Connect with us

Finance

Blockchain Security-Moving Beyond the Hype

Published

on

Author: Morey Haber, Chief Technology Officer, BeyondTrust

I am simply amazed at all the buzz around Bitcoin, Blockchain, and cryptocurrency. However, the truth is that blockchain has a limited place in business and needs to be secured just like any other application; with some twists.

The Why

Blockchains are not a database replacement, nor will future applications that utilize them. They are a multi-node distributed ledger system that secures entries based on volume and verification. Natively, blockchain can only process a limited number of transactions per second and cannot store complex records or blobs—only ledger-style information that has a finite start date, like shipping information.

Morey Haber, Chief Technology Officer, BeyondTrust

As such, historical records, pictures, complex indexes, and other large datasets are just not good for blockchain technology. This is one of the problems security teams need to understand. Think of a blockchain implementation like an old school peer to peer network technology from Napster or bearshare. Each node contains a database of all records and any new entries need to propagate to all other nodes for validity. While a peer-to-peer network queries its peers for entries, blockchain actually contains a duplicate of all entries compared to its peers. This means tampering with one node does not invalidate the entire blockchain. As a consequence, every entry has to be properly validated to be accepted as a ledger entry and propagated to other nodes.

This is where security is so critical. Entries into the blockchain ledger need to be validated for fraudulent activity, and more importantly, the hosts containing blockchain implementations need to be secured against vulnerabilities and privileged attacks that could compromise or tamper with blockchain insertions. There is no concept of blockchain ledger modifications—this is key to protect the integrity of the data. Once an entry is accepted, it is permanent. Therefore, if you can attack the server, application, and ledger processes, you can tamper with the blockchain. This is how some of the recent cryptocurrency attacks have been occurring.

To cite a recent example, on Monday, May 28th 2018, The Hacker News reported on a wicked vulnerability within the EOS Blockchain Platform. While the vulnerability is considered critical, and the method of exploitation fairly basic (a maliciously crafted file), the ramifications are truly astounding. After the vulnerable parser reads the file, it forces an exploit on the node which could then be leveraged against the supernode on the EOS platform. The supernode is responsible for collecting transaction information and packing it into blocks. Once the threat actor owns the supernode, he/she can modify or create malicious blocks that would control the entire EOS network. This includes everything the EOS Blockchain Platform has been implemented to perform—from cryptocurrency, supply chain management, to identity storage. Let this sink in—the uncrackable Blockchain (as it is advertised) can be owned by the fundamental technology designed to protect it; WASM files (smart contracts) and a simple file upload.

The How

So how do we secure blockchain implementations? We first start with cyber security basic hygiene:

  • Asset Inventory – Identifying and managing the lifecycle of all software, code, applications, nodes, and operating system used in the Blockchain.
  • Change Control – Ensuring changes to the operating system, application, and resources are documented and go through a formal change control process.
  • Configuration Management – The hardening and removal of default settings that are a liability for the operating system, application, or network.
  • Vulnerability Management – Ensuring that the operating system, application, web application, and source code are reviewed for vulnerabilities and risks are prioritized accordingly.
  • Log Management – Centrally managing and parsing log files from all resources in the environment including transaction logs.
  • Patch Management – Using a systematic and predictable methodology for deploying maintenance and security patches to all systems in the environment—from firmware to web applications and everything in between.
  • Identity and Access Management – The predicable workflow management of identities, roles, and entitlements for all users that have access to resources of the system.
  • Privileged Access Management – The management of all privileged access into the Blockchain environment—from operating system to web applications including password management, least privilege access, session management, keystroke logging, and application to application key and password management.

And now the twist:

  • New entries into the blockchain should be secured with dynamic privileges and only valid for one-time usage. This can be done with privileged password access solutions and keys or passwords using an API. An insecure insertion path into the blockchain can lead to devastating results.
  • Reads from the blockchain should be secured in a similar fashion to ensure the retrieval is not tampered with (like a man in the middle attack) before processing by the application.

Since modifications and deletions of blockchain records are not permitted, all entries must be 100% valid or the entire model (ledger) could be compromised. Think of blockchains as just another application for data storage. It has limited data storage capabilities, is not very fast, but is designed to be highly distributed and 100% reliable. If your application or host can be tampered with, so can you blockchain. The goal—securing both during their design and implementation so this can never occur.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Finance

GET READY FOR A LARGER-THAN-EXPECTED INTEREST RATE SPIKE IN 2022

Published

on

By Nicholas Sargen

As investors assess what is in store for 2022, they should not lose sight of what has transpired over the past two years. What stands out is that the COVID-19 pandemic is different than any prior global shock in the last 50 years. When it struck in early 2020, the economy suffered its steepest decline on record as businesses and schools were shuttered. But it also rebounded quickly as businesses reopened, and it has since recouped all the output declines and most job losses. The economy has also experienced the steepest rise in inflation in three decades.

The quick recovery is testimony to the unprecedented fiscal and monetary policy response that occurred, as well as to the resilience of U.S. businesses and the workforce that has been facilitated by the digital economy.

Nick Sargen

The vigorous policy response in turn provided cover for investors to add risk to their portfolios. Stock market returns since late March 2020 have exceeded any comparable period in U.S. history with the major indices doubling in value. And there has been no meaningful correction over that period.

Looking ahead, the investment landscape will likely prove trickier for several reasons. First, the COVID-19 pandemic is proving more difficult to eradicate than many had anticipated. Second, the Fed has signalled it will likely raise interest rates to curb inflation. Third, much of the good economic news has been priced into markets.

Of these, the hardest to forecast is the pandemic. One of the key lessons from the delta variant, however, is that it did not produce lasting damage to the economy because businesses and schools remained open. Accordingly, Federal Reserve Chair Jerome Powell told lawmakers that the economic effect of the omicron variant would not be “remotely comparable” to what occurred at the onset of the pandemic. But it could influence monetary policy if the economy slowed.

The focus of investors currently is on the prospect of Fed tightening to curb inflation. After being in denial earlier, the Fed now recognizes the pickup in inflation this year is not transitory and could persist into 2022 and 2023.

At the December Federal Open Market Committee (FOMC) meeting, the Fed announced it would speed up its tapering of bond purchases to conclude in March 2022, and it increased the projections for the federal funds rate. The median forecast of FOMC members now calls for three rate hikes in both 2022 and 2023, with a terminal rate of 2 percent-2.25 percent by 2024.

The looming issue is whether this gradual glide path of rate increases will be sufficient to bring inflation back to the Fed’s average annual target of 2 percent.

I am sceptical for several reasons. First, the median projections of Fed members for the coming year call for real GDP growth of 4 percent and the unemployment rate to fall to 3.5 percent, which suggests the economy will be approaching its long-term potential.

Second, inflation expectations are becoming embedded in wages, which have risen steadily and are now approaching 4 percent.

Third, while supply-chain disruptions may ease as the coronavirus pandemic abates, the housing component of the Consumer Price Index is likely to stay elevated. Finally, fiscal, and monetary policies are still accommodative.

Financial markets have taken the news in stride thus far, as the Fed’s forecasts are in line with what investors were anticipating. Bondholders, nonetheless, should realize that even if inflation subsides to the Fed’s 2 percent target in the next few years, they in effect will be accepting negative yields in real terms throughout this period.

 

So, why would they do so?

My take is that investors’ expectations about inflation and interest rates have been shaped by the experience following the 2008 Global Financial Crisis, when economic growth and inflation were subdued for a decade. This outcome is consistent with prior bouts of financial crises, as Carmen Reinhart and Kenneth Rogoff spell out in their article “Recovery from Financial Crises.”

By comparison, the coronavirus pandemic is a completely different type of shock that did not inflict lasting damage on the economy and the financial system.  While it has taken a heavy toll on people’s lives and well-being, it has also unleashed unforeseen changes in the way business is conducted and how people go about providing for their livelihood. Throughout the travail, what stands out is that many U.S. companies are highly adaptable and experienced increased productivity while others have seen their businesses disrupted.

As a result of the policy support during the pandemic and the resilience of the American economy, the U.S. stock market has posted outsized returns in the past two years that far exceed other developed markets. To a large extent, the gains this year reflected a strong rebound in corporate profits, with earnings for S&P 500 companies up by 40 percent. Going forward, however, investors should lower their return expectations as the economy and earnings normalize while interest rates rise.

How well the stock market performs will hinge to a large extent on how inflation fares. If it recedes as the Fed expects and interest rate increases are gradual, valuations are likely to remain high. But should inflation prove to be persistent, and the Fed is compelled to accelerate the pace of rate hikes, the stock market would become vulnerable, and the bull-run could end. For this reason, I believe caution is warranted.

Nicholas Sargen, Ph.D., is an economic consultant and is affiliated with the University of Virginia’s Darden School of Business. He is the author of “Global Shocks: An Investment Guide to Turbulent Markets.”

Continue Reading

Finance

Looking Ahead: 2022 Fintech Predictions and Reflections

Published

on

By

Will Marwick, CEO of IFX Payments

 

2021 was the year of recovery and opportunity for many, following months of disruption caused by the pandemic. But whilst many industries have struggled to bounce back from the disruption, many Fintechs have managed to thrive in a somewhat hostile economic climate as a result of innovation, digital disruption, lucrative funding and a vision for how products can change the lives of consumers whilst helping businesses grow.

From a personal perspective, it’s been wonderful to see that as an industry we have shown our continued resilience and ability to pivot to customer needs which has seen the likes of open banking and contactless payments boom in the wake of the pandemic. The agility and disruptive mindset of both established players and emerging disruptors meant that competition has only become fiercer, making everyone work harder and smarter which ultimately pushes the boundaries of what is possible.

Its therefore no surprise that UK FinTech funding more than doubled to $11.4 billion in H1 of 2021 alone, indicating investor confidence in the industry. This will pave way for further opportunities to innovate and disrupt financial services for the better.

2021 for IFX was one of the best years to date since our inception in 2015. We’ve expanded our capabilities, worked with new partners and bolstered our team with great success. All of which we aim to amplify even further this coming year.

As we look forward into 2022 it’s important to consider the new emerging trends and movements set to shake up the industry and how as a business we can play our part in what is set to be another trailbrazing year.

 

2022 Trends 

1. Embracing Fintech Partnerships. In 2022 we’ll see greater collaborations between services providers across a host of industries. Being a collaborator, rather than a competitor, is key to being successful in this sector as we all look to identify a means of fitting into a modular ecosystem. As a starting point, every business has to recognise that success comes from leveraging the strengths of others to amplify their own. Businesses must admit that they can’t be best at everything and counter that by creating strategic partnerships that will reign supreme. Ultimately, collaborating with and embracing other specialists within the sector allows fintechs to expand their capabilities and set themselves apart from competitors. As the industry grows, to be the best in the field, means not offering the cheapest cost or the tightest margin, but integrating value-add propositions that make the product more appealing to its customer base. For instance, this year IFX have successfully partnered with Volt connecting IFX’s virtual IBANs with Volt Connect allowing UK and EU-based merchants to realise the full potential of open payments.

2. Changing Consumer Payment Habits via Open Banking. Open Banking has been a hot topic in 2021 and we know the work will continue in the space this year. Whilst the majority of the work in the last year around Open Banking was rather conceptual, it paved the way for some innovative ideas and an enhanced customer experience. Without doubt, there are many benefits of Open Banking, settlement is faster, and rails are cheaper and arguably safer for customers but now it faces the challenge of encouraging customer adoption by competing with the convenient and simple UX of card payments afforded by smart phones and computers. As such, I expect that changing the mould of how people make payments will dominate the majority of the conversation and work we do as an industry in the coming year.

3. Elevating Regulation. At IFX we always aim to set industry best practises through our regulatory expertise, and ultimately break the mould of malpractice that has blemished the FX industry historically. Whilst regulation has definitely taken centre stage, and took over most senior level discussions, I anticipate a greater focus on PSPs and EMIs with both safeguarding and operational resilience being tested to ensure customer funds are adequately protected. Being stringent in terms of regulation is a way for payments and fintech companies to separate themselves from the pack. The FCA is also sure to take further regulatory action as they start to clear the covid backlogs, which in my opinion will be a welcome move to help combat some of the issues we have seen this year. Firms need to be sophisticated when it comes to making sure they’re compliant with regulations. Safeguarding client money correctly is a challenge which requires consistent attention so we’re likely to see this being an obligation that firms invest in significantly.

4.Introduction of the UK Central Bank Digital Currency. This is likely to be the door for many banks to embrace crypto-related technology. Blockchain infrastructure is an incredibly powerful tool that can revolutionise the industry through a host of features not limited to instant global settlement and transaction monitoring capabilities. The hesitancy to embrace this infrastructure, alongside a number of crypto assets, appears to come from the dark web usage of old, where assets were used for illicit purposes and money laundering; but then again, so is cash. Ultimately, we shouldn’t be afraid of the capabilities that this revolutionary development can carry due to the negative connotations. Instead the focus in 2022 should be on education and equipping our industry on understanding the power of the blockchain so that everyone can understand the good that it can do, the risks it carries and how to mitigate those.

 

So What Now?

2021 saw great innovative strides taken in the payments and fintech industry, but as we look ahead into 2022 it doesn’t look as if this cadence is likely to plateau. The industry will continue to adapt and grow to cater to the changes in consumer and business habits, and we’ll see Partnerships, Open Banking, Regulation and Digital Currency as key strategic milestones across the board. At IFX, we are constantly striving to be the best in our fields and through partnering with other brands, tightening our regulation processes, and constantly educating ourselves and others on developments in the industry, we look forward to experiencing even greater growth in 2022 and beyond.

 

Continue Reading

Magazine

Trending

Business6 hours ago

Mitigating the insurance risks of climate change through geospatial data visualisation

Richard Toomey, Senior Manager, Commercial Insurance at LexisNexis Risk Solutions UK and Ireland   In the lead up to the...

Top 106 hours ago

From compliance to the metaverse: Investment trends to look out for during the year ahead

By Rami Cassis, Founder and CEO of Parabellum Investments   In the investment world, the old saying, knowledge is power,...

News6 hours ago

NutreeLife triples production with finance from Siemens Financial Services

Plant-based snack manufacturer NutreeLife has massively increased its production capacity with the help of a hire purchase solution from Siemens...

News1 day ago

HYDR DEVELOPS INVOICE FINANCE PLATFORM TO INTEGRATE WITH MAJOR CLOUD ACCOUNTING SOFTWARE PROVIDERS

MANCHESTER – UK – 17th January 2022 – Fintech start-up, Hydr has developed its proprietary invoice finance platform to integrate...

Business1 day ago

What should you be know about PAN data in PCI DSS?

Narendra Sahoo (PCI QSA, PCI QPA, CISSP, CISA, CRISC) is the Founder and Director of VISTA InfoSec   Introduction PAN...

Finance2 days ago

GET READY FOR A LARGER-THAN-EXPECTED INTEREST RATE SPIKE IN 2022

By Nicholas Sargen As investors assess what is in store for 2022, they should not lose sight of what has transpired...

Banking2 days ago

MYTH BUSTING THE ROLE OF OPEN SOURCE IN FINANCIAL SERVICES

Nigel Abbott, Regional Director North EMEA, GitHub   There is no denying the financial services (FS) industry is under pressure to...

Business2 days ago

How Crypto Traders Can Avoid Unexpected Expenses

Have you been dabbling in cryptocurrency in 2021? Are you still relatively new to the world of crypto and feeling...

Finance2 days ago

Looking Ahead: 2022 Fintech Predictions and Reflections

Will Marwick, CEO of IFX Payments   2021 was the year of recovery and opportunity for many, following months of...

Business2 days ago

A systematic approach to stock selection finnCap’s Slide Rule

Raymond Greaves, Head of Research at finnCap   As an engineer by background, I love data and using it to...

News2 days ago

The UK’s Crypto and Digital Assets Group will be welcomed, but it needs to reach out to the industry

by Jennifer Clarke of regtech CUBE   The advent of the Crypto and Digital Assets Group will be welcomed with...

Finance2 days ago

EMBEDDED FINANCE EXPERIENCES, THE BIG MOVE IN 2022

By Louisa Murray, Chief Operating Officer UK & Europe at Railsbank Over the past year, we have seen some fundamental...

News2 days ago

FINANCIAL SERVICES INDUSTRY CRIPPLED BY RAPID RATE OF DIGITAL TRANSFORMATION

Latest findings from ITRS Group highlight urgent need for investment in strong operational resilience in post-pandemic landscape   A new...

Business7 days ago

SMART WEARABLES IN HEALTH TECHNOLOGY

Gavin Bashar, UK managing director at Tunstall Healthcare, discusses smart wearables in health and social care, the benefits, and what...

Finance1 week ago

THREE REASONS TO BE OPTIMISTIC ABOUT FINTECH IN 2022

by Stephen Lemon, Co-Founder and Vice President, Strategic Partnerships & Corporate Development at Currencycloud   It’s become cliched to point out...

Finance1 week ago

FINANCIAL SERVICES – KEY TRENDS FOR 2022

By Jason Aird, Partner, Airwalk Reply   For financial service organisations, the COVID-19 pandemic has led to a company-wide shift...

Top 101 week ago

HOW THE SECOND WAVE OF EMBEDDED LENDING WILL SHAPE 2022

Fuelled by the power of embedded finance, embedded lending is pushing the boundaries of SME funding to new frontiers. Mikkel Velin,...

Top 101 week ago

A CHANGE FOR NOW AND THE FUTURE – WHY THERE’S NO NEED TO LOOK BACK

Warwick Haycock, Accounting Software Specialist at The Access Group     Since March 2020, many organisations have dramatically changed the...

Banking1 week ago

2022: THE YEAR THAT BANKS FINALLY CHANGE FOR GOOD?

Toine van Beusekom, Strategy Director, Icon Solutions   The more things change, the more they stay the same. Looking back...

Finance1 week ago

TRENDS IN FINTECH IN 2022: FROM ARTIFICIAL INTELLIGENCE TO FINANCIAL WELLNESS

By Jayne Zhang, Lead Digital Transformation and Commercialisation consultant, FPT Software   The financial services industry has been pivoting towards...

Trending