Cyber security: The focus needs to be on people

The beauty of blockchain is its decentralisation which promises that it’s impossible to attack a weakness if there are multiple copies of the blockchain distributed across a network of nodes.  However, Emin Gün Sirer, from Cornell University, has shown that Bitcoin and Ethereum aren’t as decentralised as we might hope.

Although blockchain has been hailed as tamperproof it’s hardly the ‘truth engine’ that is beyond the reach of cybercriminals or hackers.  By design blockchain cannot be hacked, but its weakness is often at the point where its systems connect with the real world in software or applications. Exchanges that hold and transact cryptocurrentcy in e-wallets can be hacked and have been.  Since 2014 over $1.4 billion worth of crypto currency has been stolen from exchanges by hackers.  Some of the targets include popular crypto trading brands such as Coincheck & MT Go& BitGrail.

51% attacks, which for a long time were discussed as a theorical threat, have become real and this year several cryptocurrencies have fallen victim.  Also known as a majority attack, a 51% attack occurs when a malicious miner gains control of over 50% of the blockchain network’s hashrate, enabling them to reverse transactions, halt payments, or prevent new transactions from confirming.  A 51% attack is not easy to pull off and requires a sizeable amount of computing and therefore a large amount of electricity to accomplish.  The constructions of data mines, some in China which have been built near dams to benefit from cheap electricity, could become the Achilles Heel of blockchain.

How can companies apply the cybersecurity lessons we’ve learned to ensure that blockchain delivers on its promise of a secure decentralised public record?  The clue is to focus on the people.

Cybersecurity has become mainstream and it’s no longer activity carried out by an isolated hacker working maliciously out of their bedroom for thrills.  Organised criminals have spotted the potential rewards and, as well as targeting cyber currency in the modern-day equivalent of a bank heist, they are now hacking for data. Data is what drives everything and it’s what the hacker wants because they can sell it or threaten to share it, blackmailing the organisation for financial gain.  The organised hackers have their eyes set on big targets, beyond the quick win access to a bank account some are looking to impact the international political landscape.

There is a worldwide demand for skilled professionals who can work within White Hat (defence) or RED HAT (ethical hacking) teams. New job descriptions are being drafted to source individuals with skills that draw from law enforcement and intelligence to technology coding and analytics. According to the latest global information security workforce study from (ISC), there could be up to 1.8 million information security-related roles unfilled worldwide by 2022.  In Europe, the shortfall is projected to be about 350,000, with the UK’s share of unfilled cyber security jobs expected to be around 100,000.

The UK’s apprenticeship programme, which the Government promotes as a way to improve employability and fill skills gaps, hasn’t been slow to adapt and reflect the need for this new type of IT professional.  In December, Global Knowledge Apprenticeships and Qufaro will be launching the Level 4 Cybersecurity Apprenticeship at Bletchley Park which will be the base for delivering new qualifications in cybersecurity.

Bletchley Park’s Museum of Computing displays some famous World War II code-breaking machines and was the home of the Codebreakers.  As we are living in a connected society where the Internet of Things means that a kitchen appliance could be as much at risk of a cyber attack as a laptop, the next generation of Codebreakers will be coming to Bletchley Park with a different enemy in mind: The widespread threat that can access our banks and businesses from the tiniest ‘chink’ in the cyber defence.  And, it’s the resourcefulness and know-how of the individual cybersecurity professionals that’s going to keep us safe.

 

By Melanie Jones, Cybersecurity Product Director, Global Knowledge


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.