Cybersecurity Decentralized

 Hackers, no matter what anyone tells you they are always one step ahead of security teams and that manifest with the hacks and breaches we hear about everyday, no matter which security measures we use or how expensive the gadgets are, they always find a way through and wreak havoc.

Every time there’s a new attack, we plug it with a software patch, and rinse repeat. This results in a never-ending whack-a-mole game where hackers always have the advantage. The problem with this is that it’s purely reactive. It hasn’t worked. Over the past decade, the financial losses associated with cyberattacks have been devastating to organizations, municipalities and small businesses. In just three years, business email compromise has cost organizations more than $26 billion and this was in May 2020. Also the FBI also warned that ransomware will become more targeted and costly, as witnessed by the 2019 attack on the city of Baltimore which cost an estimated $18 million to restore systems, and most recently, the December 2019 attack on the city of New Orleans forced officials to declare a state of emergency, so you know this is not a joke and it may affect the most important asset, human lives[1]. 

As we progress through the years we get more technically advanced especially regarding interconnectivity and bringing the world together as one big city where everyone can easily get in touch with the other. Unfortunately, as our world becomes more interconnected and digitally dependent, these types of attacks will continue to proliferate at a faster clip. Adding to that the lack of specialized security talent to defend against these and other threats mentioned in my other article where we discuss in detail the effect of such phenomena but in short This sobering number highlights the cybersecurity industry’s widening workforce skills gap and, more importantly, how steps taken in recent years to close that gap are not enough to adequately prepare us for future attacks. Instead, the cybersecurity industry needs to look beyond our siloed networks and embrace an industry-wide mentality of decentralized threat intelligence sharing in order to relieve the burden on a limited supply of highly trained cybersecurity talent, alleviate recruitment pains, and accelerate response times to a rapidly evolving threat environment.

Moving on from our previous topic as system admins try to find the next way to defend against attacks we have to take a step back and get a broader view on another proactive strategy, it was not until recently that we have a line of products that enable us to proactively crowdsource and use threat intelligence to finally defeat the hackers for once and all.

But what if the key to solve this dilemma was found circulating the world, I am indubitably talking about "Decentralization".

The concept of a decentralized platform is hardly a new concept in the technology industry and in the most basic terms, simply describes a scenario in which critical applications or services are carried out by individual computing devices or nodes on a distributed network, obviating the need for a centralized server and thus creating greater resiliency across the network as there is no single point of failure. One small example to tackle an issue was Uber decentralizing the transportation system by allowing any person that meets certain threshold requirements to generate an income as an on-demand driver. and lest we forget about the father of all Bitcoin [2] and its underlying blockchain technology has enabled parties to securely and transparently share transaction data on a distributed ledger, without the need for an intermediary to be involved.

Beyond computing and network resources, decentralization also enables organizations to access talent and knowledge that they may not otherwise have easy access to. For cybersecurity, this means tapping into real-time information and threat intelligence from global SOC analysts and security teams in order to accelerate the detection and remediation of new threats especially ones that have never been seen before in the wild. For example, imagine an organization had access to hundreds of thousands of security analysts from around the world and the threat intelligence they see every day. By openly sharing this intelligence amongst each other, including attacks, permutations, and solutions, analysts could quickly flag a suspicious file or email and have it automatically and instantly distributed to every other analyst that is part of the network, enabling them to spend less of their limited time researching new threats and improving their ability to respond to new attacks. More importantly, a decentralized threat intelligence sharing model could free up analysts and security teams to focus on higher priority initiatives versus constantly putting out fires.

So in short there are three ways decentralization could help cyber security:

• Elimination of single points of failure
• Decentralization of data storage
• Traceability of unalterable records

Before getting to the first one we need to understand the importance of using a blockchain while we implement decentralization, Blockchain is the technology the underpins digital currency (Bitcoin, Ethereum, and the like). The tech allows digital information to be distributed, but not copied. That means each individual piece of data can only have one owner like a bank vault, in which there are rows of unlabeled boxes. Each box has a glass façade with content everyone can see, verify and can’t change. Everyone knows where the boxes are and what they contain. A more elaborate way to explain blockchain can be found Here.

Going back to our solutions we tackle the first one which is the elimination of single point of failure, Centralized databases suffer from one critical vulnerability: being a single point of failure. If a hacker successfully attacks a centralized database, it can be rendered inaccessible. Regardless of any security measures, a centralized entity remains a single point of failure that can be compromised anytime. Using distributed ledger technologies, namely blockchain, eliminates these single points of failure. By having copies of a database in different places, a malicious actor can neither take it down using a DDoS attack or alter any data on the blockchain. This has huge implications for IoT security. IoT devices are most vulnerable when they exchange data amongst themselves. Blockchain can protect data exchanges between IoT devices, while decentralization allows them to make their own security decisions without relying on a central authority.

But what about storage? The value of data has been increasing over time. Therefore, it is critical to protect sensitive data to maintain a competitive edge and to comply with privacy laws like the GDPR. By storing repositories of data in different places instead of just one place, decentralized data storage makes it difficult for hackers to conduct successful attacks. By granting permission to third-parties to access this data using cryptography, companies can protect their intellectual property and the privacy of their own customers.

and finally tracing the digital activity Placing immutable, timestamped, and digitally signed data on the blockchain makes it easy to trace all transactions and associated digital activity. While personal information can and should be kept off the blockchain, any digital activity recorded on the blockchain can be traced back to its originators with the assurance that the data is authentic and tamper-proof.

The ability to trace transactions on the blockchain gave birth to products such as the CATV tool that supports investigations on crypto exchange hacks, money laundering, and terrorist financing using digital funds [3].

With all these benefits that are critical for a well lubricated working security machine challenges arise some hardships arise but since the benefits overweight the disadvantages I am confident that decentralization will ultimately strengthen the cybersecurity ecosystem in the long term.

The important thing to understand about “decentralization” is that there is a spectrum between total centralization and pure decentralization. Many factors determine whether a platform is truly decentralized [4] or, more likely, lies somewhere in between. These include validation, governance, and consensus algorithms, among other things.

The future is slowly tilting in favor of decentralization via crowdsourcing and real-time transparent solutions but despite numerous security challenges in the cybersecurity space, the future is bright for the latter industry with the increasing use of blockchain.

Reference:

[1] How Decentralization Can Help Close the Cybersecurity Workforce Gap

[2] Bitcoin

[3] A New Cybersecurity Strategy to Beat Hackers at their Own Game: Decentralization

[4] Decentralization