Blockchain could revolutionize the online world — offering an immutable record of online transactions making our data secure from the never-ending data breaches. While blockchain, deservedly, has a reputation for being safe, the people who implement it need to practice good cyber hygiene to allow for it to be effective.
Bad actors are constantly evolving and developing new ways to attack cyberspace, and so the world of digital security needs to adapt and move quickly to develop new and innovative ways to counteract these threats.
Veteran Cyber FBI Special Agents, Andre McGregor and Jason Truppi, share their decade-spanning knowledge and research on the evolution of digital security and how to keep yourself safe.
What Does Digital Security Entail?
Digital security is a combination of technology, processes, and controls that are designed to reduce the risk of cyber attacks. The aim is to protect both organizations and individuals from unauthorized exploitation of networks and systems. Jason sums it up in a nutshell:
“Digital security should really be called digital risk. The word security comes with the assumption that you are isolated from theft, loss or destruction, but in reality, you are never fully protected from all threats. Digital risk is a calculation of tolerance you have to potential threats based on the level of security you have implemented.”
The best digital security programs are designed to assess and react to potential threats quickly and efficiently, not to naïvely assume that implemented processes are enough.
What Are the Significant Milestones in Digital Security?
Over the last 30 years, the scale, sophistication, and impact of cyber attacks have increased greatly. In the 90s and early 2000s, the Internet was plagued with worms and viruses like NIMDA that would cripple the largest of companies.
In modern times, the 2016 Mirai botnet, which allowed a collective of teenagers to control and take down internet behemoths such as GitHub, Twitter, Reddit, and Netflix, is an example of how an unsecured network of computers connected to the Internet of Things can be exploited and turned into a botnet.
It’s also impossible to ignore the rise in data breaches. In the past few years, we thought nothing of entering our personal information into shopping websites, online banks or dating websites — but a lack of secure data storage and centralized networks provided soft targets for bad actors, who exploited this to gain access to precious personal information.
The reporting of tech threats has also evolved, says Andre;
“The first major milestone has been the mass reporting of data breaches and hacks in mainstream media around 2011 time-frame. Discussions are no longer exclusively for the ‘the IT guys’, but rather consumers and executives alike regardless of technical knowledge.”
The methods of execution and delivery are always evolving, and digital security needs to adapt and grow alongside it. Andre adds that we’re also seeing a rise in new ways to protect our actions online;
“We’re also seeing the adoption of Password Managers and the realization that shared passwords are many times more dangerous than weak passwords because if one account is compromised then all accounts with that password are equally compromised.””The use of two-factor authentication raised the stakes for what criminals have to do to compromise user access. No longer does a simple brute force password guess attack work. Just like a guarded bank vault, the only way to win against criminals is to raise the cost, making it too expensive for them to rob you.”
What Are the Challenges Posed by the Crypto Space?
Unlike traditional startups, blockchain startups (in many cases) need to be concerned with security from day one of operations. When you are holding millions of dollars worth of tokens or cryptocurrency as a small organization, you need to have very well thought out policies, controls, and monitoring of your security posture.
Blockchain can add a level of security we haven’t really seen before. It may not be flawless, but it can offer higher-level safety. Andre explains in more detail:
“The blockchain as a technology is the reason that I left the FBI and Tanium. Both really great opportunities for me to grow as a person, but I saw, over and over, systems that were getting compromised because we centralized our data and we trusted people that quite frankly we probably shouldn’t have trusted. So, with the blockchain, where I can have immutable data that’s decentralized and controlled by my private key, then I can have more control. Then, when you get compromised I’m not concerned that the data’s out there.”
The decentralized nature of the blockchain has both pros and cons. The biggest pro is that by using the peer-to-peer network, there is no one weak point for an attack. The flipside to this is that the onus is entirely on the user to protect themselves and their private key.
Another challenge is that currently the crypto space is mostly unregulated, and while the traceability of the blockchain does offer security, as with every aspect of life, nefarious activities do still happen.
How Can I Protect Myself?
In the case of digital security, prevention is better than cure. It’s important to have a constant awareness about the information you’re sharing online, and how you’re sharing it.
Andre breaks this down into five simple points:
- Reputation. Go online — research any company you’re looking to work with and see what the reviews, ratings, and recommendations for them are like. If someone had a bad experience in the crypto space, they are quick to report it on places like Reddit in order for the community to self-police each other.
- Use a Virtual Private Network (VPN).It is too easy to compromise public Wi-Fi and monitor web traffic in places like hotels and coffee shops. This is even more prolific in the crypto space. VPNs should be used not only on computers but also on mobile phones with the “always-on” feature turned on.
- Multi-factor authentication.Two-factor authentication is common but it’s much better to have multi-factors, so you’re not relying on just a password or a token. Multi-factor is not only something you know, like a password, or something you have, like a code, card or token; it is also something you are, like your retina or your fingerprint or even somewhere you are, such as a specific city or country, to limit global access. For example, if you live in London, then maybe access to a sensitive system should only be from London. If someone tries to log in from outside of London, it’s denied.
- Patch.Over 95% of cyber attacks still stem from phishing emails with links and attachments containing malware. This is because everyone uses email and people inherently make it easy to be contacted. This malware will leverage old vulnerabilities to install keyloggers and remote terminals Keeping your system patched and up-to-date will offer a higher level of security.
- Password.Quite frankly, many passwords under 13 characters are easily hackable. The longer the password — even by just one extra character — the better the entropy and the harder to hack. Better yet, using a password manager allows for it to generate a long, complex password that you don’t have to remember.