Until the decade-old technology is improved and fortified for use in any industry, it will face stumbling blocks in cybersecurity use-cases
As the world increases reliance on interconnected systems, the need for robust security solutions is growing more critical by the hour.
One disruptive technology that has been making inroads in various industries such as cryptocurrencies and finance is the blockchain, and since 2014, technologists have been attempting to introduce its concepts to other data security use cases in other industries.
Fast forward to 2024, and blockchain’s footprint in cybersecurity applications has been growing in tandem with the substantially-enlarged attack surfaces of the post-COVID digital age.
According to Siddharth Ugrankar, CEO and co-founder, Qila, “Blockchain technology offers a decentralized, tamper-proof ledger that enhances data integrity and resilience against cyber threats. Its distributed nature eliminates single points of failure, providing redundancy and resilience against attacks. Cryptographic algorithms ensure secure transactions, safeguarding data from unauthorized access. Moreover, its auditability and transparency enable real-time threat detection and response.”
Ugrankar added that blockchain adoption could offer enhanced security, streamlined operations, improved compliance, and empowered data privacy “as we navigate the digital landscape, embracing blockchain becomes imperative to fortify our digital infrastructure and usher in a new era of cybersecurity.”
One size does not fit all
In India, Amar Tumballi, co-founder and Vice President (Engineering), Dhiway, was also enthusiastic about the use of blockchain in cybersecurity: “Organizations must deal with cybersecurity challenges around data security, data breaches and attack vectors. Using blockchain-anchored data streams helps build a digital transformation strategy focusing on tamper-resistant data exchange, data integrity, and security. Blockchains (can) help organizations design permissioned and permissionless networks as needed by the business. Coupled with data exchange standards, this approach helps build a more resilient digital infrastructure.”
However, despite its potential, challenges remain, including scalability and regulatory concerns. What do other industry leaders think about using blockchain technology in cybersecurity use cases? Dr Ravi Chamria, co-founder and CEO, Zeeve, said: “Blockchain secures data confidentiality by separating personal information from transactions. Additionally, zero-knowledge proofs allow transactions without revealing sensitive data. For data integrity, blockchain uses a tamper-proof system with unique digital fingerprints for each block, making it nearly impossible to alter records. Finally, the distributed network structure ensures high availability by eliminating single points of failure and minimizing downtime. However, there are better solutions than blockchain.
New risks like smart contract vulnerabilities and phishing attacks exist. Additionally, some security operations rely on traditional systems. Therefore, the best approach combines blockchain with existing cybersecurity for a comprehensive defense, crucial for Web3 security.”
So, Dr Chamria’s recommendation is to leverage blockchain’s strengths while mitigating its limitations — through a layered approach that integrates it with established cybersecurity frameworks.
Adding another angle to the equation was Kumar Ritesh, founder, Cyfirma,whotold CybersecAsia.net about how AI now poses new threats to blockchain security by exploiting vulnerabilities, manipulating data, de-anonymizing users, and enabling Sybil attacks.
Ritesh explained: “For example, AI algorithms can be trained to exploit vulnerabilities in smart contracts or to manipulate consensus mechanisms, leading to fraudulent transactions or network disruptions. As AI algorithms rely on large amounts of data to make accurate predictions and decisions, malicious actors could attempt to manipulate the training data used by AI systems in blockchain networks, leading to biased or compromised security outcomes. We are seeing AI-powered analytics tools are being used to de-anonymize users on blockchain networks by analyzing transaction patterns or other metadata. This could undermine the privacy guarantees provided by blockchain technology, especially in public or permissionless networks.”
Ritesh explained: “For example, AI algorithms can be trained to exploit vulnerabilities in smart contracts or to manipulate consensus mechanisms, leading to fraudulent transactions or network disruptions. As AI algorithms rely on large amounts of data to make accurate predictions and decisions, malicious actors could attempt to manipulate the training data used by AI systems in blockchain networks, leading to biased or compromised security outcomes. We are seeing AI-powered analytics tools are being used to de-anonymize users on blockchain networks by analyzing transaction patterns or other metadata. This could undermine the privacy guarantees provided by blockchain technology, especially in public or permissionless networks.”
Other challenges
In addition to the strengths and vulnerabilities/limitations of blockchain listed about, proponents of the decade-old technology have encountered diverse stumbling blocks in expanding outside of cryptocurrency use:
- In healthcare, managing sensitive health data on a blockchain while complying with regulations like HIPAA (Health Insurance Portability and Accountability Act) is challenging. Interoperability is also a challenge. Healthcare professionals and institutions can be resistant to change, particularly when it involves complex new technologies.
- In the real estate industry, legal and regulatory barriers make integrating blockchain complicated, and convincing all parties to adopt and trust blockchain technology is a significant hurdle. Ensuring secure and verifiable digital identities for participants is also crucial but challenging.
- In government and public sector initiatives, proposal and buy-in can be slow due to bureaucratic inertia and the need for extensive testing and validation. Ensuring blockchain solutions comply with various local, national, and international regulations can be complex. Furthermore, gaining the public’s trust in blockchain-based voting systems or digital identity solutions is challenging.
- In the entertainment and media industry, intellectual property rights, ensuring that blockchain systems accurately reflect and enforce IP compliance and arbitration is complex, just as it is challenging to convince artists and content creators of the benefits and ease of use of blockchain platforms. Also, competing with established digital rights management systems and platforms is difficult.
1. Regulatory uncertainty: Governments and regulatory bodies are still grappling with how to regulate cryptocurrencies and blockchain-based financial services, leading to uncertainty and compliance challenges.
2. Scalability: Blockchain networks are still struggling with the processing of high volumes of transactions quickly, leading to slow transaction speeds and high fees during peak times.
3. Security: Ironically, while blockchain itself is secure, the surrounding infrastructure (exchanges, wallets) has been vulnerable to hacks and thefts.
4. Integration with legacy systems: Different organizations and supply chains may use different blockchain standards and systems, complicating data sharing and interoperability.
5. Propagation of errors: Although the technology ensures data immutability, if inaccurate data is entered, it remains in the blockchain permanently, potentially propagating errors.
6. Interoperability: Different organizations and supply chains may use different blockchain standards and systems, complicating data sharing and interoperability.
7. Industry-specific concerns:
And the list goes on further in the legal, agriculture, transportation/logistics, retail and insurance industries, with more to follow …
For now, it is clear that blockchain has its share of stumbling blocks to address in general, and its implementation into cybersecurity use cases will have to take all challenges into account before it can be developed into a viable part of cyber defenders’ arsenals.
