Four specific cyber threats related to blockchain use and how to manage them
- Published: Wednesday, 22 February 2023 09:28
An article published by World Economic Forum says that while ‘blockchain will be key to embracing the Fourth Industrial Revolution’, organizations must be wary of associated cyber threats.
The article, ‘Is blockchain really secure? Here are four pressing cyber threats you must consider’ discusses the following ‘four major cyber threats that need to be considered with regards to blockchain’:
Consensus protocol threats
Blockchains use consensus protocols to reach agreement among participants when adding a new block. Since there is no central authority, consensus protocol vulnerabilities threaten to control a blockchain network and dictate its consensus decisions from various attack vectors. Consequently, the consensus protocol must be evaluated and tested properly to ensure it always reaches an expected resolution.
Breach of privacy and confidentiality
The second threat is related to the exposure of sensitive and private data. Blockchains are transparent by design, and participants may share data that attackers can use to infer confidential or sensitive information.
As a result, organizations must carefully evaluate their blockchain usage to ensure that only permitted data is shared without exposing any private or sensitive information.
Compromising of private keys
The third threat is the compromising of private keys that blockchains use to identify and authenticate participants.
Attackers may compromise private keys to control participants’ accounts and associated assets by using classical information technology methods, such as phishing and dictionary attacks, or by exploiting vulnerabilities in blockchain clients’ software.
Smart contract defects
The fourth threat is that of smart contract defects that adversaries may exploit to launch attacks.
Smart contracts must be evaluated and appropriately tested to resolve possible defects and adhere to business and legal requirements.
To improve blockchain security various actions are highlighted:
- Provide education and training and adopt industry best practices.
- Implement sensible regulations of blockchain and expand them globally to increase adoption and build trust of the technology.
- Define security objectives that align with current business continuity, crisis management and security policies. The evaluated blockchain solution must be configured to meet these objectives.
- Perform a risk assessment to discover potential threats and existing vulnerabilities. This assessment may be conducted following the same framework used by organizations for other information technology deployments.
- Create security controls and associated governance protocols to reduce the identified risks. If software development is required, organizations must develop the requirements following secure development practices, such as the secure software development life cycle (S-SDLC) methodology.
- Continuously monitor and audit security in response to new threats and incidents.