions, developing an even more secure environment for users. Blockchain can enable cross-messenger communication capabilities through a standard security protocol, allowing for a unified API framework that secures all data exchange processes (Source: Cyber Management Alliance).
For example, Sense Chat is a blockchain-enabled messaging platform that operates over existing services like Kik, WeChat, Slack, Skype, Facebook Messenger, and beyond (Source: Disruptor Daily). Features include anonymous connections, peer-to-peer video, and crypto-friendly messaging.
Blockchain Security Vulernabilities
Before discussing blockchain’s potential vulnerabilities, it’s important to note that these vulnerabilities vary based on the blockchain type, namely public and private blockchain.
Public blockchain networks are open and allow any user to join, ensuring their anonymity. Public blockchain leverages internet-connected computers for validating transactions alongside achieving consensus. Ethereum is an example of a public blockchain (Source: 101 Blockchains).
On the other hand, private blockchain networks depend on identity for confirming membership and access privileges. For example, the investment banking company, J.P. Morgan, uses a private blockchain network to simplify, streamline, and verify transactions and contracts (Source: Euromoney).
Attacks to blockchains vary according to whether they’re public or private networks, but there are four primary ways hackers threaten blockchains: phishing, routing, Sybil, and 51% attacks.
Phishing Attacks
Even with all the security features blockchain offers to organizations and users, they are still susceptible to phishing attacks. This scam attempts to attain a user’s credentials without their knowledge through email.
Fraudsters send wallet key owners emails posing as a legitimate, authoritative source asking users for their credentials using fake hyperlinks. User’s credentials and other sensitive information in possession of hackers can result in losses for the user and the blockchain network (Source: Jscrambler).
Routing Attacks
Blockchains rely on real-time, large data transfers. Hackers can intercept data as it’s transferring to internet service providers hijacking IP prefixes or dropping connections momentarily, preventing the system from reaching consensus.
In a routing attack, blockchain participants typically can’t see the threat, so everything looks normal. However, behind the scenes, fraudsters have extracted confidential data or currencies (Source: ACM).
Sybil Attacks
In a Sybil attack, hackers create and use many false network identities to flood the network and crash the system. The name derives from a study about a woman named Sybil Dorsett, who was treated for Multiple Personality Disorder (Source: Binance).
Carrying out Sybil attacks, hackers can gain disproportionate influence over the honest nodes on the network if they create enough fake identities. They can then refuse to receive or transmit blocks, effectively blocking other users from a network.
For now, no known detection or prevention method exists for this type of attack, and if they achieve large scales, they may become what is called 51% attacks.
51% Attacks
Cryptocurrency mining requires a vast amount of computing power, especially for large-scale public blockchains. But if a miner, or a group of miners, could rally enough resources, they could attain more than 50% of a blockchain network’s mining power. Having more than 50% of the power means controlling the ledger and manipulating it to reverse transactions.
In 2018, three renowned cryptocurrency platforms experienced issues from 51% attacks. The three platforms were Ethereum Classic, ZenCash, and Verge. Globally, enterprises lose around $20 million annually due to 51% attacks (Source: 101 Blockchains).
Today’s Use Cases in Four Seperate Industries
Companies across sectors are quickly adopting blockchain security. Here we’ve listed examples of blockchain being used to keep critical data safe in four different industries: Banking, Healthcare, Defense, and the Public Sector.
Enhanced Security for Banking with Blockchain Technology
Security is a vital factor for financial institutions worldwide – it’s what assures clients that their money and information is safe.
Unfortunately, banks suffer an average of eighty-five attempted serious cyberattacks a year, and one-third of attacks are successful, compromising confidential information and costing organizations millions of dollars (Source: Computer Weekly).
In search of better security protocols, financial institutions are looking at blockchain for cybersecurity solutions. These organizations want to move away from the risks of centralized cybersecurity protocols and ensure their assets are safely guarded.
This is where blockchain comes in. It offers multi-layered security protocols to decentralize risk and provide assurance to institutions and customers in transactions. An early adopter of this type of solution is Banco Santander.
Santander is one of the largest banks in Europe, with over USD 1.7 trillion in assets (Source: Santander), and was one of the first banks to adopt blockchain to secure their international payments service.
Mindful of the benefits of blockchain technology to the security and speed of payments, Santander created One Pay FX. Leveraging Ripple’s blockchain network, Santander launched the first blockchain-based international transfer service in Spain, the United Kingdom, Brazil, Poland, Chile, and Portugal (Source: Santander).
Additionally, in September 2019, to demonstrate the security of a blockchain system for banking, Banco Santander issued a $20 million bond using the Ethereum blockchain. They performed an early repayment of the blockchain-based bond three months later to show how debt security can be reliably managed through its entire lifecycle on a blockchain (Source: Coin Telegraph).
Santander’s use of the blockchain for cybersecurity is a testament to the industry’s tech possibilities. As cyber-attacks continue to become more sophisticated, blockchain can be a tool to help financial institutions protect themselves while streamlining services.
Decentralized Security for Healthcare Systems
Like banking, the healthcare industry suffers from cyber attacks, with hacking incidents climbing year after year. In 2020, attacks rose 42% compared to 2019, partially caused by the healthcare industry’s vulnerability and overload due to the COVID-19 pandemic (Source: Forbes).
The industry safeguards critical patient and personal information, which in the wrong hands can be used to extort healthcare companies and hospitals for millions.
Blockchain’s decentralized nature may be the solution to assist the healthcare industry in maintaining patient data integrity. By spreading small bits of information across multiple locations accessible only by permissioned users, blockchain can ensure that cybercriminals cannot access identifiable aspects of an individual’s health record.
Though the industry may be in its initial stages of introducing the technology, some companies, like Philips Healthcare, are already working on implementing blockchain security to make a real impact on health security. The company is pairing blockchain with AI to create a new healthcare ecosystem.
In partnership with hospitals worldwide, Philips uses AI to discover and analyze all aspects of the healthcare system, including operational, administrative, and medical data. It then pinpoints vulnerabilities in the system and implements a blockchain solution to fix and secure the data (Source: The Next Web).
AI is becoming a prominent tool for cybersecurity.
Learn more about the technology in our blog, Artificial Intelligence in Cybersecurity: The Benefits and Challenges.
Blockchain Security to Streamline and Secure the Defence Industry
The defence industry has pioneered multiple technologies we use today, like the Internet and GPS.
Blockchain might be the next.
Blockchain is seen as a legitimate data safeguard for militaries, defence contractors, and aerospace companies that house critical mission data and have complex supply chains to manage. Decentralization helps keep data secure, and blockchain’s inherent capability of keeping track of information without tampering or data corruption can substantially improve defence suppliers’ operation efficiency (Source: PWC).
Lockheed Martin, an American defence and aerospace company, is among those implementing blockchain solutions.
The defence contractor has secured access to SyncFab’s supplier intelligence platform, built on blockchain, to help manage Original Equipment Manufacturers (OEMs) in Switzerland. (Source: Coin Telegraph)
The platform essentially works as a “matchmaker” between OEMs and subject matter experts, allowing the experts to compete for long-term logistics opportunities with larger companies. This solves both supply chain management challenges and ensures the integrity and security of confidential manufacturing data.
The Public Sector’s Improved Efficiency with Blockchain Security
Governments and public sector organizations currently use inherently insecure and costly systems, operating in a centralized fashion with siloed data.
Blockchain can help the government move away from this security risk, offering more secure, agile, and cost-effective structures that safeguard essential data, reducing the potential for corruption, and increasing society’s trust in governmental and online civic systems (Source: Consensys).
Governments can leverage blockchain for several security imperative applications, from payments and land registration to supply chain traceability and elections.
The Australian government is at the forefront of governmental blockchain implementation. The country recently prioritized the development of a cybersecurity network that runs on the distributed ledger technology.
The government partnered with IBM in 2018 to develop a governmental blockchain ecosystem for securely storing documents throughout the next five years. The country’s federal government hopes this will serve as a model for other governments in the future (Source: Coin Central).
The country’s network is now in the early stages of implementation, but government officials see it blossoming into a valuable asset.
Blockchain Security is Still Evolving
Blockchain is a relatively new technology, but its adoption in multiple areas beyond cryptocurrency is quickly increasing.
With increasing pressure to improve cybersecurity being a universal force in organizations worldwide, effective new solutions are required to ensure system integrity. Blockchain’s unique benefits, such as decentralization and data transparency, open a whole new array of possibilities for security solutions.
Interested in learning more about innovative technology being leveraged for cybersecurity purposes?
Download our “Next Generation Network Imperative” Whitepaper to find out more about the future of cybersecurity and other next-generation technologies.
The International Data Corporation (IDC), a world-renowned global market intelligence firm, was commissioned to complete this study.