Home / Crypto Currency / Worldpay’s Peter Tran Remains Skeptical About Blockchain for Cybersecurity

Worldpay’s Peter Tran Remains Skeptical About Blockchain for Cybersecurity

“In the cybersecurity industry, there’s always a new shiny ‘tech toy’ or novel approach around the corner, so it’s important to not be myopic that blockchain for cybersecurity will be akin to finding the cure for the common cold. As promising as blockchain may be, the industry is far from universal adoption,” warns Peter Tran, Vice President and Head of Global Cyber Defense & Security Strategy at Worldpay.

As cybersecurity experts around the globe prepare for next week’s all-important RSA Conference, where discussion topics will include the latest threats and developments in the security industry, Tran remains skeptical about blockchain technology as being the answer to the industry’s woes.

The Biggest Challenge for the Cybersecurity Industry

The cybersecurity industry is currently experiencing a lot of headaches – from a shortage of talent, to finding new ways of keeping up with whack-a-mole attacks from increasingly innovative hackers. As security technology advances, so does the sophistication of cybercriminals, and, in many cases, slow detection of attacks is what leads to the greatest devastation.

“By far the biggest challenge in cybersecurity today,” says Tran, “is the lack of visibility and early detection into cyber threats that are targeting and/or have established themselves within networks undetected for weeks, months, and often years before a breach occurs.” This undetected presence is called “dwell time,” and refers to the average time from which an assailant enters a network until he or she is detected.

Many hackers simply enter undetected and observe their surroundings, finding a way to obtain the information they want without anyone noticing. “You won’t ever know if you’re off course until the unthinkable happens,” says Tran.

In fact, according to a report by Ponemon, dwell times for malicious attacks average 229 days. In reality, they can be much longer. “That is why high-profile breaches have been catastrophic with unpredictable downstream consequences.” Think Equifax, Yahoo, eBay, or JP Morgan.

How Cybersecurity Professionals are Working to Combat these Problems

“Gone are the days,” says Tran, “of relying on perimeter-based or even endpoint security ‘blocking and tackling’ defenses… Build a higher firewall? The attacker will just use a longer ladder to get over or around it.”

Information security professionals are having to turn to more creative methods of stopping hackers in their tracks. Many professionals in the industry are adopting data science and the use of analytics to determine what good versus malicious behaviors within networks look like. One of the advantages of doing so is that it shows results in real time. “No one wants to wait for a fire alarm to alert you to a fire that’s already in a full blaze,” says Tran.

Artificial intelligence (AI) and machine learning (ML) are also becoming front runners in the cyber defender’s arsenal. With the rising sophistication and ingenuity of the types of attacks we’re seeing, non-traditional methods like AI can uncover malicious blind spots more efficiently than traditional security methods and tools can. “It’s the next generation of neural networks to make security decisions based on patterns and predictive forecasting much like how financial markets and data are analyzed,” Tran explains.

What about Blockchain for Cybersecurity?

While many cybersecurity experts are lauding the blockchain and the wonders of its decentralized nature as a cure for cyber threats, Tran isn’t jumping for joy just yet. After all, the technology is still very new, and new technology usually comes with teething trouble.

“Although blockchain research has been conducted over nearly the last decade, typically a technology won’t truly be put through its paces to expose any hidden flaws until it reaches a certain critical mass of adoption, and the industry just isn’t there yet today.”

Furthermore, the issue may not be with blockchain technology itself, but rather with the way in which it is executed. We know by now that blockchain is the most secure technology we have. But that doesn’t stop attacks from happening on secondary software, like wallets and exchanges. “Like any technology,” says Tran, “the devil is in the details of its execution. A poorly designed or applied technology, no matter how good it is, can fall short, particularly in security.”

Finally, there remains the very real issue of how economically viable replacing current security infrastructure with blockchain – and finding enough blockchain security experts to oversee it – will be.

Final Thoughts

It’s not all bad for blockchain and cybersecurity. Tran admits to having seen some effective use cases for the security industry, namely within authentication, identity and access control. REMME’s blockchain solution, for example, is built on blockchain’s decentralized design and successfully authenticates users and devices with multi-factor authentication. “Blockchain in this instance stands to eliminate the lowest hanging fruit for cyber attackers… crackable passwords.”

Just like the bearish and bullish crypto markets, blockchain technology has its advocates and those who have yet to be sold. But ultimately, any technology that could bring the number of cyber threats down to zero would be welcomed with open arms by all.

Read more

Check Also

Pro League of Legends Gamer Robbed of $200K in Crypto in Sim-Hack

A prominent eSports gamer took to YouTube to reveal to his audience how “someone stole $200,000” worth of cryptocurrency in an apparent sim-swap hacking incident – a new growing cybercrime trend that appears to focus on cryptocurrency investors. Pro Gamer Doublelift Has $200K in Crypto Holdings Stolen American professional League of Legends player Yiliang “Peter” Peng, best known as Doublelift in the eSports space, was reportedly hacked, resulting in $200,000 in cryptocurrency being stolen from his accounts. In a YouTube video, Peng recounts how he woke up to a notification on his phone from his bank account, alerting him that his account had become overdrawn. Peng, who has won over $174,000 in prizes throughout his career as of August 2018, says he doesn’t check his bank account often, but was surprised to learn it was empty. The account had become overdrawn due to an excess of Coinbase transactions, wiping out his entire balance and then some. Distressed, Peng attempted to access his Coinbase account to see what had transpired, but to no avail – the hacker had already changed his username and password. Peng says the transactions totaled as much as $200,000. League of Legends Star Suffers Sim-Swapping Hack The pro gamer is confident the theft is related to some strange occurrences involving his cell phone provider, and the order of events suggests that Peng was the victim of a sim-swapping hack – a quickly growing cybercrime trend affecting cryptocurrency investors. After calling T-Mobile, Peng discovered his phone number had been reported as lost or stolen, and may have been transferred to another handset. In a sim-swap hack, cybercriminals pose as the owner of the phone number in question, in order to gain access to the phone number and use it to receive two-factor authentication codes and other information secured behind a text message verification. The hackers took things a step further, creating a web of email filters designed to keep sensitive emails that might alert Peng of the hacker’s activity from ever reaching his inbox. Even the Coinbase emails confirming transactions were forwarded to a hidden address and deleted before Peng could see. The League of Legends star is confident he’ll get his stolen funds back eventually. Is Sim-Swapping Becoming a Widespread Threat for Crypto Investors? It’s not just Peng that was a victim of a sim-swapping attack. Other high-profile figures have also reportedly been targeted. Serial entrepreneur and pioneer cryptocurrency investor Michael Terpin is currently suing AT&T in a $224 million lawsuit in relation to a sim-swapping hack Terpin suffered recently. Terpin had $24 million in cryptocurrency stolen – substantially more than what Peng lost – in the alleged hack. Terpin blames AT&T for negligence, and even claims that AT&T employees may be involved in the scheme. AT&T is disputing the allegations. Many cryptocurrency exchange accounts are secured using two-factor authentication (2FA) that includes text message verification. Due to the emergence of sim-swapping hacks, cryptocurrency investors should seek to switch their 2FA method to the Google Authenticator app for an added layer of protection. A hacker would need to access the physical phone, not just the phone number, to access any sensitive accounts. Featured image from Shutterstock. The post Pro League of Legends Gamer Robbed of $200K in Crypto in Sim-Hack appeared first on NewsBTC.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.