The Future of Cybersecurity

Where should your data be stored?

Does our personal data belong on the internet? Probably not, but we continue to upload it anyway. Take a moment to think about all of the data that exists on your computer: your social profiles, your online retail accounts, your travel rewards programs, the list goes on. Why do we put all of that information online when we would otherwise hesitate to tell a stranger our place of work, our kids’ names, our date of birth, what year we graduated, our mailing address, etc.? The reason for this may vary from person to person, but mostly it’s due to convenience, pride, or fear of missing out.

The internet has proven to be a helpful and powerful utility, but it’s important to remember that it’s not without risk. On the news, it feels like every week we’re hearing about a new data breach, ransomware bug, computer virus, or company trying to triage the damage. With identity theft at an all-time high, there’s an unfortunate possibility that any one of us could be exposed in a future data breach — and we might not even know it.

“Between 2005 and 2017, significant data breaches — the type that affected millions of users — rose from about 200 per year to more than 1300. Billions of pieces of data are exposed and easy for cybercriminals to monetize. This has led to a rising risk of identity theft.”- Experian’s 2019 Data Breach Industry Forecast

Yet, many companies have started considering “know your customer” (KYC) protocols that vet potential users on a given platform. Every time you submit your data to companies for the KYC process, you’re opening yourself to additional attack vectors for someone to steal your identity, not to mention that this data is often packaged and sold to other companies — further expanding your digital footprint. When this occurs, you’re depending on a larger number of people to keep a secret, and as we all learned in grade school, that’s never a good idea.

Besides this new KYC trend, mobile applications are becoming increasingly intrusive. Why are so many simple applications that have nothing to do with your microphone or camera asking for access to both, along with your photos, contacts, and location? Most applications even want you to connect your social media profiles, requesting more of your data for even the most trivial actions. The more connected everything becomes, the more vulnerabilities seem to emerge.

“As our world grows more interconnected and technology-dependent, cybercriminals are becoming more sophisticated in their attacks and are keeping pace with our efforts to thwart them. The motivations behind cyber attacks have also expanded, making it increasingly difficult to predict and identify potential threats.”- Experian’s 2018 Data Breach Industry Forecast

So where does blockchain come in?

“Protecting consumer data and organizational network infrastructures from potential cyber threats is a day-in and day-out battle. But, the time has come for consumers to step up and take control of their digital identity.”- Experian’s 2019 Data Breach Industry Forecast

The blockchain is such a transformative and powerful technology that it is going to help consumers do just that: “…step up and take control of their digital identity.” The time-stamped chain of custody paired with immutability and public/private key encryption makes blockchain an ideal solution for data security. You might be asking: is an algorithmic encryption really that much safer than the corporate data centers currently hosting our data? For public blockchains, the answer is both yes and no.

Yes, a public blockchain is more secure than a corporate data center because every interaction is tracked and algorithmically encrypted by a user’s public key. These interactions can only be decrypted by knowing the private key associated with your account, providing an added layer of protection against large-scale hacking events. In corporate data centers, however, applications rely on centralized storage. Once you’ve breached security and broken the encryptions, you have immediate access to everyone’s data.

Some may argue that a public blockchain is not as secure as the cloud because all computers in the network host a copy of the entire data set. Hypothetically, if a bad actor came into possession of a private key, then they would be able to easily decrypt the transaction data by its associated public key, gaining access to only one person’s data.

This problem can be easily overcome through the use of private, permissioned blockchains. With private permissioned chains, you still have the time stamped chain of custody paired with immutability and public/private key encryption, but the entire blockchain can only be hosted/accessed by those participants given permission to do so. This provides the best security features of both the cloud and the blockchain, ultimately enabling the individual to control their digital identity.

The Everest decentralized identity and transaction platforms are both captured and stored in a set of private, permissioned instances of the Enterprise Ethereum blockchain. The Enterprise Ethereum blockchain is an evolution of the shared ledger system underneath the Bitcoin cryptocurrency. These permissioned Enterprise Ethereum blockchains run on a Proof-of-Authority mechanism, consensus of transactions rely on pre-approved “sealer” authority nodes to seal new blocks in the blockchain. More information about the Ethereum Proof-of-Authority protocol, “Clique”, can be found here.

To learn more, please visit Everest.org!