Another day another cyber-attack. 2020 saw a dramatic uptick in these “Cyber Pandemic” intrusions as most of the world faced lockdowns due to COVID.
The fact that many of us had to work remotely led to a perfect storm for hackers seeking to disrupt and profit from this new workforce model. 2020 saw a 358% increase in malware while ransomware saw a 435% increase compared to 2019. All in all, cyber attacks could end up costing the world $6 trillion annually by the end of 2021, increasing to $10.5 trillion by 2025.
Malware and ransomware are malicious programs or files that hackers use to exploit and take control of computers and file systems. Commonly known as a data breach, malware is used to collect information and pilfer data in hopes of using the information to steal money or offer it for sale on the darknet.
On the other hand, ransomware is where a hacker infects a computer or system locking up all the data with a password. The attackers will then demand a ransom to be paid, typically in bitcoin, in order for the victim to unlock the data. The recent Colonial Pipeline news is just one example of this type of attack.
Data will continue to be a target of cybercriminals. Antivirus and internet firewalls are constantly being updated to help fight against nefarious activities. However, the question remains: Is there anything we can do to protect our data both on the personal and enterprise level? How can we get ahead of the curve?
Is Blockchain a Viable Solution?
Blockchain, to put it simply, is a program that validates and distributes transactions, recording all activity on the network. It is then added as a new block to a program or chain.
Each computer or “node” that is connected to that network has a full copy of the blockchain. This ensures that the transactions cannot be altered or deleted as they are distributed and not controlled by any centralized person or company. This is known as decentralization.
Blockchain technology is often referred to as cryptocurrency, most notably Bitcoin. However, not all blockchains are designed to be used as a form of payment.
Many projects aim to tackle the issue of data security, keeping people safe in the new cyber world we live in. One of the many emerging technologies in this space is known as IPFS (Interplanetary File Systems). IPFS technology can provide a network that offers both security for stored data and stealth information retrieval. It’s here where the system stores the data according to the actual ones and zeros of the file, assigning it an individual hash or what I like to call a fingerprint. The hash is then used to identify the file while ensuring that the data attached to that hash is original and has not been altered.
IPFS alone is a very secure way to store and transfer data. However some in the industry have started also including Smart Contracts that role on a blockchain into the mix. These contracts are executed automatically when certain requirements of the contract are met.
One of the best aspects of a smart contract is that they are on the blockchain and cannot be altered or interfered with by anyone. Since these contracts are on the blockchain, they can be verified and audited anytime by anyone that has the contract address.
An example of this is in the medical industry which has been among the hardest hit by these attacks. To mitigate these intrusions and boost security, Taras Filatov has proposed a solution that deploys both IPFS and Smart Contracts for distributed storage of permissioned access to patient data. His proposal includes the storage and transferral of patient data over IPFS, securing it with a multi-key permissioned structure for access. It is believed that this approach could render any file intercepted or stolen virtually useless to the attacker.
Here’s how it works: The patient’s data is stored and encrypted on the IPFS storage network. Then a smart contract is created to control access to the data. Both the patient and the receiving physician are provided keys to the smart contract. Without both keys, the contract will not execute, and the data cannot be retrieved or decrypted
Another case example involves the use of sharded data storage on IPFS. Sharded data is a storage method that divides the uploaded file into smaller pieces, known as shards. These shards are then stored on multiple nodes. Node mapping info is then added to the hash to tell the end-users which nodes have the info when they want to retrieve the file.
Distributing files as shards ensures that even if one node goes offline or is compromised, the data is still secure. Additionally, data on the compromised node can be automatically reconstructed and redistributed to new nodes using the remaining shards of the data.
I know this may not sound super secure. However, when you encrypt the data at the time of upload, only those with the decryption key will be able to access it. Some projects are also including self-destruct timers for some data types. These files are assigned a Time-To-Live or TTL. This is a great feature when dealing with particularly sensitive personal data. In fact, it kinda brings back memories of James Bond movies.
There have been multiple variations of this utilization in just the medical industry, ranging from securing wearable tech like Fitbit type devices, to remote diagnosis tools using Smart Contracts and IPFS. This is an incredible feat to be able to use a remote-control device to control intricate real-time surgical arms on the other side of the planet.
The future potential for similar technology to make its way to other avenues of business and personal data security is very real. The ability to create immutable and secure data storage is paramount in our world.
It’s evident that Blockchain technologies are beginning to give us an avenue of escape from the reach of hackers who are stealing and selling data or holding critical files hostage. The sooner we can develop and implement technologies such as these into everyday activities, the better off we will be.