How blockchain, cloud, and other emerging technologies are changing cybersecurity

February 16, 2017



Five cyber developments to watch.

It can be easy to lose sight of the innovation in the cybersecurity industry amid frequent news about breaches and increasingly sophisticated hackers. The reality is that many promising innovations are gaining traction and could very well change the way enterprises conduct business. Here are five key cyber developments to keep on your radar in 2017:

1. Blockchain

Many people have heard of bitcoin, a digital cryptocurrency that creates new options for payments and transactions. Fewer people, however, know about its underlying technology: blockchain.

Blockchains are shared, tamperproof, peer-to-peer digital ledgers that enable a single, global version of transaction truth.

Some of the biggest banks, along with technology companies and other firms—including PwC, are making significant investments in research and development to see how they can harness blockchain. These efforts could transform many aspects of business, including how people implement security. Historically, the mainstream cybersecurity philosophy was to build a perimeter wall to keep out intruders. Blockchains could make the perimeter irrelevant by ensuring the integrity of a given network. The use of blockchains is akin to securing the metaphorical veins and arteries of the digital world to ensure the health of the body that is the network.

Blockchains, once developed, have the potential to solve many of the security problems that financial institutions face. The transaction-level cryptographic control associated with blockchains could also extend to manufacturing, pharmaceuticals, the transportation industry, or any sector that makes important products that need to be secure. Blockchains could be particularly valuable for supply-chain security, which is a key priority for manufacturers and the U.S. Defense Department. Blockchain-based technologies could eventually become the backbone for all collaboration and communication that must occur in these industries.

2. Cloud security

Another significant shift is businesses moving their data, applications, and infrastructure to the cloud for enhanced security. Hackers prove again and again that the on-premises data infrastructures used by many businesses are difficult to secure. The most recent high-profile examples are the string of cyberattacks on hospitals across the United States. By moving their digital operations off the premises to be managed by companies that are experts in cloud infrastructure and security, businesses can greatly improve the safety of their data and gain many other benefits, including insight about customers.

This shift will be a genuine one in thinking about how businesses operate and keep data safe, since most people consider company data to be most secure when stored in a physical building owned or operated by the business.

3. Machine learning

Artificial intelligence previously occupied the realm of science fiction, but is now a mainstay in helping businesses better secure themselves. As computing power increases and machine learning becomes more advanced, ever more powerful analytics tools can help forecast where hackers might strike next.

If a company can predict where an attack might focus in the future, it can better prepare for a possible cyberattack and ideally deflect it. When used in concert with advanced authentication and encryption techniques, analytics can provide businesses with formidable tools to help keep their data safe.

4. Advanced authentication

Passwords have passed their sell-by date. Increasingly, organizations are adopting multifactor authentication across a range of transactions, not just highly sensitive ones. The concept is simple: After entering a username and password, or the first factor of identification, the user would receive a text message on their mobile device with a code to enter (the second factor) to confirm that they are in fact logging in. This approach serves the dual purpose of making an individual’s account more secure and providing a way to notify someone of unauthorized use of their credentials.

Other kinds of second-factor identification include a pattern that a user must enter, an access card or fob, or biometric information such as a fingerprint or an iris scan. Additionally, having systems automatically reset themselves after failed login attempts can go a long way toward improving the safety of a company’s systems.

While not perfect, advanced authentication significantly helps bolster data security. This type of technology largely was the province of government systems, and then financial institutions adopted it. Now multifactor authentication has extended to social media accounts, and broader adoption can be expected in the future.

5. Built-in encryption

Encryption, the process of encoding messages or information, is not a new technology, but it hasn’t been widely used beyond military operations and government agencies until recent years.

In the past year, encryption has become almost standard in many communications platforms, such as Gmail, messaging applications like WhatsApp, and—most famously—iPhone devices. Widespread use of encryption will make life harder for hackers; even if information is stolen, it can be worthless to a cybercriminal if it is inaccessible.

Last year, for example, messaging company WhatsApp encrypted all messages for its 1 billion users such that only the sender and recipient can view the content. If all businesses did the same for the data on their servers, the added difficulty of decrypting the information could dissuade cybercriminals from taking it in the first place, particularly if a hacker must crack a system that has advanced authentication practices in place.



Chris Curran

Principal and Chief Technologist, PwC US Tel: +1 (214) 754 5055 Email

Anand Rao

Global Artificial Intelligence Lead, PwC US Tel: +1 (617) 530 4691 Email