Don’t make ransomware harder for cybercriminals, make it impossible

The most sophisticated cybercriminals have long been able to hack almost any computer system. Until recently, their efforts were often made on behalf of state or commercial actors seeking valuable intelligence, or by themselves seeking publicity and an opportunity to embarrass their victims. Now, the ubiquity of blockchain-based cryptocurrencies has emboldened these bad actors to seek a new goal: ransom.

Today’s cybercriminals see society’s expanding digital dependence as theirs to plunder, taking us hostage to their ransomware demands. Ransomware undermines our sense of security and slows progress, putting our digital and physical worlds at risk. Within just the last few months, cybercriminals have attacked our energy infrastructure, food supply chain, hospitals and water systems. It makes stealing private personal information, which they also do, seem like just a warm-up act.

Our government possesses tremendous online capabilities but much of this expertise is reserved for national security and other classified purposes. Much of the high end IT security employed by the national security community is not readily available to the rest of government or the vast majority of the private sector. But our government is responding in other ways. Interagency working groups have been created. Congress has held hearings. And public and private sector agencies are developing better ways to deter cybercrime and ransomware.

These ransomware deterrence measures include network perimeter defenses, which cybercriminals constantly find new ways through or around, as well as virus threat detection, intrusion alarms, system and email scans, and critical system backups. Such deterrence measures are akin to building a tall fence or wall, then hoping it holds for a while, with no ability to see what’s happening on the other side.

Deterrence is nice while it works, and it usually works to an extent for a short period of time. But what the public and private sectors need is a permanent solution. Ironically, the same technology that has emboldened ransomware can solve the problem: blockchain.

First generation blockchains have proven their immutability. Transaction data stored in a blockchain cannot be tampered with. But none of these first generation blockchains can support an enterprise IT or operating system. They can produce cryptocurrencies and perform targeted processing across distributed nodes, but they lack the flexibility, speed, security and most importantly the scalability to be an enterprise platform, to store and retrieve large amounts of data, or run an industrial operating system.

Only a next-generation blockchain with unlimited scalability, exceptional security and inherent flexibility can render our data – and systems that run on that data – effectively immune to ransomware, and make them unattractive targets. That alone would be a welcome disruption, likely the first of many. How do we get there?

A next-generation blockchain differs in many ways, but foremost, it must have massive scalability. Scalability in a blockchain is like bandwidth for a network: the more you have, the more compelling things you can do, the more creative you can become, and the more value you can create. We’ve seen this pattern in another not-too-distant transformation: internet bandwidth. Had bandwidth stayed at dial-up speeds, streaming services like YouTube and Netflix wouldn’t exist, Zoom calls couldn’t happen, mobile phones would still have buttons. Our world has transformed since the first generation of internet bandwidth, in ways that would’ve been difficult to imagine with our 56k modems. The same will happen with next-generation blockchain technologies.

Unlimited scalability means scalability like the cloud, where we simply deploy additional resources to increase capacity, rather than being limited by a performance-capped protocol. It’s scalability in the millions of transactions per second, not hundreds, or thousands. This inherent need for scalability is precisely why the first measure of any blockchains is transactions per second, or TPS; it’s a proxy for functionality, usefulness, longevity and long-term value. Just like how one measures an Internet connection.

Exceptional security means independent, military-grade encryption for each block. Flexibility means a block can be whatever the user, enterprise, organization or device needs it to be: a single IoT update, a streaming video, a document, ten thousand digital transactions, a properly completed compliance form, a contract, a secure message, or a specialized block type to open or close a valve. Such flexibility means that the next-generation blockchain can integrate with existing IT, OT or in-use operating systems, without starting from scratch. It’s similar to any other programming process, software addition, or security enhancement, but with more flexibility.

With such scalability, a next-generation blockchain enables more compelling use cases, more creative solutions, more valuable transformations. Layer on exceptional security, flexibility of blocks and block categories, and the next-generation blockchain can become a data repository for individual organizations that inherits the proven protection of immutability, the scale and accessibility of the cloud, and the flexibility to match any data, transaction or digital interaction we require. One such compelling use case: cybercriminals cannot hijack its immutable blockchain data; they cannot threaten hospitals, water utilities or even more sensitive systems or organizations.

The ultimate answer to ransomware lies not in deterrence, but in technology that makes ransomware obsolete. Instead of encircling ourselves with patchwork defenses and porous walls that we know will eventually be breached, we need next-generation blockchain solutions that put our data into billions of individual and impenetrable data vaults, rendering data unhackable, and ransomware unprofitable.

David Iseminger is the founder and CEO of Upheaval LLC.

Comments