Blockchain may not be the answer to cyber security perils, says ethical hacker Noam Rotem
Blockchain is widely considered to be an effective solution to growing cyber security challenges. Does it really help? Can an open-source platform be the alternate solution? Ethical hacker Noam Rotem explains the possible challenges.
Cyber security is on everyone’s mind. With millions of people working remotely, hackers have had a field day by increasing the intensity of phishing attacks and other kinds of exploits. Some industry pundits pin hope on a decentralised solution or blockchain technology to ensure a better security solution for individuals and enterprise alike. But some are not convinced.
“Blockchain is an amazing solution to nearly nothing. While it is a cool buzzword and has a still-unknown potential, there are very few problems that it can solve that could not be solved by more conventional technologies. Security is based on "who you trust", and while blockchain allegedly says "trust no one", it also says "since everyone can see what everyone else is doing". This is less suitable for security, and I have yet to see a single security solution running on the blockchain that cannot be done better without blockchain,” said Noam Rotem, a cyber security expert and ethical hacker told Hindustan Times.
Rotem is also apprehensive about the idea of having an open-source platform for cyber security. The ethical hacker, who is working with risk security firm Lancers Network Limited in India, believes the open-source is a double-edged sword.
“Open source is a wonderful concept. It allows harnessing the power of the community to make the product better and make sure no backdoors or covert access points exist in it, it is also a double-edged sword since it allows attackers access to some of the inner workings they would not have access to otherwise,” he added.
According to Rotem, it is even more extreme when it comes to data collection tools such as scanners. Giving these tools to the community that while allowing the good guys to make it better, it also allows the bad crowds access to some powerful tools that can be used to find, steal, and exploit valuable data belonging to others.
Rotem also has a piece of advice for companies which are scrambling to keep their data safe ever since the pandemic forced them to re-strategise everything. He pointed out that some companies make too many mistakes, including some fundamental ones, that make it extremely easy for hackers to target them. The hacker said the firms do not understand that data leak could happen in any part of the chain, and as always, the weakest link is where attackers will look at.
“There are various technologies that are being used by CISOs to protect their company data and security: VPNs are an important tool that allows to securely into the company networks from remote locations; endpoint security software that can detect and stop even still-unknown threats; and advanced scanning technologies to detect data leaks before they are exploited by adversaries or malicious parties,” he further said.