With companies across industries adopting blockchain technologies, security concerns remain, according to the World Economic Forum.
At RSA 2019, Charles Henderson of IBM X-Force Red explained the cybersecurity challenges involved in bringing blockchain to the enterprise.
Business leaders across industries are investigating how to leverage the benefits of blockchain technologies, but security remains a top concern, according to a recent report from the World Economic Forum (WEF).
Blockchain adoption is steadily increasing, according to Gartner research, moving from about 1% of organizations running product pilots to 3.3% in the past year. While blockchain can offer several security benefits, including cryptography, immutability, and decentralization, business leaders still struggle with questions around the best technical approaches to the technology, and how attackers could compromise it, the WEF report noted.
SEE: What is blockchain? Understanding the technology and the revolution (free PDF) (TechRepublic)
Here are three key factors business leaders must consider when it comes to securing the blockchain:
1. Security is not just a technical problem, it is a leadership problem
While organizations are increasingly understanding the importance of cybersecurity in the digital age, many companies still lack a cybersecurity leader, indicating that it is not considered an important business function, the report noted.
Tips for leaders:
⦁ Establish a security leadership position in your organization and ensure that they are empowered to take action where necessary. This leader needs to be able to effectively advocate for the security needs of the organization, particularly when security needs come into conflict with the functional needs of the organization.
⦁ Educate yourself on core secure design principles in order to be better informed when interacting with your designated security leader. This ultimately makes you more effective in stewarding this domain, for which you are ultimately responsible.
2. Exploitation is not just a result of attacker capabilities, but also of developer errors
While cybercriminals are capable of launching increasingly sophisticated attacks, the most common exploits result from an organization’s failure to understand and implement effective security measures, the report noted.
Tips for leaders:
⦁ Train your developers on security. They don’t need to become the next celebrity at the annual security conclave DEF CON, they just need to understand the core principles of security - particularly cryptography, given its core application to blockchain - and how to implement these principles in the solutions they are building.
⦁ Recognize that the security essentials matter just as much as - if not more than - the exotic novelties. This calls for an important leadership mindset shift because, unlike worrying about the unknown, you have a tremendous amount of control over assessing your own technology for the ways in which attackers of all skills might try to exploit common developer mistakes.
3. While attackers do compromise a blockchain itself, they more commonly exploit the configuration of the technology leveraging a blockchain
In keeping with the above, attackers most often try to compromise human error in the deployment of the blockchain, rather than the blockchain itself, to get the most bang for their buck, according to the report.
Tips for leaders:
⦁ Build out your threat model to understand who your potential adversaries are; why they are interested in exploiting your system; what types of skill they have; and what types of resources they have.
⦁ Ensure your organization has the requisite security talent. You need the right specialists to help you pursue your security mission.
⦁ Partner with an independent, third-party security expert. Whether instead of, or in addition to your own in-house talent, you need experts on your side who have an independent perspective, free from any political bias that may exist in the organization, and who spend all of their time studying how to defend against the adversary.
“Effective security leadership may be difficult, but it is achievable,” the report stated. “As a leader, if you can break down the security challenge into its core components, you can then build out an action plan to address the root issues. Blockchain technologies are revolutionary in many ways, but the simple fact that blockchain is different need not require a wholly new security paradigm.”
For more, check out What CIOs need to know about getting started with blockchain on TechRepublic.