5 Blockchain Security Issues CISOs Need to Wake Up To

{authorName}

Tech Insights for ProfessionalsThe latest thought leadership for IT pros

22 September 2022

Blockchain could lead to a variety of exciting benefits for your company, but make sure you're not being exposed to security risks through lack of knowledge or preparation.

Article 5 Minutes
5 Blockchain Security Issues CISOs Need to Wake Up To
  • Home
  • IT
  • Security
  • 5 Blockchain Security Issues CISOs Need to Wake Up To

Blockchain technology - which is based on the use of shared digital ledgers of transactions that can be distributed across computer networks - could have a key role to play in the future of business.

Research has shown that 11% of organizations are already using blockchain in some way, while three-quarters are looking into how it could be relevant and useful for them.

The technology offers the potential to optimize business functions and processes including:

  • International payments
  • Regulatory compliance
  • Protection against money laundering and fraud
  • Supply chain management

To maximize the benefits of blockchain, however, you need to ensure you're aware of the biggest security issues and potential risks associated with it.

1. Public vs private blockchain

Before your organization has any involvement with blockchain, it's crucial to understand the fundamentals of the technology. Your entire IT team and the employees who will be working with blockchain-related processes need to have a solid grasp of concepts such as the differences between public and private networks.

  • Public blockchains: These are typically open for anyone to join and allow participants to stay anonymous. The members involved in the chain adhere to a consensus mechanism that helps to ensure the transactions contained in each block are accurate and correct. The best-known example of a public blockchain is Bitcoin, which uses the process of Bitcoin mining to achieve consensus.
  • Private blockchains: In contrast, these only permit known users and organizations to join, meaning member ID verification is required to gain access. Consensus is achieved through selective endorsement, whereby known users verify transactions, and special permissions are required to maintain the ledger of transactions.

Public and private blockchains have various benefits and drawbacks, but from a security perspective, private and permissioned networks can be easier to control and are more conducive to regulatory compliance.

2. Endpoint and vendor vulnerabilities

One of the biggest advantages of the blockchain concept, as far as security is concerned, is that it was specifically designed to make hacking and unlawful manipulation almost impossible, or at the very least extremely difficult.

However, it's important to note that, while the chain of transactions itself may be shielded from outside influence, in many cases there will be an endpoint that could be more vulnerable. Digital wallets or accounts that receive a final deposit of funds may not be as impervious to hacking as the blocks within a chain, for example.

Furthermore, your business use cases for blockchain may be reliant on certain third-party applications and vendors, such as smart contracts and payment processing platforms. If this is the case, you need to have absolute confidence these services can maintain high security standards and don't represent a weak link in the chain.

3. Scalability risks

The blockchain market is growing, with some projections suggesting corporations will spend $20 billion a year on this technology and related services by the end of 2024.

While this rapid development will undoubtedly offer new opportunities, there could also be significant risks associated with the steady upscaling of blockchain technology. The current direction of travel in this space suggests chains of transactions will only get bigger, giving rise to large-scale networks that are, as yet, untested.

As the blockchain ecosystem continues to expand and evolve, the risk of vulnerabilities emerging in underlying infrastructure and security protections will also increase. Getting more employees involved in using the technology could also raise the possibility of human error and potentially dangerous oversights.

4. Cyberattacks and fraud

Fraudsters and cybercriminals are always looking for weaknesses in new technologies and business processes, and blockchain is no different. The fact that transaction ledgers are essentially tamper-proof doesn't necessarily mean blockchain is entirely protected from cyberattacks.

Significant risks to be aware of include:

  • Phishing attacks: Fraudsters can send blockchain users seemingly legitimate emails to gain access to their credentials and other sensitive information. As well as leading to financial losses for individual users, this can compromise the security of the entire blockchain network.
  • Routing attacks: This strategy sees hackers intercepting data transfers as they're being made to internet service providers. This can allow them to access sensitive information without the blockchain participants even being aware of the activity.
  • Sybil attacks: Cybercriminals use Sybil attacks to flood networks and crash vital systems by creating multiple false user identities.
  • 51% attacks: Unique to public blockchains, 51% attacks occur when malicious users gain more than 50% of a network's mining power and are therefore able to control and manipulate the ledger to their own ends.

5. Flaws in software and support services

Enterprise blockchain applications are reliant on software, so it's crucial to ensure the platform you're using is up to date and fit for purpose.

Writing for TechTarget, Kurt Seifried, Chief Blockchain Officer and Director of Special Projects at the Cloud Security Alliance, warned against the common enterprise practice of choosing a software version and never upgrading it due to concerns over the disruption it could cause.

Blockchain technology is evolving at a rapid pace, so if your underlying software is out of date, you're likely to encounter serious flaws and vulnerabilities in your network.

You also need to ensure any vendor services you're using to run your blockchain functions, such as cloud or third-party hosting, are able to meet your required security standards. Failing to do so could lead to operational problems and security risks.

"The lesson here: Ask questions. Vendors and service providers that care about security will answer them and not be evasive." - Kurt Seifried
 

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.

Comments

Join the conversation...