Digital trends continue to push our lives to the next level, notably accelerated by the pandemic. New technologies, such as mobile devices and applications, have become lifestyle essentials.
Similarly, businesses — whether established ones or startups — have also adopted emerging technologies to cope with the fast-rising demand of digital consumers.
One such technology is blockchain. It uses a distributed decentralized network to maintain the security and credibility of each piece of information stored in the system. However, despite the attention it is getting from the business community, there is still some confusion about what it is and the cybersecurity issues it is currently facing.
THE BLOCKCHAIN BUSINESS TERRAIN
In an article by PwC US (n.d.), blockchain is defined as a decentralized ledger or record-keeping system that facilitates transactions across a peer-to-peer network consisting of two or more devices that share a common file. Participants can confirm transactions without the need for a central clearing authority.
Blockchains offer various ways to improve day-to-day operations. They can enhance transparency, accuracy in tracking and cost efficiency. They can even serve as a permanent ledger that provides robust security. One of its known uses is in cryptocurrency, a medium of exchange stored in an electronic blockchain using cryptographic techniques to verify the transfer of funds.
Businesses across various industries use blockchain. For example, in financial services, remittances are processed faster and in a more transparent manner because there is a shared process that acts as a single source of truth. In healthcare, patients’ encrypted data are shared across providers without security risks.
Blockchain can be implemented as a public or private network. In cryptocurrencies, businesses operate using public blockchain networks where participants are allowed to contribute and maintain the network. On the other hand, for businesses such as financial institutions, healthcare, and other private institutions, private blockchain networks are where identities are verified. Membership and access to it are only granted to known participants.
CYBERSECURITY IN BLOCKCHAIN
As we explore the world of blockchain, it’s important to understand the fundamental role that cybersecurity plays in its implementation.
By 2025, it is estimated that cybersecurity-related events will cost around $10.5 trillion annually, reflecting a 15% increase in cybercrime (Morgan 2020). In 2022, businesses operating in the crypto market lost approximately $3.7 billion due to various cyberattacks, such as hacks and scams (Malwa 2023).
To protect themselves from cyberattacks, companies must understand the potential threats and vulnerabilities in blockchain-based systems. While there are several known security issues, threat actors typically employ three common attacks:
1. Phishing: Threat actors send a legitimate-looking website login page to capture data, such as usernames, passwords, and other user-related information. Gaining access to this data can lead to possible damage to the blockchain network.
2. Endpoint vulnerabilities: Blockchain endpoints include mobile devices, laptops, and desktops. They are the most vulnerable areas. Users often store their private keys on these devices, making them attractive targets. By covertly monitoring these endpoints, threat actors can steal private keys and gain unauthorized access.
3. 51% attack: Threat actors control more than half of the hash rate, enabling them to alter order forms or transactions even before they are confirmed or even after they have occurred. This means that they can forge every transaction within a blockchain.
By understanding the security risks associated with emerging technologies, organizations can proactively safeguard themselves while maintaining business continuity when adopting trends.
MITIGATING CYBERSECURITY RISK
Adopting new technology does not come without risks. However, there are several security practices that companies can adopt to mitigate these risks.
• Implement strong authentication and access controls. Devices connected to the blockchain network need to be secured with standard security best practices to make sure that appropriate access is only given to eligible users.
• Regularly update and patch blockchain software. Every kind of software is prone to get hacked as attackers find a way to exploit them for malicious purposes. To avoid this, update, or patch software regularly with the latest security features to prevent intruders from accessing important information and avoid exposing your system to vulnerabilities.
• Employ encryption techniques for secure data transmission. Sending data from Point A to Point B is one thing. Securing this transfer of data is another. Confidential data should always be transferred securely by using secured routing protocols with updated certificates to prevent data leaks.
• Conduct regular security audits and penetration testing. Security audits and testing should be conducted at least once a year to review and assess your organization’s security posture.
SECURE YOUR BLOCKCHAIN PROACTIVELY
Adapting to new technology can be a challenge, especially in organizations that only need something that “works.” Blockchain can be one of these solutions, but it can only be beneficial in the long run when implemented with stringent security policies. Proactive monitoring and cybersecurity training are a must to ensure an effective response to new threats and incidents.
As technology continues to evolve, it is essential to conduct proper due diligence and risk assessments before implementing and adopting new solutions on a wide scale basis. This reduces exposure to potential risks and threats. The security of blockchain-based systems is fundamental, and if businesses want to stay ahead of the game, they have to stay vigilant and proactive in their security practices.
The views or opinions expressed in this article are solely those of the authors and do not necessarily represent those of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd. The content is for general information purposes only, and should not be used as a substitute for specific advice.
Alan Jelson Timtiman And Jan Joshua Batu are senior associates from the Cyber and Forensics practice of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd., a Philippine member firm of the PwC network.
(02) 8845-27 28