Digital Age Data Breaches - Is Blockchain A Quick Fix?

Shashank Bajpai, Chief Information Security Officer, ACKO General Insurance Limited

Shashank Bajpai is the Chief Information Security Officer (CISO) of ACKO. ACKO is the first startup in India to build an insurance business solely on a technology platform. Shashank possesses domain expertise in Cyber Security, IT Strategy & Risk and has won many accolades such as “CSO 100” “InfoSec Maestros of 2018” & “Top 100 CISO’s in India”. Key focus area being to harness new-age technologies like Machine Learning, IoT and Blockchain to not only secure but also complement the business strategy

Digital data continues to expand exponentially, with the amount of information stored online growing at an unprecedented rate – one that currently exceeds the growth of the world economy by approximately four times. It’s estimated that we will generate about 16.3 zettabytes of data annually, and by the year 2025 that number will increase to 163 zettabytes. These figures are even more telling when we compare them with actual data usability. Research shows that there are uploads of an hour’s worth of video footage every second, and that we tap our phones on average 2,617 times a day. But, as we descend evermore into a truly datafied, tech-savvy society, we also become less careful about the information that we voluntarily share with service providers – not to mention the digital footprints we unconsciously leave behind.

Data breaches are a real danger for both brands and customers and can affect trust in brands. Globally, the average cost of a data breach is USD 3.62 million. In 2016, credit card and identity fraud cost USD 16 billion in the US alone. In 2015, lost revenue due to false positives—genuine transactions misidentified as fraud—to USD 118 billion. And that’s not even factoring the reputational costs to businesses whose customer data has been hacked.

Broadly a few worst-case scenarios that businesses could face from poor data management are –
1. Suffer a security breach or attack.
2. Lose or compromise customers’ data.
3. Put employees’ data at risk.
4. Could suffer a DDoS attack.
5. Lose a lot of money - It is forecast that by 2021, cybercrime damages will cost the world USD 6 billion.
6. Operate against laws and regulations.
7. Put intellectual property or trade secrets at risk.

8. Could be hit with a virus - 33 percent of all data breaches originate from intrusive or harmful software.
9. Could be targeted by hackers.
10. Could suffer damaging downtime - An unplanned outage costs an online business 6,000 GBP per minute on average.
11. Could hurt your reputation - 90 percent of CEOs, striving to rebuild commercial trust among stakeholders after a breach is one of the most difficult tasks to achieve for any company – regardless of their revenue.
12. Could risk physical data loss.

The cause of Data Breach can be significantly narrowed down to - Poor Data Management & Poor Cyber Hygiene of such centralized databases hoarding huge amount of data. With technology being fundamental to many businesses, it should hardly be seen as a surprise that cyber-attacks pose significant threats. It is essential to encourage businesses, and active participants in the digital economy, to implement protective measures that allow them to comply with data protection regulations. The simplest way for preventing data breaches involves commonsense security practices, such as conducting ongoing vulnerability and penetration testing, applying proven malware protection, using strong passwords/passphrases and consistently applying the necessary software patches on all systems. Also encourage encrypting sensitive data, whether it is stored inside an on-premises network or third-party cloud service, thereby preventing threat actors from accessing the actual data.

Blockchain technology represents the latest advance in distributing computational efforts across a network and also offers immutability

Although there is no ‘silver bullet’ that can protect your business from cybercrime, putting in place adequate security measures is essential for stability and continuity. But implementation of Blockchain could simplify the management of trusted information, making it easier to access and use critical data while maintaining the security of this information. A Blockchain is an encoded digital ledger that is stored on multiple computers in a public or private network. It comprises data records, or ‘blocks’. Once these blocks are collected in a chain, they cannot be changed or deleted by a single actor; instead, they are verified and managed using automation and shared governance protocols. So far, banks, payment-service providers, and insurance companies have shown the highest level of interest and investment in Blockchain.

Blockchain technology represents the latest advance in distributing computational efforts across a network and also offers immutability. Immutability on the Blockchain is powered by ‘proof of work’ cryptographic processes that require huge amounts of computing power to add new information to the ledger, as well as an almost inconceivably high amount needed to ‘game’ (fraud) the network. As financial institutions and their corporate clients move forward into the brave new world of Blockchain technology, they must remain mindful of the fact that this is just another means of conducting business transactions, and the time-honored principle of caveat empt or still applies. Parties entering into Blockchain transactions should ensure that they are doing their due diligence on the representations underlying those transactions. The application of Blockchain technology could potentially increase the risk of fraud. That’s because a comprehensive review of fraud, alteration, and forgery may not occur in a Blockchain transaction.

From a Cybersecurity aspect, Blockchain successfully delivers the full range of weaponry required to tackle data breaches: zero-knowledge storage, encryption, privacy, security and trust. The possibilities for personal and financial data are immense. Harnessing the strength of the Blockchain, it’s entirely possible that the data breaches we know today could become a thing of the past very soon.

Current Issue
Blue Dart: Technology Led Transformation Towards A 'Less - Contact' Society