Blockchain may not offer impregnable security, but Mr Fischbach believes it could be used to revolutionise online identity protection.
At a glance you could see blockchain as an immutable harbinger of industrial disruption, offering impregnable security and the promise of streamlined processes. While blockchain is certain to have a big impact on the way we do things, it is not impervious to the evolving threat landscape.
Entering 2018, all eyes are on the distributed ledger technology that is known widely as the driving force behind cryptocurrencies and bitcoin in particular. Industry giants including IBM and JPMorgan are working tirelessly to implement use cases for the technology and it feels as though we could be on the cusp of a period in which tests and projects finally become reality.
While your blockchain excitement is not misplaced, it is important to remember that hackers are able to challenge and breach the encryption and algorithms that make blockchain what it is.
CBR had the opportunity to speak to Nico Fischbach, Global CTO at Forcepoint, and he left no illusions regarding what he foresees for blockchain technology, saying:
“All of the encryption and algorithms being used by blockchain technology that are then being used to build smart contracts and cryptocurrencies, those things will get hacked and tested.”
“As much as the blockchain technology is robust there are always ways to attack the encryption, the libraries that they use, and even the way people produce new cryptocurrencies. There are dozens and dozens today and those will get attacked because it is easy money, and those attacks are quite difficult to trace.”
Although Mr Fischbach made it clear that blockchain security can be beaten by hackers, he also foresees blockchain technology playing an important role in the future of cybersecurity, particularly for identity protection.
“Blockchain technology is being used across the board, independently of bitcoin and cryptocurrency; we see blockchain used in a number of spaces. A space that is close to us is protecting people’s identity and data, we see blockchain being used to secure identity going forward. All of your data is online, but what if hackers start to modify who you are online? We see blockchain as a way to secure your identity and if someone tries to change it, it can be traced. This method can actually be used to create a full timeline of changes.”
Identities have never been more vulnerable than they are now, the internet is awash with masses of personal data that has been exposed by colossal data breaches or simply handed away freely by users for services, not realising the value of their own information.
Mr Fischbach said: “It all started with smartphones and applications, I think many people now are willing to give away their information on social media or to get applications for free, people are becoming the product, when the product is free you are the product.”
The volume and availability of data is unveiling innumerable new opportunities for malicious threat actors to launch attacks for financial gain. This problem is set to be accelerated by the growing IoT market, a space expected to explode and generate unseen quantities of data. Mr Fischbach recognises the potential for IoT to have a major impact.
“The main thing with IoT is again about data, all of those devices generate a crazy amount of data and protecting that data is where we play, and that is where we see data breaches happening next year. I think many enterprises in that space focus a lot on gathering as much data as they can on their consumers, and only a few have realised so far that data reduction and only gathering and keeping the data that you really need is actually a good business practice.”
Mr Fischbach defined the differences between industrial IoT and consumer IoT, commenting on the cheap, lightweight approach to security taken in the manufacturing of devices for consumers. While he believes a more robust approach is taken for industrial IoT, there is a security hurdle not yet anticipated by everyone.
He said: “The IoT in the industrial space is much more secure and the role is taken much more seriously, but most of the systems in the IoT SCADA space have never really been exposed to the internet and connecting those very closed environments to the internet is changing the threat landscape and not everyone realises.”
The tech industry is pressing hard against new frontiers in innovation while at the same time facing unprecedented security threats, but the Forcepoint CTO has a clear goal for the year ahead, saying: “We see 2018 as the year of privacy. We focus on the enterprise space but it is actually touching consumers as well, so we will see people rallying around that and trying to gain their privacy back, that goes for things beyond GDPR.
“The evolution of encryption is another area, the internet is becoming more encrypted, which is a good thing for protecting consumer enterprise and data from theft.”