The Blockchain industry and cryptocurrency market have been rapidly developing and now constitutes a significant share of the global economy. In fact, as Ramy Al Damati, Enterprise Security Expert for Middle East, Turkey and Africa at Kaspersky tells us, Blockchain-based technology is becoming increasingly popular and is being used to solve a wide range of tasks and becoming a key element in establishing business processes.
The benefits of Blockchain are evident. From anonymity to ‘out of the box’ consistency – where new blocks can only be added if they satisfy Blockchain rules, ensuring consistency and integrity cannot be easily compromised, to allowing the transfer of money without some kind of center – which industries didn’t know how to do before Blockchain.
However, with all technology still in its infancy, there are a few disadvantages – especially with regards to scalability, interoperability and standardisation. Concerns have also been raised around inefficiency, cost and given that Blockchain increases in volume at an incredible rate, there are fears that it is too large to manage tightly – which could present some risk.
Exposing the Blockchain
While many organisations are driving Blockchain-based products and applications, many also worry about investing in the crypto economy. Despite being a security-driven measure, a Blockchain itself can be exposed to various risks and we are seeing various threats and cybersecurity risks around the crypto economy emerge.
From phishing copies of popular tokenized websites, to targeted attacks on crypt exchange companies as well as adware intended to steal cryptocurrency, the risks are very real and given the fact that Blockchains contain sensitive information about the assets and infrastructure of specific users and enterprises, it’s easy to understand the apprehension.
To understand the risks better and implement the appropriate security measures, organisations first need to distinguish between public and private Blockchains. A private Blockchain is typically used by organisations and consortia – where only specific members will have the right permissions. Permissioned networks place restrictions on who is allowed to participate in the network and in what transactions. Also, all private Blockchains can be replaced by a traditional centralised solution with the same properties. Public Blockchain, on the other hand, may be used by the whole world.
All public Blockchains are, in essence, cryptocurrencies. They are permissionless where anyone can join the Blockchain network, meaning that they can read, write, or participate. Public Blockchains are also decentralised, which means that no one has control over the network, and they are secure in that the data can’t be changed once validated on the Blockchain.
The common thinking is that the more members a Blockchain has, the more secure it is. Blockchain has an inherent property in that it is impossible to rewrite historical data during normal operation.
But, in centralised systems, as a rule, unauthorised access to one main node can jeopardise the entire system. Public Blockchains are often called ‘censor-free’ and are particularly resistant to distributed denial-of-service – DDoS – attacks. A private blockchain, on the other hand, can be altered by its owner, making it also more vulnerable to hacking.
Applying adaptive security
In general, Blockchain-based systems are subject to about the same number of risks as traditional centralised systems. Like any growing digital economy, where there is opportunity, there are cyber-criminals, but it shouldn’t deter the market. Rather they should be looking at a proactive approach to Blockchain security; the same way that cybersecurity awareness, technology and threat and risk mitigation forms a critical component of any digital business, this should expand to include Blockchain as it slowly becomes an integral part of the business process.
An organisation should start with a security audit for smart contracts and chain-code to make sure they are thoroughly analysed for vulnerabilities, business logic discrepancies and undeclared functionality. Highlighting all potential threats allows the organisation to react and update relevant contracts accordingly. This should be followed with an Application Security Assessment for distributed ledgers – looking at vulnerabilities in applications that work on top of Blockchain infrastructure and make use of the architecture. Then endpoint protection should be considered – securing the entire system at the device level.
There is a growing demand for cybersecurity from Blockchain start-ups that are looking for both protection from cyberthreats and additional evidence that they can be trusted by investors. And just like adaptive, comprehensive security that safeguards continuity and assets, this thinking should be applied to blockchain security and the crypto economy if we are to continue to see its maturity and benefits come to the fore.