While not every company, SMB, or government, is proactively protecting their digital assets, most would agree that cybersecurity is a top business priority — though its implementation is another story.
For the average user, it seems that they too are slowly becoming more cyber aware, especially following the high-level cyber attacks that made headlines in the past recent years (e.g. Equifax, Uber, Facebook).
Then, there are users who idly browse the web without keeping the best security practices in mind — making all of us unsafe.
Take a simple example: spam emails. If an individual clicks on a malicious link in their email and gets their computer infected with malware, the scope of victims widens as the malware spams everyone in their address book. And, thus the cycle ensues.
On a larger scale, cybersecurity negligence can cause parts of the internet to go offline as the Mirai botnet did in 2016.
The Mirai botnet enslaved poorly secured IoT devices, security cameras, DVRs, and routers of unsuspecting users. This was done through a series of DDos attacks, effectively disrupting internet service for a large chunk of the eastern US border.
While blockchain cannot completely eliminate all cyber insecurities — such as human error — it can certainly minimise it.
Incentivising cybersecurity can also entice users of the web to be part of a larger cybersecurity community that aims to make the internet as a whole safer.
Below are some projects that are introducing blockchain-powered cybersecurity services and rewarding their users in the process, making blockchain, and subsequently cryptocurrency, more applicable to the cybersecurity field.
1) Enhancing security for passwords
As long as passwords exist, they will remain a weak link in the cybersecurity field. However, weak passwords that are easy to crack by hackers are not only to blame.
The fact that companies use centralised databases to store logins and passwords on a server also makes them targets.
As a result, if a single employee’s password is cracked, hackers could potentially gain access to a system or network through a single point of attack. But that all may quickly change.
REMME is a blockchain business that is looking to authenticate users and devices without the use of passwords.
The business claims to protect against keylogging, brute force, password breach and code reuse attacks with “no chance for human error.”
How does it authenticate users and devices? It uses PKI (public key infrastructure), built upon a set of DApps to enable “passwordless” authentication; it gives each device a specific SSL certificate, thereby eliminating the need for an authentication server or password database.
REMME also offers a utility token (REM), which is used to gain access to the REMME PKI protocol and its DApps.
As opposed to a centralised system, which is susceptible to hacking, REMME is built on a decentralised system, making it impossible for hackers to use “fake” certificates to gain authentication.
REMME is already working within the defence industry in Ukraine to provide “password-less” authentication, or access, to employees.
2) Protecting against DDoS attacks
DDoS attacks are responsible for making businesses go offline and often translate as lost revenue of up to US$100,000 per hour, loss of customer trust, brand tarnishing, etc.
Preventing these attacks before they hit the network is key since hackers could also use DDoS attacks as a “smokescreen” to launch other cyber attacks.
Like the relationship with password security and weak passwords, DDoS attacks have their own pitfall, namely the Domain Name System (DNS).
Put simply, DNS translates domain names into IP addresses.
While DNS traditionally divides this responsibility of translating domain names to IP addresses to numerous servers, many modern DNS servers are now consolidated, which make it possible for one service provider to be in charge of managing and translating IPs for thousands of websites.
This consolidation creates a way for hackers to exploit the interaction between the central registry, where the domain names are stored, and service providers.
That’s exactly what happened to Dyn. Multiple DDoS attacks on Dyn resulted in a massive internet outage across North America and Europe for several days.
One company, Blockstack, is looking to fully decentralise DNS.
They are building an ecosystem that gives users control over their digital “rights:” identity, data-ownership, privacy, and security.
By removing third parties from bearing complete rights to web servers, or databases, the full digital rights, including domain names, belong to a single authorised user (the domain owners) instead.
This way, domain owners are the only ones who can make changes to the domains themselves.
The data will go on the blockchain, making it impossible to be destroyed or hacked. This is just one use case that the company has in mind.
They are looking to offer their own token Stacks for registering subdomains on the network or enabling new features.
3) Combating social engineering with regards to cryptocurrency protection
Social engineering is extremely difficult to combat in the cybersecurity space because it involves psychological stealth techniques that could claim anyone as a victim under the right circumstances.
Whether it’s email, the web, or even crypto wallets, hackers are on the lookout for ways to deceive unsuspecting individuals.
There is no “formula” that hackers follow but the tell-tale signs usually involve phishing emails (often with a touch of sense of urgency) that embed malicious links to obtain personal information; impersonations of legitimate companies either through email or social media; website spoofing, and so on.
Social engineering touches every surface of the web, and cryptocurrency is no exception.
Cloudbric, a cybersecurity vendor, has made it their mission to protect users’ cryptocurrency.
Cloudbric aims to be the first in the cybersecurity realm to build a universal database that offers a comprehensive collection of known phishing sites, crypto fraud addresses, and other fraudulent sites for users to reference in preventing cyber attacks.
Through a security client and much larger decentralized security platform, Cloudbric will be able to protect users from malicious attempts to steal their cryptocurrency.
A primary example may involve hackers using phishing emails that lead users to copycat sites (websites that look like official exchange sites) which exhort credentials.
In other cases, hackers have been known use malware that exploits the clipboard function on PCs/mobile devices to replace the intended wallet address with a fraudulent address.
Also Read: Can social impact be growth hacked?
Cloudbric, who brings 20+ years of collective security expertise from their team and a strong background in encryption, will soon develop a crypto wallet that will automatically prevent unwanted or accidental transfers to fraud addresses.
It will do this by leveraging the cyber threat intelligence from the decentralized databases and will reward users with their own token CLB to build on the database.
Data is also becoming increasingly important, and with each new publicised hack, users are becoming increasingly aware of its value and are looking to their service providers to protect to them.
Whether it’s weak passwords, DDoS attacks, phishing scams, or crypto hijacking, human error and other insecurities will seep through the cracks putting users at risk.
Blockchain is offering innovative ways for service providers to protect their customers.
At the same, users are getting involved in the process of making the web safer by interacting with these blockchain-related businesses.
e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.