23 Jun How Blockchain Could Revolutionize Cybersecurity The current cybersecurity trend shows that hackers are becoming more nefarious and complex with their attacks against or

Article Summary: Hyeon

How Blockchain Could Revolutionize Cybersecurity – Mar 4, 2022 – Forbes

Top of Form

The current cybersecurity trend shows that hackers are becoming more nefarious and complex with their attacks against organizations and their systems. Attacks such as DDoS are paralyzing and cannot be thwarted or protected against and do not have full proof protections against them. The issue involves how our systems, including security is still centralized which has become more apparent as a detriment rather than perceived as safe and secure. It is a point of failure in which bad actors exploit and target.

The most recent 2017 DDoS attack against Google consumed over 2Tbps which remarkably the organization was able to hold ground. But due to the nature of the attack and how DDoS preys on DNS which currently isn’t secured and is slowly beginning to only fortify itself with secure DNS, the problem lies again, to centralized nature of not only the naming service, but the infrastructure such as databases and how it’s authenticated.

Now Blockchain is not something you would expect to associate security, as it’s obviously shown more related to tokens and cryptocurrencies. However, the technology and infrastructure behind it, is show that It’s built for almost anything and everything the web 3.0 has to offer. The advantage is the decentralized nature of how blockchains work.  The tech isn’t reliant on just a single node or point of presence, as it’s distributed in the ledger style proofing system it uses to replicate and check among itself for integrity. Likewise, such infrastructure coincidentally has shown it’s resilient from current attacks and utilizing this decentralized nature not only shows how security and authentication can be decentralized in nature, but so can the protocols, systems and applications that can be built upon it.

With the advent of automation and big data and artificial intelligence, using those tools can assist in migration and detection as well as building a infrastructure based on block chain easily and reliably so that systems can alert and better protect and even automate defenses. If the bad actors can evolve, why can’t the systems that they attack, and the administrators, as well as the tools they protect these systems with evolve too?  It definitely will help a long way from preventing to prepare a breach notification and face the consequences of an attack. Any advantage against bad actors and hackers is well worth it to prevent the lost of resources and money.

SUMMARIZE THE COMMENTS BELOW

Commenter: Jared

Top of Form

Hi Hyeon,

I agree blockchain is much more than just cryptocurrencies and can be a very useful tool in the fight against cyber-attacks. As hackers improve and create new attacks, companies will need to continue to update their cyber security systems in order to stay ahead of hackers, and as the article mentions, one application companies should consider is blockchain. The company I work for was recently the victim of a cyber security attack. The attack shut down our systems for 3 days, required the company to hire an outside IT firm, and cost the company over $100,000. One of the reasons the attack was successful was due to an older cyber security system. Since the attack, the company has invested in updated security systems and continues to look into fortifying its cyber security. A decentralized system infrastructure could have potentially prevented the attack or could be something the company could look into. As companies increase their digital assets, sophisticated systems will need to be put in place to protect these assets.

Commenter: Gagan

Top of Form

Hi Hyeon,

In a unique way, blockchain is transforming cybersecurity. There's a good probability that if you follow blockchain concepts correctly, you'll be able to drastically reduce cybersecurity concerns like identity theft, hacking, and so on. Employers may use blockchain technology to build deep and long-term relationships with their customers, which is a positive thing. Small business owners and entrepreneurs can benefit from blockchain technology when it comes to boosting cybersecurity. Surprisingly, depending on the situation, they can employ this excellent strategy in a variety of ways to address various security flaws in their business networks.Employers may easily protect their critical business data from the prying eyes of hackers, scammers, and other cyber thugs using blockchain. Because blockchain technology encrypts your official data, hackers and other unauthorized individuals are unable to alter it. Employers can benefit from more trustworthy identity management solutions thanks to blockchain. As a result, you can store information about your staff and clients on a blockchain network. You can also assign digital IDs to your staff and customers, which you can use to verify their identification as needed. Smart contracts are another technique to appropriately improve the cybersecurity of diverse enterprises. These are pre-written criteria that must be adhered to throughout transactions. Cybersecurity professionals can use smart contracts to authenticate such transactions without taking any risks.

Commenter: Doyin

Top of Form

While this Article focuses on the benefits that blockchain can bring to cybersecurity, I think its also important to highlight some of the challenges it may face; Blockchain and distributed ledger technology applications combine the message and the asset in a single token. When an asset is embedded into a blockchain or distributed ledger, possessing the associated cryptographic keys is the only way to retrieve or move the asset. In other words, the key becomes an asset. When the key and the assets are one and the same, anyone who obtains the key can monetize and exploit the asset instantly. As we’ve seen in security breaches in public blockchain settings, such as Bitfinex, Mt. Gox and others, the malicious transfer of ‘value’ can be instantaneous, irreversible and significant. Participants in these systems lost millions of dollars as a result of compromised security systems. However, these attacks exploited vulnerabilities at the application layer—the wallets holding the keys to the assets—rather than the underlying blockchain protocol.

Commenter: AJ

Top of Form

While this is all accurate, I wanted to add/clarify that all of the blockchain implementations I'm aware of use asymmetric cryptography which means both public and private keys would be in use. Private keys are not published to the blockchain, and protection of private keys is extremely critical to security of the blockchain and associated transactions. Anyone that has bought/sold/mined a cryptocurrency will recognize the "seed phrase" or "key recovery phrase" made of 12 random words that you are asked to write down during wallet creation. This is a seed of all private keys generated by the wallet, but not the private key itself – that is stored within the wallet and used to sign transactions. It is strongly recommended that this seed phrase be written down and stored in a safe, but not stored digitally in any way. If an attacker were to gain access to this phrase they now own your private key and can effectively act as you on the blockchain.

ADD A SHORT CONCLUSION

Bottom of Form

INTERNAL USE

,

Article Summary: Karan Wadhera 

WSJ: U.S., U.K. Collaborate to Spur Innovation in Tech Used to Combat Money-Laundering | June 13, 2022 | Richard VanderfordTop of Form

This article highlights the new program in which U.S. and U.K. collaborate to develop more robust machine-learning technologies to combat money laundering. It will be essential for government and financial institutes to tackle money laundering and other crimes along with maintaining data privacy. The white house and the U.K. government are teaming up on a "prize challenge" program and providing monetary awards for developing a solution to train software to tackle different financial crimes and address problems posed by government agencies.

 

As per government requirements, financial institutes must detect and report any suspicious transactions by their customer. Current rules create massive data, making it difficult for the government and financial institutions to analyze. Governments have encouraged financial institutes for information-sharing partnerships to enhance reporting activities and make data more meaningful. Data privacy rules are one of the challenges in this process. U.S. and U.K. governments want to improve the technology with a new program that will allow machine-learning models to train data from multiple sources without leaving a safe environment—a method known as federated learning.

 

Federated learning technology will ultimately help fight against money laundering and other crimes. This new technology could be a building block for protecting the U.S. financial system from unlawful finance. The prize challenge is expected to open this summer, and the winner will be announced in 2023. FinCEN, the U.K.'s Financial Conduct Authority, and Information Commissioner's Office will make themselves available to innovators as part of the program.

 

This article emphasizes how two countries collaborate to develop new and improved technology to combat financial crimes and money laundering problems. Federated learning technology could be a block to protecting the financial systems from illegal activities. It allows more sharing of financial information between governments and financial institutions and creating robust software for tackling money laundering and other crimes.

 

Bottom of Form

 

SUMMARIZE COMMENTS BELOW

Commenter: Doyin

Top of Form

This article is interesting and it’s my first time learning about Federated Learning in technology. I decided to do some more research and learnt more about how Federated learning works. Federated learning is a machine learning method that enables machine learning models obtain experience from different data sets located in different sites (e.g. local data centers, a central server) without sharing training data. This allows personal data to remain in local sites, reducing possibility of personal data breaches. It does make a lot of sense that financial institutions across multiple countries will be able to use this to combat money laundering through learning models obtained from different data sets located in the separate counties. Federated learning also has some limitations such as:

Data heterogeneity: Models from diverse devices are merged to build a better model in federated learning. Device specific characteristics may limit the generalization of the models from some devices and may reduce accuracy of the next version of the model.

Indirect information leakage: Researchers have considered situations where one of the members of the federation can maliciously attack others by inserting hidden backdoors into the joint global model.

Federated learning is a relatively new machine learning procedure. New studies and research are required to improve its performance

Commenter: Karan

Top of Form

I agree that "Federated learning is a relatively new machine learning procedure. New studies and research are required to improve its performance." In centralized federated learning, the server is responsible for the nodes selection, training process, and aggregation of the received model updates from different nodes, becoming a bottleneck for the system. In decentralized federated learning, nodes can coordinate to obtain the global model. This setup prevents single-point failures as the model updates are exchanged only between interconnected nodes without the orchestration of the central server. Most of the existing Federated learning strategies assume that local models share the same global model architecture in heterogeneous federated learning for heterogeneous clients, e.g., mobile phones and IoT devices. New development in the federated learning framework is called HeteroFL. The HeteroFL technique can enable the training of heterogeneous local models with dynamically varying computation and non-iid data complexities while still producing a single accurate global inference model.

Commenter: Joshua

Top of Form

Karan, 

In a much more subjective inspection of Federated Learning, I too suspect that it will be the future of data privacy for many. Other than the actual objective definition of the computing process, I think it is important to see the big picture of federated learning. It is the capability to securely share data from different places on Earth. Between the U.S. and U.K., this means that we are now able to safely understand suspected and unsuspected data from different perspectives. This might be the most important facit regarding Federated Learning because it is able to link the knowledge of multiple different societies. This means multiple different securities beings used against multiple different attackers. Having the ability to engage a full range of perspectives will undoubtably give the U.S. and other nations the ability to properly detect crimes such as money laundering. 

Commenter: Matthew

One of the most interesting technologies related to finance is data loss prevention (DLP). This is not a new technology, but is coming to a greater prominence as financial leaks seems to be a weekly issue. Some examples of technologies solutions employing DLP would be NetSkope (for the cloud), or at the point of the firewall offered by Palo Alto (not the only provider for DLP for firewalls, but a good example). It is clear that for the aspiring information system analyst, an in-depth understanding of DLP solutions will be an increasingly lucrative area of concern.

ADD A SHORT CONCLUSION

Bottom of Form

INTERNAL USE

,

Article Summary: Doyin Adebowale 

The $5 Trillion Threat To Network Security–And How To Prevent It

Top of Form

As evidenced in the time affected by the Covid-19 pandemic, most of the databases of people and companies shifted to the cloud spaces. This was very convenient for people as they could access their data from anywhere, but it came at the price of their security and privacy. During the pandemic, there has been a surge in the rate of cyber-attacks that could not be monitored with conventional analyzing tools and practices. In this crisis, security incidents and event management (SIEM) come in. Many companies have been using this software for their platforms to reduce major risks to their data. Due to the increase in the shift rate to the cloud space, the surface area for attacks such as breaches in the security firewalls was increasing.

A need for updating and strategy development rose to solve complex situations. For this purpose, out-of-the-box (OOTB) SIEM was introduced to provide greater security to companies in a multi-cloud space. It made the detection of attacks and quick response much easier. The broad criteria that were set for the detection of breaches started giving false-positive results. For this problem, risk-based alerting (RBA) was made functional to detect only the threats which exceed the threshold set for the risk. This serious-threat-specific detection can reduce the time and resource consumption that can be used for further up-gradation of the system. Maintaining the structure and format of the software while also analyzing data can be laborious.

Recently, threat intelligence has been used to integrate the data and deliver the stages to the related teams. Performing the tasks related to filtering out the threats and risks manually can be very time-consuming. Also, organizations cannot hire so many employees to perform these tasks as it will not be cost-effective. The security operation, automation, and response (SOAR) is a solution to this problem. By using multiple automated tools and threat intelligence, teams can get the summarized results for analysis. Another analytic tool known as the user and entity behavior analytics (UEBA) can be used to detect the pattern and techniques of the attackers to reduce insider threats

SUMMARIZE COMMENTS BELOW

Commenter: Caleb

Top of Form

Doyin,

Your post raises a valid topic in terms of the dependance on technology though the Covid-19 Pandemic. It forced companies to allocate resources so that essential employees could work remotely. Though this was beneficial for many people, it did pose threats to organizations by allowing remote workers to access their network but thankfully, most use VPNs or virtual machines and applications. By doing this, the likelihood of a threat, though not completely eliminated, drastically decreases. I think that risk-based alerting could be beneficial to any company, but more importantly, they should always be one step ahead of the hackers so that any vulnerabilities, if any, may be reduced.

Commenter: Karan

Top of Form

Thanks for sharing this article. Network security is already a high priority for any company. I agree pandemic has not provided enough time to prepare for companies who were not practicing work from home using VPNs. Companies and the infrastructure team played a significant role in setting up the employee's environment to work from home. It also dramatically increased the possibility of security threats. Twitter is an example where top follower accounts were hacked multiple times. Companies were moving to the cloud to store the company's data instead of setting up their infrastructure because it is easier and cheaper to maintain. Companies are still trying to secure sensitive data in the internal infrastructure as much as possible, which can impact the stock price during the earnings calls. Companies must be ahead in the game of security and proactively identify and address vulnerabilities. 

 

Commenter: Levi

Top of Form

Doyin,

Your post is relevant today and will likely increase in the years to come. Many cybersecurity experts indicated that most of the attacks today are relatively simple. It is their expectations that the attacks in the future will become more advanced and sophisticated. It is imperative that companies are prepared for these attacks. As we all know, it is impossible to stop all the attacks, for they will continue to happen, but identifying them early and how they are responded to is important.

Threat actors are collecting encrypted data at an alarming rate, although decrypting it may take a long time, it has an extended shelf life, and the repercussions of that data loss may be seen in years to come. So these issues need to be addressed sooner than later. The National Institute of Standards in Technology new guidelines on to prepare and be protected with quantum-proof security are expected to be published in 2024, which some experts believe is not fast enough.

It will be interesting to see what transpires. With Russia’s potential attack on the United States, particularly, it could be devastating and costs billions of dollars.

 

Commenter: Dayton

Top of Form

Doyin, this is an interesting article, thank you for sharing. As you and others have pointed out, this is a very important topic. I think this really highlights one of the biggest barriers in cybersecurity, this is not something that you can just throw money at and have it fixed. This is an issue that needs to be approahced with great care and caution, and most of all, expertise. As the article describes, many companies are transfering their databases to the cloud, but without doing so using the industry best practices, a comnpany will be under even greater threat of a cyber attack. It only takes one crack in the wall to loose millions of dollars depending on the company. The solution does require a bucket of money to be thrown at it, but it must be thrown very carefully and with great accuracy.

Bottom of Form

Commenter: Sampson

Interesting article. Most companies, since the pandemic hit have been more dependent on SIEMs as they provide real-time analysis of security alerts generated by applications and network hardware. As operating systems and networks have increased in complexity, so has the event and log generation on these systems. In comparison, the logging of system, security, and application logs is not the only way to perform incident response. They do offer the capability to trace the activities of nearly any system or user-related movement throughout a given period.

I think it being laborious is the price to pay to ensure the finest security. Security is not always meant to be convenient or easy.

Commenter: Hyeon

Top of Form

Hello Doyin

Your article and post do show the impact of how significant the security landscape has pivoted once users began working remote and online.  It found a larger footprint and threshold into security issues that wouldn't traditionally be monitored as much or in volume.  It definitely raises the question of how our tools now need to evolve.  I can attest that in our environment and our migration into the cloud, our endpoints and more importantly, the number of data streams that come to and from the cloud, are required to be monitored in order to make sure that these instances are secured and transmitted safely.   This is why traditional SIEM and SOARs require to be updated or have algorithms/engines that can suit better to protect the cloud, cloud hybrid landscape.  I think this is one reason why big data and AI can work with existing threat assessment engines and pattern databases in order to keep up with the demand and infrastructure. Now that workforce has completely changed, we must also keep pace to change and make sure that SIEM and SOAR can quickly adapt and update/upgrade to meet demand. Threats are only going to get bigger and worse, and that $5 Trillion will grow eventually to a larger degree and the only way to mitigate the loss is to make sure that our traditional tools and security software can keep up. 

Commenter: Derek

Top of Form

Doyin, 

As you stated company's introduced new risk to their organizations by migrating their applications to the cloud. By making this move company applications and data became accessible to maliciously attach the firms. However, It's important to keep in mind that much risk existed for those individuals using physical servers as well. Previously, a natural disastor or fire could cause devestating harm to a company who didn't host their application on the cloud. Further, the time that it might have taken for an employer to physically drive to the server in order to resolve an issue might consitute a different kind of risk related to poor customer service and product availability. Company's migrating to the cloud are simply choosing which risk they would like to expose their organization to, and receiving the other benefits that can be realized by moving online. 

Bottom of Form

ADD A SHORT CONCLUSION

INTERNAL USE

,

Article Summary: Erich

Tesla Tops List of Crashes Thought to Involve Driver-Assistance Technology. June 15, 2022. The Wall Street Journal

Top of Form

In the article, Tesla Tops List of Crashes Thought to Involve Driver-Assistance Technology, by Ryan Felton and Rebecca Elliot of The Wall Street Journal, the authors go into detail about crashes that involved advanced driver assistance technology that is in high development stages by many car manufacturers. They go on to mention the potential dangers of the lack of transparency by car manufacturers when these systems fail. The article mentions the paradox of these systems creates as they are designed to keep us safe, while also becoming a glass crutch on the human drivers – giving a false sense of security and allowing our attention to wander. I have to agree with this stance in some regards. With a normal car crash of human error, there is typically negligence in one or both of the parties involved.  With these new technologies, does this further promote negligence? Perhaps it does. We’ve all seen those videos of people shaving, working, or even napping as their Tesla’s go down the interstate. I don’t think this is the goal of any driver assistance technology, but not enough is being done to combat this behavior.

When used appropriately, advanced driver assistance technology can save lives, that I have no doubt. The thought of having a second chance when perhaps you didn’t see a car in your blind spot or you were a tad slow in breaking and are about to hit a car or pedestrian is priceless to any driver. Having systems in place to help you overcome these mistakes isn’t the same as providing the opportunity to take a nap while on the road- which helps no one be safer. There needs to be more fail-safes requirements on car manufacturers in ensuring that drivers use driver assistance technology as an assistance to standard driver procedures and not a replacement of them.

SUMMARIZE COMMENTS BELOW

Commenter: Casse

Top of Form

As someone who cannot drive because of a disability, the thought of "self-driving" cars intrigues me. I live in a rural area without much in the way of public transportation. I think this technology has the potential to make the world a more accessible place, however, I think there is a good amount of development that still needs to be done to make it a viable option for those of us with disabilities. I would much rather the roadways be safer than have more freedoms for myself.

Commenter: Top of Form

Erich,

I believe early on we will see setbacks with this technology, and while it may be more severe with car crashes and death, it is to be expected with any large advancement in technology.  I just purchased a new vehicle and it has many new, autonomous features meant to provide a safer experience, however, it catches me by surprise sometimes and can actually be disabled.  Not sure this helps the cause, but I think some education may need to be implemented.  Maybe driver education will take a portion of this role, but the use of the technology, while easy, can be dangerous as you pointed out.  

I believe we are only going to see this technology expand.  All major auto industries are involved and designing technology.  As it transforms, I am curious about what vehicles look like in 10-15 years.  I think the trend to the smaller, more aerodynamic structures will be realized to enhance the features.  If technology and advancement tell us anything, it is to think outside the box.  This has the potential for a major shift in what vehicles look like in addition to the features they have. 

Commenter: Karan

Top of Form

With the advancement in technology, humans are trying to automate everything. I agree with the point that automation is not making humans smart. We are so dependent on technology that if we talk about some of the features introduced in the car, like a rear camera, side camera, radar, and lane assistant are common in new vehicles, new drivers are getting used to it. A fully self-driven car is a revolution in the car industry, and Tesla is leading in the game. As Casse Redus mentioned in his comment, it will benefit someone with a disability. I feel it will also be helpful to get a taxi at odd hours with self-driven cars. In the current market, every company is working on the entire self-driven car with safety as a priority. Because of peer pressure, companies keep introducing new features and approaching self-driving vehicles. Crashes happen during this process as drivers rely on it, but we are not yet there.

Commenter: Doyin

Top of Form

Driver-assistance technology is still considered new technology and its demand is expected to increase over the next decade, fueled largely by regulatory and consumer interest in safety applications that protect drivers and reduce accidents.

One factor that could influence Driver-assistance technology uptake is the rate at which the technology advances. Although semiconductor companies and other players have made important enhancements in recent years, there is much room for improvement. For instance, forward-collision warning systems still have difficulty identifying objects when a vehicle is traveling at high speeds. A typical Driver-assistance application incorporates many technologies but four stand out with regard to the challenges they present: processors, sensors, software algorithms, and mapping.

ADD A SHORT CONCLUSION

Bottom of Form

INTERNAL USE

Related Tags

Academic APA Assignment Business Capstone College Conclusion Course Day Discussion Double Spaced Essay English Finance General Graduate History Information Justify Literature Management Market Masters Math Minimum MLA Nursing Organizational Outline Pages Paper Presentation Questions Questionnaire Reference Response Response School Subject Slides Sources Student Support Times New Roman Title Topics Word Write Writing