Blockchain and Cybercrime – An interview with Chris Recker
By Myat Eaindra Cho
Chris Recker, an associate specialised in commercial litigation and civil fraud at Trowers & Hamlins has given us his expert insights into the world of blockchain and cybercrime. Trowers & Hamlins is an international law firm with offices throughout the UK, Middle East and Far East.
What made you choose cybercrime?
Because of the civil fraud work that I do. 70% of all fraud is cyber, according to Action Fraud UK. This means that more and more of the work we do has a cyber and tech angle to it, so I was drawn to this challenging and merging area. I’ve got to work with some great cyber security companies which deal with pretty unusual and fast paced challenges that organisations have had. Cyber security is a very real risk so being ahead of the curve is important.
What do you think are the main challenges of combatting cyber crime?
Technology is ultimately an enabler for fraud and cybercrime. Whilst technology allows organisations to innovate and actually reach customers which they wouldn’t ordinarily be able to reach, it also allows people (fraudsters) to change their online identities, their IP addresses, thereby changing their locations, and manipulate information that’s available on the internet. The risk of being caught is considerably lower than the risk of literally robbing someone on the street.
The biggest challenge is often the ‘human element’. If your people aren’t trained properly; they can be the breakdown in the protocol. They are the ones subject to social engineering, and they are the ones who are sent the phishing emails (for example). The challenge is that fraudsters are trying to get access to data (held by both individuals and organisations) so are often looking at new and innovative ways to manipulate individuals and bypass security protocols.
One of the other challenges relates to the prospects of recovering misappropriated money or assets following a cybercrime incident. However, following on from CMOC v Persons Unknown the court has reiterated (World Proteins v Persons Unknown) that freezing injunctions can be obtained against unknown parties following a cyber fraud incident. This will really help victims of cybercrime to trace and restrain those funds or assets. .
What would you say are the opportunities for blockchain in combating cybercrime?
There are opportunities for blockchain technology to help combat fraud and cybercrime. One of the biggest benefits of using blockchain is the distributed ledger technology. This ultimately means that the control of the ledger is spread across many individuals.
The significance of that is that it is very difficult to amend the ledger. Some people say that what you have is a ‘tamper-proof’ system. Blockchain technology is not set up in a way that encourages people to illicitly amend the ledgers because there is no benefit to them for doing so (as the benefit of any mining, if it is a cryptocurrency ledger, is only rewarded if an amendment to the ledger is actually accepted). As a result, blockchain technology avoids the ‘single point of attack’ that a hacker could ordinarily take if it they were looking to attack a specific piece of software or hardware.
There are also opportunities in specific sectors, such as the supply chain sector, where there is a need to trace goods to their originating source.
Do you think blockchain can prevent cybercrime?
In certain sectors, it will be particularly useful. However, it is not the complete answer. We are not yet at a stage where the information can be added to a blockchain without human interaction. Therefore, it still requires the person entering the information to be honest when doing so. Blockchain, therefore, cannot erase corruption (if, for example, all members of a private blockchain agree to alter a ledger).
Blockchain is a step in the right direction, but not the complete solution to cyber risks.
How can firms and businesses best protect themselves from cybercrime?
Prevention is the best cure. It’s about having a solid risk management framework of your people, processes and technology. This involves having a response plan, knowing who you’re going to go to if there is an incident, and keeping your perimeters guarded. It also requires carrying out a risk assessment and knowing who your experts. This will put you in the best place to respond. This won’t be able to prevent it completely, but it will help when you are liaising with a regulator and showing that you have acted reasonably.
So, preparation is key. This includes involving the relevant experts (including cyber, legal and PR) and following your plan. The sooner the legal team are involved, the sooner the documents can be made confidential using legal professional privilege for any investigation.
Thanks for your time Chris.