How Blockchain Has Been Shown to Be Vulnerable

Let’s face it… blockchain technology is a human invention, which means that there are going to be some flaws.

Admittedly, the concept behind the blockchain makes this hard to believe: every transaction made through the blockchain, financial or data-based, is given a permanent, designated “block” in the chain. Before the transaction is completed, the rest of the network needs to approve this new block’s validity. The block is then added to the chain, where it cannot be altered and provides an unchangeable record of the transaction - to undo it, a new block would be created. It is only then that the transaction is completed.

While this method may seem foolproof, even “unhackable”, this just isn’t the case. In March of 2014, cybercriminals managed to steal $450,000,000 worth of Bitcoin through a transaction mutability vulnerability, and in June of 2016, cybercriminals managed to steal approximately $60,000,000 by leveraging a recursive calling vulnerability.

Additional Blockchain Vulnerabilities

Again, as a human creation, there are going to be some flaws in blockchain platforms. One investigation revealed that some blockchain and cryptocurrency platforms had over 40 vulnerabilities.

51% Vulnerabilities

Many of blockchain’s vulnerabilities have more to do with the nature of the platform as well. One such vulnerability is known as a 51% vulnerability, and is associated with mining cryptocurrencies. Let’s assume you are a cryptocurrency miner. If you manage to accumulate hashing power that exceeds more than half of what the blockchain contains, you could leverage a 51% attack to manipulate the blockchain to your own advantage.

Naturally, more popular blockchains, like Bitcoin, are far too expensive to be practical targets, but smaller coins are much more affordable to attack and can be lucrative for hackers. In 2018, 51% attacks were leveraged against less popular cryptocurrencies, netting the attackers approximately $20 million.

Security of Private Keys

Using a blockchain requires a user to have a private key. Naturally, if this key were to be stolen, those cybercriminals who stole it would be able to access and tamper with that user’s blockchain. What’s worse, because the blockchain is decentralized, these kinds of actions are difficult to track and even harder to undo.

Breach Examples

As you might imagine, most breaches involving a blockchain are in some way tied to an end user. In 2017, a fraudulent cryptocurrency wallet service was left up for months as the cybercriminal responsible allowed people to funnel their cryptocurrencies into it before stealing $4,000,000 - out of a reported total of $2 billion being stolen since 2017 began. In January 2018, it was disclosed that hackers stole private keys with malware, taking over $500,000,000 in NEM coins (a now-effectively-worthless cryptocurrency established by a nonprofit).

If hackers are able to steal from a purportedly “unhackable” technology, what’s to stop them from stealing from your business?

Cybersecurity solutions from Coleman Technologies, that’s what. We can set up the security solutions your business needs to protect its data, and monitor your systems to detect breaches preemptively, preventing a security issue from happening. To learn more about what we can do, reach out to us at (604) 513-9428.

To begin, let’s figure out exactly what a data warehouse is.

Understanding the Data Warehouse

A Data Warehouse isn’t to be confused with a Data Center, where you might store your server infrastructure. It is a system for analyzing and reporting on large amounts of data. It helps you predict trends and get a full picture of what’s going on with your business.

In order to understand the purpose of a data warehouse, it helps to look to warehouses in the real world. In short, it’s a place to store stuff.

While this may seem simplistic, it is key to the other functions of a data warehouse. By storing all of a business’ data in a central location, that data can all be referenced against each other - regardless of the original source. This means that you can use this data to generate better analytics than you may have gotten otherwise, simply because you are less limited by the data you have access to.

Selecting a Data Warehouse

Of course, not all data warehouses are the same, and the different types offer different utilities. You also have to consider if the data warehouse itself is sufficient. Let’s go over some of the considerations you will have to make during your deliberations.

What kind of data do you need to store?

For our purposes, data can be split into two types: structured and unstructured.

• Structured data is data that can easily be organized into a spreadsheet. If your data fits the bill, a relational database would likely be a good fit for your needs.
• Unstructured data (or semi-structured data) is data that is presented in less-uniform formats, like geographical data, emails, books, and the like. If you have a lot of this kind of data, you may want to consider utilizing a data lake over a data warehouse.

How immediate does your data need to be?

Your intended use of your data warehouse will have the largest impact on this consideration. Are you looking for business insights, or are you more focused on real-time analytics? If you are looking to find out more about your business, having more data available will give you better answers. If you are using the data warehouse to fuel a predictive analytics platform, you will need less data, as tracking trends can be done with a simple Relational Database Management System (RDMS) and won’t necessarily benefit from access to all of the data your organization stores.

How are the costs structured?

Different data warehouse solutions are priced based on different factors, usually combining the storage used, the size of the warehouse, the number of queries that are run, or the time spent leveraging the solution. Your particular use case will likely influence which solution is most cost-effective for you, whether frequent utilization makes a lower compute cost preferable or a high volume of data makes lower storage costs the logical choice.

Does it work with the tools you use?

Finally, you need to be sure that the solution you are considering is compatible with your business’ other solutions - otherwise, you won’t get the full value from your data warehouse (or create more work for yourself).

Coleman Technologies can help your business manage its technology needs. To learn more about how we can optimize your business processes, call (604) 513-9428.

Today, many of the largest and most lucrative companies in the world, Google, Apple, AT&T, Amazon, Verizon, Facebook and Microsoft are all, more than manufacturers of computer-based goods and services, data brokers. These data brokers create services that they then sell to advertisers that allow them to target you based on the information these companies have of you, which can accurately tell how and what to sell you.

Since nearly everyone has a near-ubiquitously-connected experience there is a lot of data collected, bought, and sold every year and it’s big business. Facebook, a company whose main revenue stream is from selling advertising, made a net profit of nearly $16 billion in 2017. This tells us that if you have people’s data, you have people’s hopes, fears, and dreams, which means you can pretty easily get someone to pay you for access to that information.

For small businesses it’s much less lucrative. In fact, all the data your organization needs to keep, is probably necessary to simply do business, not to sell to advertisers. Facebook voluntarily gets a lot of personal information from every one of their users, as where the typical small business often has to strategize to just get a name and a phone number. The information that is sensitive (mostly customer information that you collect) has a lot of value to the people looking to steal it. So while you aren’t making billions of dollars selling consumer profiles, it is still a mightily important part of doing business, and needs to be secured.

Is Data a Commodity?
Technically speaking, it isn’t. Since a commodity’s value is based namely on its scarcity and the amount of capital that needs to be put up to create it, in both resources and labor, the data that is being purchased isn’t really a commodity. In lieu of the dissolution of the U.S. Net Neutrality laws, this has created the argument in the U.S. that since now it’s up to the telecommunication companies how they want to manage (or more accurately bill) data consumption, that they would throttle and tier service, something that isn’t possible with a true commodity, where there are laws prohibiting those types of practices.

On the other hand, Internet access is something that a majority of the commerce requires, and delivering data is in itself an expensive endeavor (infrastructure spending, development, utility costs, etc.) so telecoms, who are seeing their would-be profits syphoned by over-the-top content providers, and publicly demonized as a result of a very public lobbying effort to gain control of the ability to implement some sort of prioritization strategy, have to find a strategy to sustain their ability to get a workable return on their investments.

Securing Your Organization’s Data
Regardless of what your view of data is, it’s an important resource for your organization, and as mentioned above, it needs to be secured. For one of your company’s most important resources, data can be lost relatively easily, so there needs to be a concerted effort to keep your network and infrastructure free from the threats that could put your data at risk. At Coleman Technologies, that’s what we do. We ensure organizations like yours get the professional IT expertise you need to work efficiently, effectively, and securely in what is the most turbulent time in computing history. With the litany of threats your business faces everyday, you need experts that have your back. We offer:

• Backup and disaster recovery: With a comprehensive backup and disaster recovery system in place, all of your organization’s data is safe, redundant, and able to be restored on demand.
• Proactive monitoring and management: By keeping a dedicated eye on your network and infrastructure, our technicians can be proactive.
• Patch management: By keeping all of your organization’s software up to date with the latest threat definitions, you can ensure that your software isn’t going to be a problem.
• Access control and threat detection: By having full control over who can access what, and a complete view of the entire network, we can keep people who aren’t supposed to see certain information from accessing it.
• Training: Most times, your own staff is responsible for data breaches and malware. We can train you all on what to look for to ensure that you are doing your best to keep your network and infrastructure free from threats.
• Around the clock support: If three out of every four businesses deal with phishing emails, and over 95 percent of all phishing emails deliver ransomware, chances are that if a mistake were to be made, you will need immediate IT support. Our support and help desk can remediate a lot of your security issues to keep downtime to a minimum.

With data such a major part of doing business today, ensuring you have the right solutions and support in place to be confident that any situation you face will be managed before it becomes a problem is in itself a benefit. Call Coleman Technologies at (604) 513-9428 for more information.

The GDPR (In a Nutshell)

Under the GDPR - which came into effect on May 25, 2018 - any companies that have collected data on a resident of the European Union are then responsible for protecting that data. Furthermore, the GDPR grants these residents a far higher level of access and control over the data that organizations possess.

How United States Citizens Have Reacted

According to a poll, data privacy has become a bigger priority for 73 percent of respondents, 64 percent stating that they felt the security of their data was worse than it has been in the past. 80 percent want the ability to learn who has purchased their data, while 83 percent want the ability to veto an organization’s ability to sell their data in the first place. 64 percent also stated that they want the ability to have this data deleted.

How the Government Has Reacted

Governing bodies at different levels have had different reactions to these demands. For instance, the state of California has already passed the Consumer Privacy Act (CCPA) - a piece of legislation that the House of Representatives' Consumer Protection and Commerce Subcommittee isn’t too fond of, as its position is that there needs to be a singular piece of legislation at the federal level to protect data. As of right now, data privacy is addressed in a combination of state laws and some proposed federal laws.

One of these proposed laws, the Data Care Act, spells out that (in addition to promptly alerting end users to security breaches) a service provider cannot legally share a user’s data without the receiving party also being beholden to the same confidentiality standards. Others include the Information Transparency and Personal Data Control Act, which requires transparency and personal control over data, the Consumer Data Protection Act, which could throw executives in prison for abusing data, and the American Data Dissemination Act, which sets a deadline for the government to enact privacy requirements upon businesses.

However, when the Consumer Protection and Commerce subcommittee met to discuss the prospect of a federal privacy law (which it was agreed was necessary), there weren’t any representatives for the average consumer - the ones whose data is really at stake. This reflects the hearings held last year by the Senate, also without consumer representation. Instead, technology companies were invited to participate during both sessions.

Small Business Concerns

That being said, there is very little support among the committee for any regulations that are at all similar to the GDPR. One reason for this: the fear that small businesses will not find themselves able to afford the added cost of compliance.

For instance, there are a variety of potential burdens that such a measure could potentially impose upon small and medium-sized businesses. These burdens include:

• All-encompassing overhauls that would result in lost business
• Business failure due to inadequate budgets to make the demanded changes
• Impeded growth after regulations are put in place
• Prerequisites becoming too great to start a business in the first place
• Costs passed down to SMBs from larger companies for technology services

It is worth noting that if your organization does business with people from the EU, you are responsible to adopt the privacy rules of the GDPR.

What do you think? Are laws like these necessary, especially given the cost they could put on small businesses? Have you had any data privacy concerns in the past? Share your thoughts in the comments.

The Development of the PDF
The PDF is best known for promoting the sharing of information as it was created. A PDF looks the same whether it is in digital format or if it is printed to paper, no matter what OS is being used. Before this format was created, sharing information between the two was extremely difficult, but in 1990, Adobe co-founder John Warnock wrote a paper titled A Camelot Project, in which he described the limitations of sharing information. He would go on to found Team Camelot, the group of software developers that created the PDF, a file that can be universally shared across all computing platforms.

At first, however, it held very little utility as users had to purchase Adobe Acrobat in order to use the file type. Team Camelot, however, built additional functionality as the Internet got more popular, and as its utility increased, it was eventually adopted by the International Organization for Standardization and opened up to the masses.

Advantages of the PDF
Nowadays, there are multiple types of PDFs, and their utility is tied to their makeup. The types are as follows:

• Digitally Created PDFs - PDF files created in a digital environment, whatever that environment might be (Windows, Mac OS X, Linux, Android, etc.). These PDFs are fully customizable and editable.
• Scanned PDFs - A Scanned PDF is effectively an image of a document. They are not inherently customizable, but there is software that can be utilized to change that.
• Searchable PDFs - Thanks to Optical Character Recognition (OCR) software adding an editable text layer to an image layer, a PDF becomes searchable. This process enables greater interaction with PDFs like this. In a document management system, many document scanners come with the kind of software users need to convert a scanned PDF into a searchable PDF. As such, it is a core component of a paperless office.

PDFs have shown to be extraordinarily useful for businesses. They are convenient to use, universally compatible, and can be extremely secure.

For more great technology information, return to our blog regularly.

Why Use a VPN?
The best way to understand what a virtual private network does, is to have a little background knowledge of why it’s necessary to have one. The easiest way to understand it is to think about accessing your business’ data as a two-lane road. On one side of the road is the traffic moving from your business’ infrastructure toward your device, and on the other side is data moving from your device to your business’ infrastructure. Anyone with the right tools can see the data as it’s being transported from one location to the next, and if the data isn’t protected by the right solutions, it can be stolen while it’s in transit. A VPN makes it much more difficult for hackers to accomplish this feat.

Understanding a VPN
Your average connection should be encrypted to protect the integrity of any data stored on it, and a virtual private network helps by augmenting this practice while out of the office. To aid in protecting your organization’s network connectivity, a virtual private network can encrypt your connection to sensitive data while on a different connection, such as if you’re working from a remote location, or just simply not in the office at the moment. When the data is encrypted, hackers have a harder time stealing the information that’s being sent to and by your devices while out of the office.

To be fair, it’s not that hackers can’t steal the data being sent to or by your devices while using a virtual private network; it’s that the data that hackers do steal is much less useful to them overall. The reason for this is the encryption. If the hacker can’t crack the encryption of the files, the can’t read the data, and, then the data they have just stolen is completely useless to them. Modern encryption methods are virtually impossible to decrypt (at least, the average hacker will spend more time than it’s worth to decrypt the data, making the process far less appealing than it normally would be).

Coleman Technologies can help your business set up the perfect virtual private network for all of its specific needs. Whether you’re out of the office momentarily or for a lengthy amount of time, or if you have remote workers in all corners of the globe, the right virtual private network can keep your data as secure as can be while it’s moving from one location to the next. To learn more, reach out to us at (604) 513-9428.

Collection Concerns
Data collection is one of the current big concerns in technology. With another newsworthy data breach practically every other day, companies that accumulate data for seemingly little reason effectively put their clients and customers at a greater risk of having this data stolen. Reflecting upon this, it is no wonder that 75 percent of consumers are concerned about brands keeping track of their browsing habits.

Facebook has been the focus of some negative attention in past months thanks to these concerns. In addition to the Cambridge Analytica situation, Facebook has adopted artificial intelligence technologies to analyze their users. This analysis is used to predict future behaviors, these insights being sold to advertisers. While this brings up many legitimate concerns about data privacy, it also introduces a different topic: the need for a code of ethics surrounding the use of collected data, as well as how much data is collected.

Why This Is a Real Issue
It should come as no surprise that businesses and individuals have different priorities, and that these different priorities shape their ethics in different ways. Likewise, the primary purpose of any business is to generate revenue through profit. Therefore, it only makes sense that a business as a unit would have the motivation to collect as much data as they can - after all, the more data available, the more insights that could be presumably be gleaned, and the more successful the business would be… in theory.

However, as mentioned above, many businesses seem to collect as much data as they can just so they can have it. This is not a great approach for them to take for a few reasons. Most obviously, because it just enables more data to be compromised if a breach was to occur.

Without the guidance of a code of ethics leading your business decisions, the likelihood of risking your clients’ data for the sake of advancement - be it more insight, improved automation and artificial intelligence, or another business goal - becomes much higher.

Enforcing Ethics
In order to create a workplace that is in alignment with your determined ethics, you need to make sure of two things. One, that you clearly establish and share them within your business so that your employees are on the same page as you are, and two, that you stand by these ethics.

To accomplish this, learning your company’s ethics should be a part of an employee’s onboarding process, with a written document leaving no questions as to what will and won’t be tolerated. Then, you need to make sure that you not only listen when ethical violations are reported, but also allow those reporting them to remain anonymous.

What would be the most important aspect of your policy for employees to follow? Share it in the comments!

The late American author Kurt Vonnegut once wrote, “New knowledge is the most valuable commodity on earth. The more truth we have to work with, the richer we become.” Written in the 20th century, it has been put in practice by 21st century businesses. As the Internet has grown, the amount of companies expanded, and the amount of data that those companies collect has grown exponentially, especially now that there is a market for such data.