Blockchain 2018 – Disrupting Legacy Industries

Blockchain 2018 – Disrupting Legacy Industries

Transferring value, funds, or money, we are usually forced to rely on “old-fashioned”, centralized financial establishments like traditional banks.

Online payment systems such as PayPal, still require integration with a bank.

You need a bank account or credit card to be able to use these services, thus a big percentage of the developing world is still considered unbanked even though they are widely using services over the internet.

With blockchain technology, beginning with the notoriety of Bitcoin, offers a disruptive possibility of being able to eliminate the “middle man”, also known as disintermediation.

Disintermediation, by definition, is the reduction in the use of intermediaries between producers and consumers, for example by investing directly in the securities market rather than through a bank.

Blockchain technology does this by fulfilling three important roles – recording transactions, establishing identity, and establishing contracts – something usually done by the banks or financial services’ providers.

Blockchain technology may allow peer-to-peer trading of energy or ride sharing such as commuters may be capable to directly hire car services via a mobile application.

In Germany, blockchain is being used to enable electric vehicle charging where hundreds of charging stations “charge” by using the Ethereum Smart Contract.

With blockchain, the potential to disrupt legacy industries is limited only by the human imagination.

 

Recording transactions

Blockchain is a public record of transactions, and it’s also a distributed database.

Instead of just one person or organization controlling everything, there are thousands of computers globally connected to a network, thus it’s this network which is required for an agreement on which transactions are valid.

Whenever someone makes a transaction, it is broadcast to the network, and the network runs complex algorithms to determine if the transactions are valid, only then are they added it to the record of transactions, linking it to the previous transaction, a growing list of sequential records, called blocks.

Each block is date and time stamped to link to a previous block, this chain of linked transactions is known as the blockchain.

Since the transactions all reference the one before them, one can figure out which ones came first, thus eliminating which is the correct sequence.

One can think of the blockchain as a very long “spreadsheet” you have a copy of the spreadsheet and your friend “John Smith” has another copy.

 

Establishing identity

Since all the activities or transactions are recorded in a “block chain” of data, it’s easier to establish identity by incorporating the details of a person in the recorded transaction.

Imagine a digital medical record: each entry is a block.

It has a timestamp, the date when the record was created, and by design, that entry cannot be changed retroactively, because we want the record of diagnosis, treatment, etc. to be clear and unmodified.

Only the physician, that has one private key, and the patient, who has the other, can access the information.

Only then is information shared when one of those users shares their private key with a third party: a hospital, clinic, specialist, or potentially- a clinical trial.

This establishes identify for that patient, and with this technology the patient continues to own their personal information and they can access it anytime without going through a “middle man” thus maintaining complete control over the records.

This security is built into a blockchain system through the distributed timestamping server and peer-to-peer network, and the result is a database that is managed autonomously in a decentralized way.

 

Establishing Contracts

A unit of a value (like a bitcoin), blockchain can be used to store any kind of digital information, including computer code.

That snippet of code could be programmed to execute whenever certain parties enter their keys, thereby agreeing to a contract-these are known as “smart contracts,” and the possibilities for their use are endless.

For example, it might be put to use in the regulation of intellectual property, controlling how many times a user can access, share, or copy something.

While the potential uses for blockchain are vast, the technology is not yet perfect. It requires more experimentation by businesses and governments before scale these solutions are widely accepted.

 

How blockchain may impact education

Imagine a digital native student receiving a customized learning experience from a dozen institutions located around the globe. The student enrolls in their primary University and is assigned a knowledge facilitator, who works with the student enabling and assisting in desired outcomes. The student might enroll in a primary University in Brussels and register to take a machine learning course from a University in the US or the UK.

This potentiality of next-generation faculty may create a context in which students from around the world can participate via online discussions, forums, and wikis to discover, learn, and produce knowledge as a community of learners who are engaged directly in addressing some of the world’s most complex issues.

Blockchain will be the underlying technology that allows this integration of learning, and records from different institutions for each subject and each module completed, steadily building an individual student’s list of academic accomplishments.

 

Cryptocurrencies

Cryptocurrencies like Bitcoin have serious supporters, and detractors too, not just those who got into them early.

Currency may be considered as the storage of money as such it can be exchanged, whereas Crypto implies secret.

When someone uses their credit card, which is usually electronic, everyone – the buyer, seller and third-party processor – knows everybody else.

The difference is that Bitcoin uses the blockchain technology, which may make it less expensive and easier to do the transaction-bitcoin and with the other 1,658 cryptocurrencies as of March 16, 2018.

It may be crypto, but it is not currency-our Euros, Dollars, Yen, etc., can be exchanged for goods and services-cryptos however, are not readily exchangeable universally.

In summary, and until that changes, cryptos are deemed by some as a speculative investment that may or may not make a profit.

Perhaps some of the “excitement” of the cryptos comes from knowing crypto wealth might be part of the nearly $1 billion stolen by computer hackers in 2018.

What’s the best way to determine how often penetration testing is needed? Are there certain organizations or industries that should do it more often?

There’s no one best answer. Similar to the questions: “How often should I exercise?”, “How often should I go for a dental cleaning?” and “How often should I change the oil in my car?” there are many variables when it comes to penetration testing.

Some considerations: network complexity, how often systems and applications are changed, third party applications, updates, and the concept of “Least Privilege”, budget, and so on.

What are you trying to accomplish with penetration testing? Is it to satisfy a compliance check box or to meet client or business partner requirements?

business risks.

security risks Today’s hackers, NEVER SLEEP, and the more often you pen test, the more sleep you will get!

As we have seen far too often, the “bad guys” work in teams, and have no time tables-just targets, don’t become a victim.

A client needs to make sure that they are doing the proper testing — “penetration testing” in the purest sense, is rarely enough.

Neither are higher-level “checklist audits”.

Any company, that is relying on “plain vanilla” vulnerability scans is a path to facilitate a breach-a soft target.

By focusing on performing “security assessments” that look at the company’s exposure, threat landscape, the threat surface, end points,  and potential attack surface(S), are far better served, than limiting your tests to whatever someone is asking you to do-be proactive, again, don’t be a victim-is the mantra.

To a hacker, with very bad intentions to do harm, all systems and applications are fair game for attack.

More important question than how often you should test, is the need for your business to ensure that it’s performing its security tests effectively and consistently.

The cost is minimal compared to the damage that hackers can inflict.

How to defend the network against APT attacks?

The threat landscape has changed irrevocably.

The primary foe of security professionals is no longer an asocial teenager basking in the glow of a monitor looking for an easy target, but rather the highly skilled technologists who are deliberately seeking treasure troves of sensitive information.

These attacks are representative of what security professionals face today.

Aptly named advanced persistent threats, APT is a “fuzzy” and even controversial term that refers to a style of attack rather than any specific technique.

Targeted APT attacks are waged in a one-to-one fashion by professional hackers using advanced skills.

What is Sandboxing technology?

The primary technique employed by a variety of advanced malware-detection products.

Potential malware threat is identified using various techniques.

Network traffic analysis is used to discover potential threats on the network.

Patterns of behavior are analyzed, and suspicious files are sent to the “sandbox”.

The file is then examined in an environment of virtual machines that analyze behavior in a suite of different operating systems and software versions.

All changes made by the file are recorded, and a report is presented which shows all areas of the operating system and software that were changed.

Based on this report, the file can be flagged as malware.

How to defend network against APT attacks?

First and foremost, take stock of the controls that already exist on the network and ensure they are both effective and well-managed.

Most enterprises already have a mixture of firewalls, intrusion detection and prevention systems (IDS/IPS), antimalware packages and other controls.

Are they audited regularly?

Do they have current signatures?

Are they consistently deployed?

Check the basics before even considering adding additional layers of defense.

What is Big Data Analytics?

One common approach is the incorporation of security big data analytics to aid the discovery of malicious activity hidden deep in the masses of an organization’s network traffic.

Big data is defined as any type of data, structured and unstructured, that can provide insight into network activity.

What is vulnerability assessment?

Vulnerability assessments are the security tests that aim to determine how safe your network is.

It checks if your network is susceptible to attack.

The most effective way to do it is by using a combination of manual techniques and automated vulnerability assessment software.

Why are vulnerability assessments important?

If you don’t know where you are, a map wont help.

These assessments allow organizations to figure out exactly where they stand from a cyber security perspective.

Not only critical information on tactical vulnerabilities, that would allow an attacker access to your most sensitive information, vulnerability assessments also help to strategically identify non-technical opportunities to enhance your information security posture.

Should vulnerability assessments look at more than just external systems?

Yes, vulnerability assessments is more than just external systems.

When we talk about cyber security, it is important to take all of the organization’s technology and personnel into account.

These include internal and external hosts, network devices, commercial off-the-shelf applications, third party applications, vendors, telephones, applications, and even security devices, and the cleaning crew.