Cybersecurity technologies and skills may help businesses fight surging malware and fraud – but as cybercriminals’ motives expand, a senior security specialist has urged executives to also embrace tools that preserve their trust in the integrity of their data.
Whereas attacks like ransomware rely on blatant compromise and business interruption, CyberCX CEO John Paitaridis warned hundreds of blockchain innovators during a recent Blockchain Australia and Melbourne University sponsored online group chat, many cybercriminals are now relying on subtler compromises such as changing data in a way that undermines its integrity.
Such changes may never be discovered and – as evidenced in concern over alleged Russian hacking of COVID-19 research, and growing concerns about outside interference with the looming US presidential election – their impact could be both dramatic and unrecognised.
“What concerns me greatly is the integrity of our systems that are under attack and under threat,” said Paitairidis, who called the risk of attacks on those systems’ integrity “particularly concerning”.
CyberCX – which was formed last year from the merger of a dozen smaller cybersecurity firms and has since grown to more than 600 staff – has since analysed over 200 major cybersecurity incidents, conducted more than 2000 penetration tests, and evaluated more than 500 companies’ baseline security positions.
The results, Paitairidis, said, point to an increasingly shaky trust in the data that businesses are being run by.
“Increasingly, we are seeing attacks that will change or manipulate electronic information in order to compromise the integrity of it, rather than just deleting or disrupting it,” he explained.
“Senior executives and government decision makers can be impaired if they can’t trust the information that they are seeing.”
Blockchain’s cybersecurity promise
The potential for blockchain technology to fix this growing trust gap has made cybersecurity a key use case for the National Blockchain Roadmap Steering Committee (NBRSC), which is facilitating the industry and academic engagement stemming from the National Blockchain Roadmap (NBR) launched by the government in February.
More than 200 organisations had quickly responded to the NBRSC’s callout last month for expressions of interest regarding working groups, NBR lead Chloe White told the online audience of several hundred fintech and blockchain innovators.
“The thing I like about the NBR is that it’s very collaborative and provides new opportunities to bring us together,” said White, a Treasury innovation specialist who had “the enormous privilege” of being seconded to the Department of Industry, Science, Energy and Resources to guide the NBR’s implementation.
The first two working groups established by the NBRSC included one with a focus on supply chains, initially in the agricultural sector, and a second group exploring issues around credentialing, initially focused on education.
Yet cybersecurity was likely to become the third focus area after the organisation’s far-reaching callout garnered “a lot of enthusiasm on cybersecurity”, White said, promising that “nobody’s talent is going to waste” as the agency taps into the broad network of skilled people interested in blockchain.
The focus on blockchain “makes sense,” she said, “because the economy is increasingly data driven and we know that data networks are often vulnerable to disruption and manipulation – and that blockchain has unique features that mean it can help with those attacks.”
New life for enterprise databases
Blockchain’s non-repudiability – by design, its data cannot be changed and any later adjustments are individually and indelibly logged – has given it great cachet in everything from tracking the provenance of goods to enabling new file systems where data cannot be changed unnoticed.
As the insecurity of increasingly remote workers challenged companies to maintain their protections against “state actors trying to jostle for prominence”, ProvenDB founder and chief technology officer Guy Harrison told the forum, blockchain-based systems were rapidly becoming important for protecting data in new ways.
“A lot of systems that were once kept hidden behind the enterprise firewall are now no safer than someone’s home router,” Harrison said, “and that’s a huge, broad increase in the vulnerability of key systems.”
Blockchain addresses the “huge” implications of attacks on those systems and, he continued, “plugs one of the fundamental vulnerabilities that have been there with using database systems since the beginning – that we can never really be sure that one piece of data that has been written, hasn’t been written over at another time.”
“For the first time in computer science, we have a technology where we can write something and be sure that it hasn’t been overwritten,” Harrison added.
A spate of government initiatives – including efforts to improve market access for Australian blockchain innovators, the $156m boost for Australia’s cybersecurity industry, and the backing of entrepreneur-supporting organisations like AustCyber – had fostered great excitement amongst local innovators.
As “embracers of technology” the Morrison government had doubled down on blockchain as a key enabler of cybersecurity and other areas, Senator Andrew Bragg, chair of the Select Committee on Financial Technology and Regulatory Technology, noted in addressing the online audience.
Blockchain “is a whole of economy touchstone” that had become intrinsic to the government’s work around fintech and optimising consumer and regulatory markets, said Bragg, whose committee will soon deliver a report after months of hearings into financial-services competition.
“Whether you are the Minister for Agriculture or the Treasurer,” he said, “you have a lot to gain from Australia being good at blockchain.”