Using the blockchain to prevent data breaches
Check out all the on-demand sessions from the Intelligent Security Summit here.
Data breaches have, unfortunately, become an all-too-common reality. The Varonis 2021 Data Risk Report indicates that most corporations have poor cybersecurity practices and unprotected data, making them vulnerable to cyberattacks and data loss.
With a single data breach costing a company an average of $3.86 million and eroding a brand’s reputation and its consumers’ trust, mitigating the risks is no longer a luxury. However, as cyberattacks get more pervasive and sophisticated, merely patching up traditional cybersecurity measures may not be enough to fend off future data breaches.
Instead, it’s imperative to start seeking more advanced security solutions. As far as innovative solutions go, preventing data breaches by utilizing the blockchain may be our best hope.
Blockchain technology 101
Blockchain technology, also referred to as distributed ledger technology (DLT), is the culmination of decades of research and advancement in cryptography and cybersecurity. The term “blockchain” was first popularized thanks to cryptocurrency, as it’s the technology behind record-keeping in the Bitcoin network.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
This technology makes it extremely difficult to change or hack a system, as it allows for the data to be recorded and distributed but not copied. Since it provides a brand-new approach to storing data securely, it can be a promising solution for data breaches in any environment with high-security requirements.
Built on the idea of P2P networks, a blockchain is a public, digital ledger of stored data shared across a whole network of computer systems. Each block holds several transactions, and whenever a new transaction happens, a record of that transaction gets added to every network participant’s ledger.
Its robust encryption and decentralized and immutable nature could be the answer to preventing data breaches.
Enhancing data security via encryption
World Wide Web inventor Tim Berners-Lee has said recently that “we’ve lost control of our personal data.” Companies store enormous amounts of personally identifiable information (PII), including usernames, passwords, payment details, and even social security numbers, as the Domino’s data leak in India (amongst others) has made clear.
While this data is almost always encrypted, it’s never as secure as it would be in a blockchain. By making use of the best aspects of cryptography, blockchain can finally put an end to data breaches.
How can a shared ledger be more secure than standard encryption methods?
To secure stored data, blockchain employs two different types of cryptographic algorithms: hash functions and asymmetric-key algorithms. This way, the data can only be shared with the member’s consent, and they can also specify how the recipient of their data can use the data and the window of time in which the recipient is allowed to do so.
When the first transaction of a chain occurs, the blockchain’s code gives it a unique hash value. As more transactions occur, their hash values are then hashed and encoded into a Merkle tree, thereby creating a block. Every block gets a unique hash with the hash of the previous block’s header and timestamp encoded.
This creates a link between the two blocks, which, in turn, becomes the first link in the chain. Since this link is created using unique information from each block, the two are immutably bound.
Asymmetric encryption, also known as public-key cryptography, encrypts plain text using two keys: a private key that’s typically produced via a random number algorithm, and a public one. The public key is available freely and can be transferred over unsecured channels.
On the other hand, the private key is kept a secret so that only the user can know it. Without it, it’s almost impossible to access the data. It functions as a digital signature, like real-world signatures.
This way, blockchain gives individual consumers the ability to manage their own data and specify with whom to share it over cryptographically encoded networks.
A primary reason for the increase in data breaches is over-reliance on centralized servers. Once consumers and app users enter their personal data, it’s directly written into the company’s database, and the user doesn’t get much say in what happens to it afterward.
Even if users attempt to limit the data the company can share with third parties, there will be loopholes to exploit. As the Facebook–Cambridge Analytica data-mining scandal showed, the results of such centralization can be catastrophic. Additionally, even assuming goodwill, the company’s servers could still get hacked by cybercriminals.
In contrast, blockchains are decentralized, immutable records of data. This decentralization eliminates the need for one trusted, centralized authority to verify data integrity. Instead, it allows users to share data in a trustless environment. Each member has access to their own data, a system known as zero-knowledge storage.
This also makes the network less likely to fall victim to hackers. Unless they bring down the whole network simultaneously, the undamaged nodes will quickly detect the intrusion.
Since decentralization reduces points of weakness, blockchains also have a much lower chance of succumbing to an IP-based DDoS attack than centralized systems using client/server architectures.
In addition to being decentralized, blockchains are also designed to be immutable, which increases data integrity. The blockchains’ immutability makes all the data stored therein almost impossible to alter.
Because every individual in the network has access to a copy of the distributed ledger, any corruption that occurs in a member’s ledger will automatically cause it to be rejected by the rest of the network members. Therefore, any alteration or change in the block data will lead to inconsistency and break the blockchain, rendering it invalid.
The bottom line
Even though blockchain technology has been around since 2009, it has much untapped potential in the field of cybersecurity, especially when it comes to preventing data breaches.
The top-notch cryptography employed by blockchain protocols guarantees the safety of all data stored in the ledger, making it a promising solution.
Since nodes running the blockchain must always verify any transaction’s validity before it’s executed, cybercriminals are almost guaranteed to be stopped in their tracks before they gain access to any private data.
Jenelle Fulton-Brown is a security architect and internet privacy advocate based in Toronto, Canada helping Fortune 500 companies build future-proof internal systems.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!