The Goals of Blockchain: Trust and Security

What is Blockchain? Blockchain explained for non-coders

Blockchain is a way of recording that sequentially links every revision of a a record, in a distributed / shared log (or ledger for finance folks).  Every transaction is recorded in an every growing record chain.

Featues of Blockchain Records

• decentralized digital record ledger
• data records (blocks) are tied together in time sequence
• any change to a record adds a new block
• nothing can be deleted or changed without a record as evidence
• “tamper proof”
• can be used for any kind of data
• distributed network – doesn’t reside on just one computer or desk

Security and Trust

Blockchain brings the promise of trusted data, and impossible…or very low probability of fakes. It can allow a person to own their own data and share it with the world as they choose. Panacea.

Code Is Opportunity

But this is code and electronics. There is always some relative weakness.  Code is the realm of hacks.

Crypto hacks have shown that environments where blockchain are used are not unlike other things in the cyber world.  Regardless of how trusted or secure a blockchain inidivudal record is, the the application or system it’s used in is vulnerable to the same old cybersecurity problems that befall everyone else.

Two main ways: stolen keys (the passwords), and exploiting bugs in code. Here are some expensive examples:

The Nine Largest Crypto Hacks in 2022

The biggest cryptocurrency hacks of all time

Where is Blockchain Used?  Is it Here Yet?

Blockchain is being introduced in the background with the big insurers, banks, pharma, governments, etc. For most of us, we won’t see it or it won’t affect us for a while (some years).  Blockchain is really only encoutered by most people who invest in or read about crypto currencies.  What blockchain offers crypto is the distributed, trusted accounting that is needed when there is no central bank.  It’s the perfect and obvious applicaiton for this new way of tracking transactions.

Healthcare Blockchain & How It’s Used

Blockchain methodology and application are still in the infancy stages for the healthcare industry as a whole. There is an ever increasing number of companies applying blockchain in different ways.

Some create trusted data share groups.  These allow us patients – us individuals to own and control our personal medical history records.  We can choose who we allow to view and add to our records.  And they can’t be tampered with.  That’s real power in the hands of the people. 

Some healthcare blockchain companies and projects focus on the validation of drug history, DNA info, etc. This is similar to traceability that supply chains are generally concerned with.  Knowing the history or the full life path of who touched an item from raw material and out and into the marketplace, is important for controlling quality, safety, and accountability for problems.

Other blockchain tech companies just create data network protocols (the code stuff) or hardware (like crypto currency wallets).  These support products and services advance the practicality and usefulness of blockchain in healthcare.

Why Aren’t We All Using Blockchain?

What’s the Holdup? We need trusted, secure solutions today!

The Performance Problem

Blockchains also suffer from a capacity problem. That’s the reason one crypto currency has not really won out yet. Each transaction must be written somewhere. Therefore, the greatest strides have been done through supply chain. Once the object has been delivered, it can be archived or erased. Food is the one application that holds the greatest promise. A head of lettuce grown in a field can be tracked until sold. If a contamination is discovered, tracking to the field, within a farm, can be pulled out of the blockchain in an instant.

Cons for using blockchain are processing speed and resources needed. It can consume a lot of computing power to solve the complex cryptographic equations for validating a record to be added to a chain. For crypto currencies, this is one way you get paid – by “mining” or by computing a new record. It takes time, so fewer transactions per second and computing power and electrical power. Both cost money…real money. : )

Healthcare faces the same limits as currency. People live a long time. Each prescription, procedure, etc. must be kept for the life of the individual. The cloud is not limitless. Everything has a capacity.

Listen in as we kick off Cybersecurity Month with another great interview by Dorothy Cociu on the Benefits Executive Roundtable.  In this show we discuss hot security topics and security breaches in 2022 and 2021.  Find out what’s been happening and what you can avoid being a statistic!

Listen and follow the podcast series Benefits Executive Roundtable:

https://advancedbenefitconsulting.com/s4e6-data-security-risks-and-importance-of-cybersecurity-part-1/?

Where Are You Most Vulnerable?

Hackers understand that employees are often the weakest link in an organization’s security. That’s why 98% of cyber attacks rely on some type of social engineering, costing companies $billions every year.

Are you familiar with these new Cyber criminal techniques that can leverage ANY connected employee to breach your security?

As an increasing number of employees are forced to work remotely during the COVID-19 crisis, IT networks have become even more vulnerable to cyber-attack, especially when users connect over unsecure Wi-Fi and/or Home Networks with their personal devices.

In addition to raising awareness about new security threats for your employees, we’ve included 8 tips to help teleworkers (and any connected employees) improve security. You’ll also see recommendations on how ongoing Cyber Security Awareness Training is crucial to a strong defense.

While users are regularly encouraged to keep their anti-virus definitions and software up-to-date, 6% percent of users NEVER receive any type of security awareness training, while another 33% receive only once per year or when they join the company.

Key Security Lingo

Every employee should also become familiar with the latest phishing and ransomware strategies to prevent becoming that weak link.

Phishing (or Spear Fishing)

Vishing

Pretexting

Business E-Mail Compromise (BEC)

Baiting

From an IT Security perspective, the term “social engineering” refers to cybercriminals using any number of psychological tricks to get users to perform actions (click on an email or link) or divulge personal or confidential information.
While technical hackers seek vulnerabilities in the networks or software, social engineering cybercriminals exploit an end user’s tendency to trust.

Other types of social engineering may include creating distrust, or starting conflicts by altering private or corporate communications. There are literally thousands of variations to social engineering attacks, limited only by the criminal’s imagination.

Phishing (or Spear Fishing)

Phishing is the most common type of social engineering attack. Hackers pose as a trusted source (a friend, boss, colleague, bank official, government agency, etc.) and concoct a seemingly logical scenario for handing over login credentials or other sensitive personal data.

The cybercriminal may obtain your email address from a compromised email account or web directory and then go “Phishing,” sending general emails to everyone, or go “spear fishing,” personalizing an email for just you.

The email will contain:

• A link that you just have to click on, taking you to a website that asks for your personal information and/or automatically downloads malware
• An attachment of pictures, music, movie, document, etc., that has malicious software embedded. 

Vishing

Another type of phishing, using voice instead of text. The cybercriminal recreates an IVR (Interactive Voice Response) system of a trusted company, attaches it to a toll-free number and tricks you into responding to the cell phone prompts with your personal information.

Pretexting

Pretexting is a social engineering technique of presenting oneself as someone else in a fictional situation in order to obtain private information.

This may be another phishing exploit, or use baiting techniques, but it’s all about developing a believable story, which may include:

Urgent request for help. Your ’friend’ is stuck in another country and needs money to get home or to pay a fine. Or the CEO sends an email titled “URGENT!!!!!,” with a message containing spelling mistakes.

Ask you to donate to a fundraiser, or some other cause. Disaster relief, political campaign, or charity needs money and/or your personal information to keep you informed.

Notify you that you’re a ‘winner.’ This phishing attack claims to be from a lottery, or a dead relative, or the millionth person to click on their site, etc. In order to receive your “prize” you will need to provide your bank routing number along with other details to steal your identity.

Pose as tech support or other professional. Also considered a “Quid Pro Quo” attack, the cyber-criminal is responding to an issue, and requests information, and/or a download of a scanner (malicious software) to scan your system. The criminal may be quite helpful and provide productivity tips while stealing your identity.

Serious Business Pre Text

One form of pretexting, called Business E-Mail Compromise (BEC) uses a variety of tactics to con the company into wiring funds. The cybercriminal group likely gains access through spear-phishing and/or malware, and then spends weeks or months discovering the organization’s billing process, vendor payments, and the CEO’s email style and travel schedule.
Then when the CEO is out of office, the scammers send a targeted email posing as the CEO to the finance officer (bookkeeper, accountant, controller, or CFO ) requesting an immediate wire transfer. The vendor will sound familiar though the account numbers will be slightly different.

If undetected, the initial and subsequent requests will cost the company thousands if not hundreds of thousands of dollars.

Baiting

This type of social engineering scheme dangles malicious devices inside a seemingly harmless carrier, hoping someone will “take the bait.”

These schemes are often found on Peer-to-Peer sites offering a recent movie, or music to download, but they’re also found on social networking sites, job posting sites, online auctions and e-commerce sites.