Blockchain is perhaps the hottest thing in tech right now.
It’s the decentralised ledger technology that undermines cryptocurrencies and is already starting to transform supply chain management.
And according to one senior analyst at a global intelligence firm – it could be the future of cyber security.
Jeff Yong Xun Xie is a Senior Security Analyst at IDC Asia Pacific.
He analyses the latest cyber security industry trends and assesses the viability of different solutions on the market.
“I think it's natural that blockchain falls into the cyber security portfolio because, first of all, blockchain actually enhances the security of data when transactions are being processed in the distributed environment,” he says.
Having had major reports published on the topic, Xie is a leading figure at the intersection of blockchain and cybersecurity.
He explains it is the decentralisation of the technology that makes blockchain such a valuable asset when it comes to cyber security.
“It gives you an automatic chain of cyber security baseline whereby people are not able to just hack into centralised storage and manipulate the data,” he says.
“That preserves the integrity, and no one can easily hold majority control of the blockchain. That will then preserve and broker the trust within those transactions.”
The idea of blockchain in cyber security is one that is beginning to gain traction.
However, in some regions, blockchain technology faces an uphill regulatory battle which is hindering its effectiveness in cyber.
“The technology itself is an opportunity, but since it is often tied to cryptocurrency, which is one of the underlying factors of blockchain, we see a lot of government legislations and regulations coming up around ICOs [initial coin offerings] and not so much on blockchain technology,” says Xie.
He cited countries that had completely banned ICOs, such as China and South Korea, and the potential long-term harm this could cause to the development of blockchain.
“It [an ICO ban] is sort of a roadblock for the blockchain technology innovation, because once it has has been banned, it is unlikely that the number of blockchain companies will thrive in these countries, as raising funds through ICOs is the conventional way blockchain start-ups kickoff their projects.
“The big players with deep pockets focusing on the technology may stay, but start-ups, which form a sizable part of the blockchain innovation scene, might simply turn to other countries.
“Bans on ICOs and cryptocurrencies may actually be hindering the blockchain technology innovations.
“But we can see many countries are also researching and trying to understand more about the technology.
“I certainly hope that moving forward – with proper regulation – regulation will actually help to drive the innovation of blockchain technology.”
The IoT revolution
Xie’s work is not limited to blockchain.
Rather, his focus is on emerging technologies and the impact they have on cyber security.
With Internet of Things (IoT) technologies now beginning to enter the mainstream, Xie is already investigating what a more connected world means when it comes cyber threats and vulnerabilities.
“We're in a digital age where a lot of things are going digital,” he says. “Especially when it comes to IoT, I think it is especially important that cyber security be incorporated as part of the design of the product that is being offered.”
IoT technology promises to transform manufacturing, healthcare, transport and retail industries through creating more interconnected and adaptive networks.
However, the improved productivity and potential cost saving could bring some new vulnerabilities, according to Xie.
“Anything digital and connected is actually an avenue for cyber attackers to get in and to take control of your life.”
The healthcare industry in particular is capitalising on some of the opportunities presented by IoT technologies.
“Traditionally, with a pacemaker, we had the issue of the healthcare service providers not being able to update them.
“We then start to see some of the researchers exploring the integration of wi-fi capabilities into a pacemaker.
“Well, that gives convenience to healthcare service providers to let them to access and monitor the performance of the pacemaker in a patient.
“It also opens an opportunity for cyber attackers to take control over the pacemaker – that in turn opens up another can of worms where the risks involved is actually life and death.”
And would Xie ever use a wi-fi-enabled pacemaker?
“I would definitely opt for an offline pacemaker for my heart.”
Cyber, business and people
Xie also works with businesses to identify emerging challenges and strengthen their cyber capabilities.
He explains that his greatest challenge here is highlighting cyber security not just as an ICT risk, but a business risk.
“Security is as strong as the weakest link,” he says. “So, you may have the most sophisticated and high-end security systems, but if your employees are not properly trained, just a simple act of plugging in and inserting a USB into their work systems could just bypass all your expensive technology.”
Creating this change, and ensuring cyber security training receives the necessary funding, must be driven from boardrooms, not IT desks, he says.
“Cyber security should be driven from the top down.”
“The business leaders should be the ones advocating cyber security initiatives and practicing what they preach.”
This is for good reason.
Xie describes ‘whaling’ – a new phenomenon where email phishing scams target business leaders.
It is a term originating from Las Vegas, where extra time and effort is spent on getting the ‘high rollers’ into the casinos.
In the security world, this extra time and effort is spent on creating seemingly legitimate and urgent phishing scams that will con a C-suite executive into handing over important business information or credentials.
“These are the people that are actually not as careful; CEOs and top business leaders are the ones clicking on such links.”
The example he gives is of a CFO being sent a fake link from the bank to urgently reset a compromised company credential.
“It may not necessarily be easier, but it usually results in a more lucrative heist.”
Imagining the future
Xie has just welcomed the birth of his first child.
And his introduction to parenthood is already causing him to think about how technology will change the future, and the importance of cyber security.
“The first thing that I'm worried about is when he grows up and starts to get in touch with technology,” he says.
“As individuals and even kids start to get online there's a lot of risk involved there.
“You don’t know who is on the other side of things.
“Nowadays, putting an iPad or mobile phone in their hands may be further exposing them and more dangerous than letting them go out on their own.”
Jeff Yong Xun Xie is an ACS Certified Professional (Cyber Security).
In our CYBER EXPERTS SERIES, Information Age talks to cyber security leaders across Australia and beyond about the biggest threats facing the industry, how they got into cyber security, and what keeps them up at night.