Petya marks the second major cyberattack in as many months on global computer systems. Much like its predecessor, Wannacry, the attack is aimed at securing ransom in return for releasing hard disk data, but it is believed to be much more sophisticated.
As more governments and people rely on technology, there is a possibility that the threat may not remain focused on securing petty payments and hackers may target services like banking, civil supplies and health. But banks need not be so helpless as there are still ways that they can protect their data. Blockchain, the technology behind bitcoin, can be their way out. RBI’s research arm Institute for Development and Research in Banking Technology earlier this year detailed the use of technology for speed and security purposes. “BCT provides a secure and naturally decentralised framework for transaction processing,” the research arm said highlighting that “blockchains had the potential to address the holy grail of Info Security—the CIA trinity (Confidentiality, Availability and Integrity).”
Besides, even governments have been experimenting with the technology for safer transactions. Sweden, Ghana, Estonia, Honduras and Georgia are looking into the blockchain-based registry system, while Australia and Japan are looking at leveraging the technology for markets. Harmeet Singh Moga, chief business officer of Blocksmiths, a start-up aimed at providing blockchain solutions says, “Blockchain provides an efficient method of asset exchange and a secure method for critical information storage and these properties are not only suitable for banks but also other organisations both FIs and non-FIs that are using traditional centralised systems that are prone to security breaches.”
Blockchain is a digital ledger which keeps a real-time record of each and every transaction; shared among a distributed network of computers, more like a shared spreadsheet. So, a block of data has digital records which all participants can see, but can only be altered by a majority. If a hacker were to access one set of data, they could only tamper with that block with the system entact.
Blockchain still doesn’t prevent Petya and Wannacry-style attacks, but it ensures the virus doesn’t take down the whole banking system. The technology comes with its own set of problems. One, it is slower for public transactions as each transaction takes over 10 minutes to process.
Second, an inferior system can still make blockchain vulnerable, as happened in the case of Mt Gox, the bitcoin exchange which had $460 million stolen. “Anything can be hacked. Until this moment of time Blockchain has been secure, but we have seen a number of attacks on exchanges that have not kept with the security practices in terms of keeping their internal private keys safe. Once keys are stolen, just like any other transaction, one can access that wallet and perform transactions.” says Sherif El-Nabawi, senior director, systems engineering, Asia Pacific, Symantec.
The other problem relates to too many blockchains that rarely interact with each other. Although SBI and 10 other banks along with KPMG decided to form a bankchain earlier this year, the problem is the system holding together. This is evident from the R3 experience. Global leaders like Goldman Sachs had formed a consortium R3 to harness the technology, but have since formed their individual networks. This is where RBI steps in. If the central bank were to develop this technology it would ensure participation from the industry. So, instead of each bank creating its own set of systems, there would be one central interconnected chain which every bank would adhere to.
But Altaf Halde, managing director of Kaspersky Lab (South Asia) says that blockchain cannot be a one-stop solution for everything, “For blockchain transactions to work in the real world, there needs to be a system for handling mishaps — or mischief — which means making regulations that courts can use to enforce the rules.” While blockchain cannot be an immutable solution, it can certainly be a start for securing banking.