Could You Boost Your Cybersecurity With Blockchain?

Posted on : 28-11-2017 | By : Tom Loxley | In : Blockchain, Cloud, compliance, Cyber Security, Data, data security, DLT, GDPR, Innovation

Tags: , , , , , , , , , , , , , , ,

0

Securing your data, the smart way

 

The implications of Blockchain technology are being felt across many industries, in fact, the disruptive effect it’s having on Financial Services is changing the fundamental ways we bank and trade. Its presence is also impacting Defense, Business Services, Logistics, Retail, you name it the applications are endless, although not all blockchain applications are practical or worth pursuing. Like all things which have genuine potential and value, they are accompanied by the buzz words, trends and fads that also undermine them as many try to jump on the bandwagon and cash in on the hype.

However, one area where tangible progress is being made and where blockchain technology can add real value is in the domain of cybersecurity and in particular data security.

Your personal information and data are valuable and therefore worth stealing and worth protecting and many criminals are working hard to exploit this. In the late 90’s the data collection began to ramp up with the popularity of the internet and now the hoarding of our personal, and professional data has reached fever pitch. We live in the age of information and information is power. It directly translates to value in the digital world.

However, some organisations both public sector and private sector alike have dealt with our information in such a flippant and negligent way that they don’t even know what they hold, how much they have, where or how they have it stored.

Lists of our information are emailed to multiple people on spreadsheets, downloaded and saved on to desktops, copied, chopped, pasted, formatted into different document types and then uploaded on to cloud storage systems then duplicated in CRM’s (customer relationship management systems) and so on…are you lost yet? Well so is your information.

This negligence doesn’t happen with any malice or negative intent but simply through a lack awareness and a lack process or procedure around data governance (or a failure to implement what process and procedure do exist).

Human nature dictates we take the easiest route, combine this with deadlines needing to be met and a reluctance to delete anything in case we may need it later at some point and we end up with information being continually copied and replicated and stored in every nook and cranny of hard drives, networks and clouds until we don’t know what is where anymore. As is this wasn’t bad enough this makes it nearly impossible to secure this information.

In fact, for most, it’s just easier to buy more space in your cloud or buy a bigger hard drive than it is to maintain a clean, data-efficient network.

Big budgets aren’t the key to securing data either. Equifax is still hurting from an immense cybersecurity breach earlier this year. During the breach, cybercriminals accessed the personal data of approximately 143 million U.S. Equifax consumers. Equifax isn’t the only one, if I were able to list all the serious data breaches over the last year or two you’d end up both scarred by and bored with the sheer amount. The sheer scale of numbers here makes this hard to comprehend, the amounts of money criminals have ransomed out of companies and individuals, the amount of data stolen, or even the numbers of companies who’ve been breached, the numbers are huge and growing.

So it’s no surprise that anything in the tech world that can vastly aid cybersecurity and in particular securing information is going to be in pretty high demand.

Enter blockchain technology

 

The beauty of a blockchain is that it kills two birds with one stone, controlled security and order.

Blockchains provide immense benefits when it comes to securing our data (the blockchain technology that underpins the cryptocurrency Bitcoin has never been breached since its inception over 8 years ago).

Blockchains store their data on an immutable record, that means once the data is stored where it’s not going anywhere. Each block (or piece of information) is cryptographically chained to the next block in a chronological order. Multiple copies of the blockchain are distributed across a number of computers (or nodes) if an attempted change is made anywhere on the blockchain all the nodes become are aware of it.

For a new block of data to be added, there must be a consensus amongst the other nodes (on a private blockchain the number of nodes is up to you). This means that once information is stored on the blockchain, in order to change or steel it you would have to reverse engineer near unbreakable cryptography (perhaps hundreds of times depending on how many other blocks of information were stored after it), then do that on every other node that holds a copy of the blockchain.

That means that when you store information on a blockchain it is all transparently monitored and recorded. Another benefit to using blockchains for data security is that because private blockchains are permissioned, therefore accountability and responsibly are enforced by definition and in my experience when people become accountable for what they do they tend to care a lot more about how they do it.

One company that has taken the initiative in this space is Gospel Technology. Gospel Technology has taken the security of data a step further than simply storing information on a blockchain, they have added another clever layer of security that further enables the safe transfer of information to those who do not have access to the blockchain. This makes it perfect for dealing with third parties or those within organisations who don’t hold permissioned access to the blockchain but need certain files.

One of the issues with blockchains is the user interface. It’s not always pretty or intuitive but Gospel has also taken care of this with a simple and elegant platform that makes data security easy for the end user.  The company describes their product Gospel® as an enterprise-grade security platform, underpinned by blockchain, that enables data to be accessed and tracked with absolute trust and security.

The applications for Gospel are many and it seems that in the current environment this kind of solution is a growing requirement for organisations across many industries, especially with the new regulatory implications of GDPR coming to the fore and the financial penalties for breaching it.

From our point of view as a consultancy in the Cyber Security space, we see the genuine concern and need for clarity, understanding and assurance for our clients and the organisations that we speak to on a daily basis. The realisation that data and cyber security is now something that can’t be taken lighted has begun to hit home. The issue for most businesses is that there are so many solutions out there it’s hard to know what to choose and so many threats, that trying to stay on top of it without a dedicated staff is nearly impossible. However, the good news is that there are good quality solutions out there and with a little effort and guidance and a considered approach to your organisation’s security you can turn back the tide on data security and protect your organisation well.

GDPR & Cyber-threats – How exposed is your business?

Posted on : 28-11-2017 | By : Tom Loxley | In : Cloud, compliance, Cyber Security, Data, data security, GDPR

Tags: , , , , , , , , , , , ,

0

With the looming deadline approaching for the ICO enforcement of GDPR it’s not surprising that we are increasingly being asked by our clients to assist in helping them assess the current threats to their organisation from a data security perspective. Cybersecurity has been a core part of our services portfolio for some years now and it continues to become more prevalent in the current threat landscape, as attacks increase and new legislation (with potentially crippling fines) becomes a reality.

However, the good news is that with some advice, guidance, consideration and a little effort, most organisations will find it easy enough to comply with GDPR and to protect itself again well against the current and emerging threats out there.

The question of measuring an organisations threat exposure is not easy. There are many angles and techniques that companies can take, from assessing processes, audit requirements, regulatory posture, perimeter defence mechanisms, end-user computing controls, network access and so on.

The reality is, companies often select the approach that suits their current operating model, or if independent, one which is aligned with their technology or methodology bias. In 99% of cases, what these assessment approaches have in common is that they address a subset of the problem.

At Broadgate, we take a very different approach. It starts with two very simple guiding principles:

  1. What are the more critical data and digital assets that your company needs to protect?
  2. How do your board members assess, measure and quantify secure risks?

Our methodology applies a top-down lens over these questions and then looks at the various inputs into them. We also consider the threats in real-world terms, discarding the “FUD” (Fear, Uncertainty and Doubt) that many service providers use to embed solutions and drive revenue, often against the real needs of clients.

Some of the principles of our methodology are:

  • Top Down – we start with the boardroom. As the requirements to understand, act and report on breaches within a company become more robust, it is the board/C-level executives who need the data on which to make informed decisions.

 

  • Traceability – any methodology should have a common grounding to position it and also to allow for comparison against the market. Everything we assess can be traced back to industry terminology from top to bottom whilst maintaining a vocabulary that resonates in the boardroom.

 

  • Risk Driven – to conduct a proper assessment of an organisations exposure to security breaches, it is vital that companies accurately understand the various aspects of their business profile and the potential origin of threats, both internal and external. For a thorough assessment, organisations need to consider the likelihood and impact from various data angles, including regulatory position, industry vertical, threat trends and of course, the board members themselves (as attacks are more and more personal by nature). Our methodology takes these, and many other aspects, into consideration and applies a value at risk, which allows for focused remediation plans and development of strategic security roadmaps.

 

  • Maturity Based – we map the key security standards and frameworks, such as GDPR, ISO 27001/2, Sans-20, Cyber Essentials etc. from the top level through to the mechanics of implementation. We then present these in a non-technical, business language so that there is a very clear common understanding of where compromises may exist and also the current state maturity level. This is a vital part of our approach which many assessments do not cover, often choosing instead to present a simple black and white picture.

 

  • Technology Best Fit – the commercial success of the technology security market has led to a myriad of vendors plying their wares. Navigating this landscape is very difficult, particularly understanding the different approaches to prevention, detection and response.

At Broadgate, we have spent years looking into what are the best fit technologies to mitigate the threats of a cyber-attack or data breach and this experience forms a cornerstone of our methodology. Your business can also benefit from our V-CISO service to ensure you get an executive level of expertise, leadership and management to lead your organisation’s security. Our mantra is “The Business of Technology”. This applies to all of our products and services and never more so when it comes to really assessing the risks in the security space.

If you would like to explore our approach in more detail, and how it might benefit your company, please contact me at john.vincent@broadgateconsultants.com.