Home » cybersecurity

Tag: cybersecurity

A recent Crowdstrike blog argues how “like so many legacy technologies, legacy data loss prevention (DLP) tools fail to deliver the protection today’s organizations need.”

Crowdstrike notes that with rising attacks, new attack vectors, and higher cost data breaches, organizations are desperate for a modern alternative to traditional cybersecurity solutions, where (as the blog summarizes):

  • Unstructured data on endpoints is at great risk of misuse or breach
  • More than a third of data loss prevention deployments fail
  • Your data is too complex for legacy data loss prevention tools
  • Legacy data loss prevention tools lack visibility into real-world data flows, and so lack context to stop breaches

While I agree with all of Crowdstrike’s arguments, I believe blockchain technology improves cybersecurity and propose that storing your data on blockchain is a necessary leap forward in security versus legacy technologies.

Why is it vital that your organization moves to blockchain-based data storage? Four key reasons:

  • Immutable Records
    One of the main benefits of blockchain technology is its ability to provide secure and tamper-proof record keeping, as the use of cryptography and peer-consensus mechanisms ensures that once data is recorded on the blockchain, it is extremely difficult to alter or delete. This immutability and transparency provide important chain-of-custody audit capabilities for courts and ensure peace of mind to users. Such security also makes blockchains ideal for use in financial transactions, real estate agreements and other high-value exchanges, where a record of every step is essential for ensuring the integrity of the process.

  • Secure Authentication
    One of the main issues in cybersecurity is the vulnerability of traditional authentication methods such as passwords. Passwords can be easily hacked or stolen, leaving sensitive information vulnerable to attack. This can be a threat to businesses, especially those who store their users’ personal information. Blockchain technology can provide secure authentication through the use of public-private key cryptography, eliminating passwords from the process.
  • Decentralization
    Unliked centralized databases which can be breached at unsecure endpoints (users and devices)—or even at MSPs hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data across geographically separate nodes.

    The decentralized nature of blockchains ensures that there is no single point of failure, which also means that hackers cannot easily compromise the system. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

    This distributed nature defeats those attacks seeking to breach a system and holistically encrypt the data files stored therein. For example, breaching a single endpoint node and attempting to hold data “for ransom” fails, as the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, or shutting down the network.

    Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully attacked (presumedly compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint).

    This unique recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set: With a new key and without needing to pay any ransom to the attackers for restored access.
  • Identity Verification
    Identity verification is another area where blockchain can be used to enhance cybersecurity.  It ensures that the individual claiming a particular identity is actually who they say they are. With blockchain, users can have greater control over their personal information, allowing them to manage their digital identities more securely. This makes it more difficult for hackers to steal personal information or create fake identities.

ZorroSign’s Data Security Platform Built on Blockchain

As the world becomes more digitized and interconnected, the importance of cybersecurity will only continue to grow, and blockchain storage will play a crucial role in ensuring that our digital world remains safe and secure.

ZorroSign was built from the ground up on Hyperledger Fabric to deliver digital signatures with the superior privacy and security of blockchain. We recently announced our advanced integration with Provence Blockchain, adding their DLT to our architecture as well.

Our Z-Vault® enables ZorroSign users to store, structure, organize and search documents in folders and subfolders natively with the peace of mind that comes from blockchain-based data privacy and security—leaving legacy technologies behind for good.

ZorroSign’s platform can be accessed via PCs and mobile devices, allowing your staff to efficiently generate, negotiate, communicate, and sign agreements. And with Z-Vault, contracts reside on an immutable document management system where they can be saved, searched for, and easily managed from a single, intuitive user interface.

Z-Vault Benefits for Your Organization

  • Superior privacy and security to PKI-based solutions using a centralized database
  • The latest privacy and security technologies, delivering powerful encryption safeguards
  • Secure, yet intuitively navigable and easily accessible (for authorized users) platform
  • Ability to share and review Z-Sign and architectural drawings, adding your own comments

Save time with access to specific folders and documents in seconds, no loss of records

I believe blockchain-based data storage is critical to improving cybersecurity, and I invite you to learn more about Z-Vault to securely store contracts, data, and documents on blockchain instead of legacy technologies.

Learn more about Z-Vault or connect with me on LinkedIn to start a conversation today!

It has long been claimed that blockchain technology has the potential to revolutionize the way companies approach security.  By leveraging the decentralized and immutable nature of blockchain, companies can enhance your security stack and protect against a wide range of threats.

One of the main benefits of blockchain technology is its ability to provide secure and tamper-proof record keeping.  The decentralized nature of blockchains ensures that there is no single point of failure—which also means that hackers cannot easily compromise the system.  Additionally, the use of cryptography and consensus mechanisms ensures that once data is recorded on the blockchain, it is extremely difficult to alter or delete.

Another security benefit of blockchain technology is its ability to provide secure and transparent transactions.  By using smart contracts, companies can automate and streamline processes, while also ensuring that all transactions are recorded in a transparent and immutable manner.  This can help to reduce the risk of fraud and increase trust between parties.

Blockchain technology can also be used to improve supply chain management.  By using blockchain, your organization can track products and goods as they move through supply chains—providing real-time visibility into the status and location of products.  This can help to improve efficiency, reduce costs, reduce fraud, and increase transparency.

Moreover, blockchain technologies such as Hyperledger Fabric (private, permissioned) and Provenance Blockchain (public, permissionless) can be used to enhance cybersecurity by providing encrypted and immutable identity management.  Blockchain-based identity and access management (IAM) systems provide secure and decentralized storage of identity data, making it more difficult for hackers to steal or compromise sensitive information.

By incorporating blockchain technology into your security stack, companies can enhance your security posture and protect against a wide range of threats.  Blockchains provide:

  • Secure and tamper-proof record keeping,
  • Secure and transparent transactions,
  • Improved supply chain management, and
  • Enhanced identity management.

Together, these make blockchain technology an attractive option for companies looking to improve your security. And organizations that leverage blockchain technology to improve your security will be strongly-positioned to succeed in the years ahead!

To read more about the growing risks to digital data in 2023—and learn how adding blockchain technologies to your security stack can combat those risks—download our eBook today or contact us to start a discussion!

The ever-growing amount of digital data and the increasing complexity of cyber threats have made data security more important than ever before.  In 2023, companies must take steps to elevate your data security to protect both your own information and that of your customers.

One of the main risks to digital data today is the increasing sophistication of cyber attacks.  Hackers are using more advanced techniques to bypass traditional security measures—such as using machine learning to evade detection and launching targeted phishing and spear-phishing attacks against specific organizations.  Companies must be prepared to defend against these types of attacks by implementing advanced security measures, such as artificial intelligence-based security solutions, and regularly updating and patching your systems.

Another risk to digital data in 2023 is the growing number of connected devices and the Internet of Things (IoT).  As more devices are connected to the internet, the attack surface for hackers becomes larger, making it easier for them to gain access to sensitive information.  Companies must take steps to secure your IoT devices and to ensure that those devices are not used as a means to gain access to other systems.

Further, the use of cloud services and the increasing amount of data that is stored in the cloud has also increased the risk of data breaches.  Companies must ensure that your cloud services are properly configured and that you are using a reputable provider with a strong track record of security.  Companies also need to implement strong access controls and encryption to protect data stored in the cloud.

https://manrai-tarun.medium.com/cloud-security-risks-and-threats-in-2020-75bbbb8edae9

Protecting data against the growing risks in 2023 requires a multi-layered approach that includes regular updates and patching, securing IoT devices, properly configuring cloud services, adopting advanced security measures such as:

  • Blockchain technologies for tamper-proof record keeping with no single point of failure
  • Digital signature technologies to authenticate and authorize remote transactions
  • Identity-as-a-Service solutions for scalable identity and access management (IAM)
  • Passwordless authentication to reduce the human risk in security systems

Organizations that fail to take these steps will be at a higher risk of data breaches and will be more vulnerable to cyberattacks.

It is important to remember that data security is not only important to protect your company’s information but also to protect the personal data of your customers and employees.

To read more about the growing risks to digital data in 2023—and learn how adding blockchain, digital signature, IDaaS, and passwordless authentication technologies to your security stack can combat those risks—download our eBook today or contact us to start a discussion!

blockchain for cybersecurity

Cybersecurity has become increasingly important as the world becomes more interconnected and digitized. But the risks and costs of cybercrime continue to grow, as well, and the costs are staggering:

Source: https://us.norton.com/blog/emerging-threats/cybersecurity-statistics#

Against this threat, blockchain technology has been making waves in the world of cybersecurity for quite a few years now, and this innovative technology has the potential to revolutionize the way we approach online security—changing it for the better.

Here are some of the ways that we believe blockchain can be used to improve cybersecurity:

Immutable Records

To transact commerce (as an organization or individual) or operate government in a digital ecosystem requires legally enforceable digital signatures to prove agreement and intent.

Blockchain technology has an ability for the creation of immutable records, providing a secure, auditable trail of all transactions. All records and changes within a document are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts and ensuring peace of mind to its users. This also makes it ideal for use in financial transactions, real estate agreements and other high-value exchanges, where a record of every step is essential for ensuring the integrity of the process.

Secure Authentication

One of the main issues in cybersecurity is the vulnerability of traditional authentication methods such as passwords. Passwords can be easily hacked or stolen, leaving sensitive information vulnerable to attack. This can be a threat to businesses, especially those who store their users personal information. Blockchain technology can be used to provide secure authentication through the use of public-private key cryptography.

“The public key can help in encrypting a message before sending it to the concerned recipient,” explains 101 Blockchains. “When the recipient gets the message, they can use their private key for decrypting the message. It is essential to remember that only the recipient knows about the private key. Therefore, the applications of public key cryptography ensure that the valuable information of users is not tampered with in transit.”

Decentralization

Unliked centralized databases—which can be breached at unsecure endpoints (users and devices) or even at MSPs hosting them, giving attackers complete control once they gain central access—blockchain technology distributes data across geographically separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature so defeats any attack seeking to breach a system and holistically encrypt the data files stored therein: A single endpoint node might be breached and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.


Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully attacked (presumedly compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint).

This unique recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set: With a new key and without needing to pay any ransom to the attackers for restored access.

Identity Verification

Identity verification is another area where blockchain can be used to enhance cybersecurity.  It ensures that the individual claiming a particular identity is actually who they say they are. It is a very important aspect of digital security, especially as identity theft “frequency has sky-rockets in the past few years,” according to the National Council on Identity Theft Protection. “Nearly half of all U.S. citizens became a victim of some form of identity theft in 2020.”

With blockchain, users can have greater control over their personal information, allowing them to manage their digital identities more securely. This makes it more difficult for hackers to steal personal information or create fake identities.

ZorroSign’s Data Security Platform Built on Blockchain

As the world becomes more digitized and interconnected, the importance of cybersecurity will only continue to grow, and blockchain is poised to play a crucial role in ensuring that our digital world remains safe and secure.

ZorroSign’s data security platform was built on blockchain, delivering digital signatures, identity-as-a-service (IDaaS), patented fraud detection, user authentication, document validation, and document management all based on blockchain technologies. 

ZorroSign data security platform built on blockchain
https://www.zorrosign.com/platform/

ZorroSign is a strong addition to any organization’s security stack and brings the cybersecurity capabilities of blockchain to digital signatures and transactional documentation.

To learn more, visit our platform page or contact us to start a free 14 day trial. When the security of your digital data and documents is on the line, block it down!

blockchain for digital IDs
Blockchain technology enhances Digital IDs

Guest blog by Priyal Walpita, CTO at ZorroSign, Inc.

Digital Identity (digital ID) is a representation of information and data unique to a particular person, organization, or group. The role of blockchain in digital ID is to make it more secure, flexible, and interesting.

For individuals, at its most basic level, it consists of a collection of information about a person such as first and last names, date of birth, nationality, passport number, etc. All of these data points are issued and stored by centralized entities. For companies or organizations, digital identity consists of information about their users. The downside of this is the business risk that comes with the rise of user privacy-centric regulations, such as the EU’s General Data Protection Regulation (GDPR). In any case, when they are being relegated to tight-lipped data vaults, the use of this data becomes less which will in return reduce the improvements of the products and the true customer understanding.

What is Digital Identity and Why is it Important?

Digital Identity comprises everything and anything you have on the web which includes but is not limited to images, preferences, usage behavior on websites, bank account information, etc. With the present advancements in digital platforms, digital identity varies across banking systems, social media platforms, and telecommunication.

The importance of blockchain in digital identity is mostly based on securing individuals’ data in a distributed ecosystem. Blockchain plays a major role in ensuring accuracy when speeding up the process of customer onboarding as well as preventing any money laundering and fraudulent activity. Digital identity could help in standardizing and streamlining citizen services in different nations while having a significant part in the facilitation of social transformation projects while ensuring economic improvements.

Being precise on the identity issue eradication, using blockchain identity management, inaccessibility, fraudulent identities, and data insecurity are broadly being discussed. All the traditional methods used for identification have led a significant amount of the population to stay out of the process. Although it has been crucial for an individual to have an identity to gain access to education, the job market, traveling, governmental services, and financial systems. On another hand, the stored data and valuable identification information have been appealing to hackers. Despite all the regulations, legislation and efforts in increasing more and more cyber security, there was an exposure of a considerable amount of consumer data at a large cost. In addition to the above-mentioned issues, users tend to juggle various identities combined with usernames across websites. Data generated by one platform on another platform has no standardization and the links which are weak between the digital and offline IDs give a higher probability of the creation of fake identities.

Effectiveness of Blockchain

Improving the digital IDs with blockchain technology as the base brings several advantages, including improved:

  • Security
  • Privacy
  • Integrity
  • Trust
  • Simplicity

Security-wise, blockchain gives the element of maintaining data in an immutable and encrypted manner, ensuring that the digital identity is secure and easily traceable. In terms of privacy, efficient blockchain encryption, with the facility of digital signatures, ensures effective design and privacy while the maintenance of records of all the identities throughout the nodes across the network creates integrity. In improving trust, the maintenance of communication metadata in a distributed ledger and consensus mechanisms that helps to verify data authenticity across several nodes, plays a major role. Blockchain brings simplicity through the clear roles that are set for the identity issuers, owners, and verifiers in the processes associated with each stakeholder.

In the management of blockchain digital identity, the advantages are crucial for its sustainability. These include:

  • Relief from cumbersome paper-based identity management
  • Self-sovereign identity and easier ID verification
  • Non-custodial login solutions
  • IoT system user identify management
  • Decentralized web identity solutions
  • Improved safeguards for critical infrastructure

Moreover, using blockchains in digital IDs have the following benefits as well:

  • Manageability and control
  • Decentralized storage
  • Decentralized Public Key Infrastructure (DPKI)

Decentralized Public Key Infrastructure (DPKI) is at the heart of Decentralized Identity. Blockchain’s role here is to create a tamper-proof and trusted medium in distributing the asymmetric verification and encryption keys of the holders of the identities. DPKIs give users the ability to anchor or create cryptographic keys on the blockchain in a way that is chronologically ordered. These keys are used in the verification of other users’ information. Identities that are created on the blockchain are inherently safer to use than those that are stored on centralized servers. Cryptographically secure Ethereum blockchain, along with distributed data storage systems like InterPlanetary File System (IPFS) or OrbitDB, enables disintermediate of existing centralized data storage systems maintaining trust and data integrity. When compared, the responsibility of the data security of the identity in centralized identity systems falls under the entity providing the identity. In contrast, the responsibility of the decentralized identity framework falls completely on the user. The user has the sole right to implement his or her security measures or even outsource the tasks to any other service. The main advantage here is that the decentralized identity solutions that are blockchain-powered forcefully make the hackers attack the individual data stores which  becomes highly costly and unprofitable.

Digital identity has increasingly become a part of the social as well as the economic well-being of people all over the world. It has enabled an individual’s right to vote, and access education, and financial systems. Blockchain has become a crucial part in securing these identities by helping to create a decentralized identifier in parallel with the facility for associating digital identity with verifiable credentials. This enables an ultimate digital identity across different platforms under the individual’s control and ownership.

https://nationaltoday.com/national-computer-security-day/

Every November 30th, the United States observes National Computer Security Day. This year, we’d like to share some details on the history of this security awareness, how ZorroSign’s data security platform built on blockchain contributes to computer security, and how you can observe National Computer Security Day to improve your hardware and data security.

HISTORY OF NATIONAL COMPUTER SECURITY DAY

“It seems like every day we hear about breaches in cyber security. Keeping people and companies safe online is a top priority all over the world. It’s something that stays uppermost in our minds on National Computer Security Day. The story of National Computer Security Day is an interesting one.

“On November 2, 1988, Cornell University researchers uncovered an unknown virus lurking in their computer systems. Within four hours of discovery, the Morris worm virus invaded several other university systems as well as the ARPANET, an early version of today’s internet.

“Six days later,  two computer experts with the U.S. Defense Advanced Research Projects Agency (DARPA) recommended assembling  a National Computer Infection Action Team (NCAT) to respond 24/7, 365 to these kinds of attacks. On November 14, the Software Engineering Institute (SEI), a research center connected with Carnegie Mellon University, set up the Computer Emergency Response Team (CERT). 

“In 1988, the National Computer Security Day sprang out of the Washington, D.C., chapter of the Association for Computing Machinery’s (ACM) Special Interest Group on Security, Audit, and Control as a way to raise awareness about cybercrimes and viruses.  According to a 2004 Networld article, ‘November 30 was chosen for CSD so that attention on computer security would remain high during the holiday season – when people are typically more focused on the busy shopping season than thwarting security threats.’ By 2003, CERT and the U.S. Department of Homeland Security joined forces to create the National Cyber Awareness System. 

“Whether we’re talking about National Computer Security Day or  National Cybersecurity Awareness Month also in October, the goals are essentially the same. Each person must be proactive to protect their online security. Use this month to find out all you can about common-sense ways to stay safe in cyberspace.”

HOW ZORROSIGN’S PLATFORM SUPPORTS COMPUTER SECURITY

ZorroSign is the first company that offers a multi-blockchain data security platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and now expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.

Blockchains provide structural layers of protection from cybercrime—like ransomware, malware, or phishing attacks—first, by decentralizing the data set itself (preventing any one breach to access the entire data set), and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.  Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes.  By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set. This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent)
  • Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)

Plus ZorroSign supports computer security with passwordless authentication capabilities, leveraging the biometric security of Apple and Android mobile devices to login to the device (and ZorroSign app) with hardware biometric capture features such as face, fingerprint, and iris scans.  Such biometric login facilitates user authentication at the device-level without passwords (which can be hacked or stolen) for elevated security of digital signatures and your digital documents.

HOW TO OBSERVE NATIONAL COMPUTER SECURITY DAY

  • “Create a strong password
    In computer security, length matters. Passwords that are six characters are easier to hack, especially if they’re only made up of lowercase letters. To beef up your password, weave a nine-character combination of uppercase letters, symbols and numbers. Lastly, avoid using the same password for every account.
  • “Update spyware and malware protection software
    First, check to see if your operating system is up-to-date. If that’s set, update your protection software. Run a scan and don’t forget to invite your other devices to the party. Phones and tablets are also major security risks, so be diligent.
  • “Encrypt and backup your data
    Encrypt your data to create the brainiest of all brainteasers. But keep this in mind: even the best brain teaser can be cracked. That’s why it’s still important to back up your info on either the cloud or an external hard drive. (Just make sure that everything stays encrypted.)”
  • Use ZorroSign’s data security platform built on blockchain
    Tap the cybersecurity of blockchain with ZorroSign’s platform uniting digital signatures (Z-Sign), automated compliance (Z-Flow), intelligent forms (Z-Fill), document storage (Z-Vault), patented fraud prevention (Z-Forensics), user authentication and document verification (Z-Verify), identity-as-a-service (IDaaS), and so much more. Plus elevate computer security with our passwordless login capabilities, and patented Z-Forensics token for fraud detection.  When the risk is personal and everything is on the line, Block It Down!

Contact us to learn more or put us to the test:  Start your free trial of ZorroSign’s data security platform built on blockchain today!

(Originally published in Tech Channel News)

Our CEO and co-founder, Shamsh Hadi, was recently interviewed by two technology news outlets—Tech Channel News and TahawulTech.com.

Tech Channel News helps C-level executives in India and Gulf identify technologies and strategies to empower and streamline business processes. Their portal at techchannel.news informs leaders of what’s new in tech and why it matters.

TahawulTech.com, published by CPI Media Group, is the definitive platform in the Middle East for IT content. Covering stories across enterprise technology, cybersecurity and the region’s IT channel industry, TahawulTech.com brings business leaders and technology decision makers together to share their stories of transformation.

Here are short summaries of those interviews and links to read the original pieces!

ZorroSign Making Waves in Digital Signature Space Using Blockchain Technology

In April 2022, Tech Channel News’ Naushad K. Cherrayil interviewed Mr. Hadi on how ZorroSign safeguards the privacy and security of digital documents, and provides an immutable chain of custody for digital transactions, for governments and organizations in the Gulf Co-operation Council (GCC) countries.

The article notes that there are “huge players in the digital signature space, but none of them have figured out how to cost-effectively map their legacy software in technologies and evolve it into Web 3.0 and blockchain solutions today.”

“We have solved all these problems,” said Hadi. “Successfully bringing blockchain to digital signatures—unlike other competitors, big and small, who simply tried to add blockchain onto their legacy software.”

The article explores ZorroSign’s roots in Dubai with development in Sri Lanka, moving the company’s global headquarters to Phoenix, and standing out from the crowd in a competitive eSignature space.

“Our platform was invented to move documentation, digital transactions from a relationship built on trust to a relationship built on truth, providing customers the ability to positively impact the environment with sustainable practices and securely transform their paper-based workloads to digital in a bid to remove errors and increase productivity,” Hadi added.

Tech Channel News uncovers how ZorroSign leverages blockchain’s zero-trust environment to support governments in the Gulf who are looking specifically for blockchain solutions, noting “two countries that are pushing forward are the UAE and Saudi Arabia.”

You can read Mr. Cherrayil’s full piece in Tech Channel News at https://www.techchannel.news/18/04/2022/zorrosign-making-waves-in-digital-signature-space-using-blockchain-technology/

Tackling Identity Theft

In May 2022, TahawulTech.com’s Anita Joseph interviewed Mr. Hadi on how ZorroSign not only provides digital signatures built on a blockchain architecture, but also integrates identity-as-a-service (IDaaS), biometrics, KBAs, and patented Z-Forensics token to prevent fraud and address identity theft risks.

Ms. Joseph also starts with ZorroSign’s founding in Dubai and how HH Sheikh Mohammed bin Rashid Al Maktoum’s Digital City Vision for Smart Dubai has been a guiding principle for ZorroSign—including his goal of a paperless life in the UAE by 2030.

The article then talks of identity theft and how ZorroSign technologies confront the issue: “Not only does our web3 platform leverage the cryptographic security capabilities of blockchain,” said Hadi. “But it also integrates Identity-as-a-Service technologies into our solution set to combat fraud, identity theft, and cyber-attacks.”

Security trends, cybercrime, and various cyber-attacks are discussed, as well as how distributed ledger technologies such as blockchain can help defend and/or recover from such attack vectors.  The article ends with ZorroSign’s plans for 2022 and early verticals benefitting from blockchain-based digital signatures.

You can read Ms. Joseph’s full piece in TahawulTech.com at https://www.tahawultech.com/industry/technology/interview-tackling-identity-theft/amp/

Learn more about how ZorroSign helps governments, companies, and individuals around the world with digital signatures and maintaining privacy and security with their digital transactions:  Contact us today or start your Free Trial.

ZorroSign team members, Cassidy Alexander, Kristen Harder, and Michael Jones were pleased to attend the ninth annual Cybersecurity Summit in Scottsdale on May 12, 2022, hosted by the Arizona Technology Council, Arizona Commerce Authority, and Arizona Cyber Threat Response Alliance (ACTRA).

The educational event provided an opportunity for government and business leaders to learn about the threats, vulnerabilities and consequences related to data security and privacy matters via panel discussions, keynote speakers—Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona, and John Davis (Major General, US Army, Retired), VP Public Sector at Palo Alto Networks—sponsors and other cybersecurity presentations.

Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona

Key Themes of the Summit

CISO Panelists

Blockchain Architecture For Elevated Security

ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.

https://www.zorrosign.com/media-press-room/zorrosign-announces-strategic-partnership-with-provenance-blockchain/

How does this blockchain architecture contribute to cybersecurity?

Blockchains provide structural layers of protection from cybercrime—like ransomware, malware, or phishing attacks—first, by decentralizing the data set itself (preventing any one breach to access the entire data set), and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.

Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign is a strong addition to any organization’s security stack, and brings the cybersecurity capabilities of blockchain to digital signatures and transactional documentation.

Z-Forensics Token

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent)
  • Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)

Unlike any other digital signature solution, ZorroSign seals all our clients’ documents with the Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

To learn more about how ZorroSign helps companies and IT departments elevate data privacy and security, please contact us or start a Free Trial today!

It is no secret that cybercrime has skyrocketed within the last few years, in fact, cybercrime in the U.S. jumped by 55%. This increased risk drives a greater need for privacy and security, especially within IT companies and departments responsible for digital data and cybersecurity.

ZorroSign can help your IT company or department combat the elevated security risks with our digital transaction platform, built on blockchain architecture, and calibrate your company and customers for success!

Blockchain Architecture For Elevated Security

ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, offering peace of mind for your company’s and customers’ digital transactions, while preventing fraud and ensuring regulatory compliance.

How does this blockchain architecture contribute to ZorroSign being the best platform for IT companies?


Blockchain provides structural layers of protection from cybercrime, like ransomware, malware, or phishing attacks: First, by decentralizing the data set itself (preventing any one breach to access the entire data set); and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.

Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature so defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign is a strong addition to your security stack, and brings the cybersecurity capabilities of blockchain to your company’s and customers’ digital signatures and transactional documentation.

Z-Forensics Token

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token.

This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification); 
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent); and, 
  • Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

Unlike any other digital signature solution, ZorroSign seals all your documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

Your IT company or department gains peace of mind when you Z-Sign!

Cloud Configuration

On top of providing the security that your company and customers need, ZorroSign’s software-as-a-service (SaaS) model can be deployed in various cloud configurations, making it seamless to integrate into your existing platform.

Our multi-chain blockchain platform can be deployed in a public, private, hybrid, or on-premise cloud:

  • Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
  • In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
  • In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
  • On-premise deployments require your department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes

Your IT company or department can scale and deliver data privacy and security aligned to your existing deployment architecture—as public, private, or hybrid as it may be!

To learn more about how ZorroSign helps IT companies and departments elevate your data privacy and security, please contact us or start your 14-day Free Trial today!

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), more than 90% of all cyber attacks begin with phishing.

“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” explains CISA. “Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.”

Thus phishing attacks seek to steal data or inject malware—adware, bots, keyloggers, ransomware, spyware, trojans, worms, etc.—that cause damage at a later time.

Phishing Attacks

In phishing attacks, “scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts,” warns the Federal Trade Commission (FTC). “Scammers launch thousands of phishing attacks like these every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.”

“What really distinguishes phishing is the form the message takes,” notes a recent CSO online article. “The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.”

This credibility is paired with a sense of urgency to inspire victims to respond quickly to the message: Clicking a link or downloading a file that starts the attack. For example, Crowdstrike, a cybersecurity company, found that Amazon and Apple were the two most impersonated organizations for phishing scams in 2020. As the COVID-19 pandemic moves more people to work-from-home and out of traditional workplace settings, phishing scams increase to take advantage of anxiety and remote communications.

“Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns,” adds the CSO online article. “During a crisis, people are on edge. They want information and are looking for direction from their employers, the government, and other relevant authorities. An email that appears to be from one of these entities and promises new information or instructs recipients to complete a task quickly will likely receive less scrutiny than prior to the crisis. An impulsive click later, and the victim’s device is infected or account is compromised.”

“Phishing and social engineering attacks are now experienced by 85 percent of organizations,” reports Accenture. And the number of phishing attacks has been increasing in the United States, “with a growth of 65% in the last year,” adds Crowdstrike.

Blockchain Cybersecurity Against Phishing

“Traditionally, businesses sought to prevent phishing attacks through employee training,” writes Cloudphish, a blockchain cybersecurity company. “While this method did provide some success, it was overly reliant on human judgment.” As an alternative to such an approach of relying upon employees and staff to determine what emails or attachments they can safely open, blockchain offers a chance to secure the system access attackers ultimately seek.

Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against phishing attacks.

  • In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.

    Whereas centralized databases can be stolen by one endpoint breach—such as the infamous attacks on Yahoo in 2013 and 2014, the United States Office of Personnel Management (OPM) in 2015, Equifax in 2017, Marriott/Starwood Hotels in 2019, and countless others—the distributed ledgers of blockchains minimize the potential damage of any phishing attack on individual endpoints. At ZorroSign, for example, we use a private permissioned blockchain, Hyperledger Fabric. Hence, even during a successful phishing attack, the adversary would not gain access to the blockchain data because the adversary would not have access to the blockchain certificates.  With Hyperledger Fabric, blockchain certificates are maintained in a secured certificate authority.
  • In phishing attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so phishing attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

    Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This quick recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.

To learn more about blockchain as cybersecurity and how ZorroSign employs private, permissioned Hyperledger Fabric blockchain, visit https://www.zorrosign.com/z-forensics/secure-blockchain-technology/