Blockchain solution for under-siege supply chains

Distributed ledger technology can solve cyber attack threat for financial sector

by Adrian Clarke, Founder, Evident Proof

It seems that businesses everywhere, particularly those in the finance sector, have woken up to the scale and seriousness of the threat posed by cyber attacks in the past few years. But the welcome effort to secure company networks will amount to little if fellow businesses in supply chains fail to adequately protect themselves.

Cyber-criminals are increasingly targeting supply chains to get around more secure corporate defences. The use of accountancy software to target Ukraine in what is known as the “NotPetya attack” is one example of a catastrophic software supply chain attack.

Hackers implanted malicious code in software used to file tax returns in Ukraine. It wiped machines of data, spreading beyond Ukraine via companies that were doing business in the country.

Companies’ supply chains are becoming ever more complex in the global, ultra-competitive economic environment. There’s an increasing number of different players and an increasing number of technological platforms to rely on.

Through just a single compromise, supply chain attacks can attack vast numbers of machines connected to the supply chain. And these threats can be much harder to detect than traditional malware attacks.

An increase in attacks
Earlier this year, cyber-security experts Crowdstrike revealed research suggesting two-thirds of organisations it surveyed had experienced a software supply chain attack in the past year. The average cost of an attack was around £850,000.

In an era of the Internet of Things, digital buying platforms, and robotic process automation, vulnerabilities will continue to proliferate.

But organisations are being held back from developing robust protection strategies because of the time and cost involved in vetting suppliers and third parties. According to the Crowdstrike report, 90% of businesses agreed security is a critical factor when making supplier decisions, but only 37% said they would be able to vet all of them.

So what should businesses do? How can they ensure every member of the supply chain has the cyber tools and protection in place to defend against attacks?

Blockchain technology helps prevent attacks
Rather than continually patching up old security systems, blockchain technology offers companies a way to build protection into the supply chain by design, while streamlining their supply chain processes.

The beauty of the blockchain is it’s a transaction ledger that is uneditable and virtually unhackable. Blockchains run in almost sterile environments — the only way to get data on to them is through the chain itself. So a cyber attack is highly unlikely to work. And if one ever did, it would leave clues that would trace back to the attacker.

This means the number of stakeholders involved in a blockchain-based supply chain wouldn’t actually matter from a security point of view. There would no longer be any weak links if they were all working through the same blockchain.

Blockchain technology also contains attacks
The blockchain doesn’t store data in a single centralised location, but across a vast network of computers that constantly verify information with each other. In order to compromise data as part of a cyber attack, a hacker would need to breach a majority of the computers in the network simultaneously. This is almost impossible.

That’s why securing data and protecting against supply-chain infiltration are perfect use cases for blockchain technology. By immutably recording data on a blockchain, its veracity is established.

The good news is a new solution is emerging. Supply chain solutions built on the distributed ledger technology of the blockchain can both drastically reduce the risk of an attack, and contain the effects of them.

Transparency and security
As well as security, blockchain technology also brings essential transparency to company data. The blockchain’s core value — the fact it’s built on distributed consensus — offers a way to turn data into immutable proof of evidence that can’t be destroyed or hacked. This can be particularly useful in the financial sector.

For example, in finance, many parties need knowledge about the provenance of data — to verify operational activities, for auditing purposes, as business intelligence, to provide evidence of compliance, and to better manage risk.

In these cases, businesses need a system which lets them refer to datasets that are trusted and verified. Classic cases include lawsuit or legal disputes about data authenticity. For this trust to be there, parties need to know the data is immutably correct.

Crucially, all this can be established without multiple technological platforms from the supply chain being plugged into the data in question.

The fourth industrial revolution
An era widely described as the fourth industrial revolution is well underway. The Internet of Things is providing businesses with the means to monitor and gain mastery over supply chains — gaining vast amounts of business value in the process.

But as the amount of datapoints in each supply chain continues to grow, companies vulnerability to attacks grows, and the implications of attacks grow.

Protecting a supply chain from cyber risk can no longer be about upgrading security systems attached to supply chain ecosystems with multiple points of vulnerability. Designing security and immutability into the platform itself is by far the safest option.

Blockchain technology can also help us store this valuable information safely then sift through it to prove an event recorded by a machine (or a human’s interpretation of an event recorded by a machine) was right or wrong. That’s why it is about to solve the threat posed by supply chain, protect the data that matters, and make it continually and easily available to companies.

Thanks for reading. We hope you enjoyed another contributed article by hands-on industry experts. Let them know you liked it by clicking the 👏 button — as often as you like.

Visit us on Twitter and don’t miss the current fintech newsletter issue here.

About the Author
Adrian Clarke, a former Microsoft CTO, is founder of tech startup Evident Proof — a blockchain-based platform that turns documents, transactions, and data events into immutable, unhackable proof. Evident Proof delivers evidence that can be used to meet compliance, provenance and other data verification requirements.