Blockchain and Cyber Risk

Posted by Mark Greisiger

A Q&A with Scott Diamond of Chicago Crypto Network, LLC

Blockchain is an emerging technology with the potential to greatly reduce cyber risk and ensure data integrity. To find out more about how it works and why organizations can benefit from rethinking their business processes, I talked to Scott Diamond of Chicago Crypto Network.

The reason blockchain is so secure is that every new block of transactions gets stacked on top of the previous one, so it’s increasingly that much more impenetrable.

Can you please explain the concepts of blockchain and decentralized storage?
Blockchain is a coded technology that allows people to record financial or data transactions in a decentralized way. These transactions are universally validated and permanently stored in a distributed manner. There are strong financial incentives to play by the rules so the incentive for bad actors to counterfeit, cheat or hack data once a transaction settles becomes prohibitively expensive.

The reason blockchain is so secure is that every new block of transactions gets stacked on top of the previous one, so it’s increasingly that much more impenetrable. There’s a 99 percent confidence that a single transaction can’t be reversed after one block settles and that confidence improves exponentially after every new block is settled, which propagates about every 10 minutes.

Decentralized storage uses the cryptographic blockchain design to deliver new value to data storage. Imagine decentralized storage as a way of putting your data through a digital shredder and then sending 1,000 bits of shredded information to dozens of anonymous locations around the planet. The redundancy allows for ultimate uptime reliability.

Even if any single server in a network gets attacked, the hacker sees 1/1,000th of the data, which is useless without the rest of the information, thereby eliminating the incentive. The only way to recall the information is for the owner, and holder of the private cryptographic key (password of sorts), to command the network to reassemble the data and present it in its original, usable form.

What’s more, the more sensitive the information, the greater the security options to require multiple signatures and multifactor authentication to recall the information.  You may choose to protect your mom’s banana bread recipe with a simple “Password 123.”  And you may choose to protect the recipe for Coca-Cola with 17 of 20 board member’s biometrically validated approval.  Much of this will be part of the future development but it is how this ecosystem with groups like Sia, Storj and Filecoin will develop. While Sia is not alone in this race they have a multiyear head start on development and community-building that is tantamount for success.

Can using this technology protect enterprises from data breach events?
The short answer is yes, but caveats still exist because this is still an emerging technology. Sia, for instance, is introducing technology for blockchain backup and disaster recovery because that is going to be the low barrier of entry to get CIOs and Risk Managers comfortable with this new paradigm. The data storage industry will want to kick the tires and test drive a decentralized storage solution before adoption, and that is to be expected. At the same time, there will be resistance to changing the paradigm of what every IT security expert has understood to be the essence of IT security for the past 35 years.

One CIO of a multibillion dollar company told me that every system is hackable. That is a very understandable perspective and one that is today universally shared, because it’s built on the paradigm of centralized storage where every server is a honey pot for thieves. The advantage of decentralized storage is that you don’t have a single point of attack or failure. Why do thieves rob banks? Because that’s where the money is. Why do hackers hack giant keepers of data?  Because that’s where the data sits.

Decentralized storage solutions create their own economies where people are free to participate and financially benefit from trustworthy participation. As these ecosystems continue to grow, they will deliver significantly more secure data storage for significantly lower costs.

The data breaches of the future will be internal failures, but those failures will be human, not technological. And with multi-signature requirements you will have a very quick audit trail to identify internal bad actors. Imagine the disincentive to participate in an internal data breach if you know your identity will be instantly recorded and published.

Are there any weak spots to blockchain technology?
For a point of reference, the best practices in the industry replicate the algorithm methodology and ASIC mining infrastructure of the Bitcoin network. Whatever your opinion of Bitcoin’s value as currency might be, there is no dispute that the network has been relentlessly attacked for nine years and has never been compromised. In the future, decentralized storage solutions will start achieving scale and their blockchains will produce Bitcoin-like security of today.

Also, development road maps plan for decentralized storage solutions to create and replicate a lot of the key recovery processes that exist today. The winners of tomorrow will consider the best practices of today to ease the adoption and implementation process. With current technology, if you have an employee that goes rogue or leaves, you have to shut down access. With blockchain, it’s a matter of making a similar process so that those responsible for disaster recovery are comfortable executing the work flow.

So while all systems that involve humans allow for attack vectors, I’m confident that after the education takes hold, the weaknesses of centralized storage methodology will become very apparent and that will drive companies for mass decentralized adoption.

In summary… 
We want to thank Mr. Diamond for his expertise in this emerging cyber risk topic. Many of our cyber risk insurance carrier partners are interested in blockchain and are assessing the technology’s risks and benefits. He makes a compelling case for how the technology’s decentralization model significantly protects data while making a transaction almost hacker-proof. (We hesitate to use the word “completely” with so many smart hackers constantly trying to exploit security vulnerabilities.) I’m sure the risk management and regulatory community will debate this topic in the coming months to understand, for example, if a watchdog or federal regulator could still monitor the soundness of a business that uses blockchain, whether traditional computer forensics would be feasible to investigate a suspected system or record issue, or  whether sensitive data spread across the world in blockchain-driven systems creates regulatory issues like private data storage governed by the EU. Regardless, it will be interesting to see how things unfold.