One of the hottest topics in cybersecurity circles is the enterprise blockchain. This is the same technology that underpins cryptocurrencies like Bitcoin. Simply defined, blockchain is a list of transactions or contracts shared with peers and locked down by some clever cryptography. Beyond Bitcoin, it can ensure the integrity of supply chains, manage contracts, or even as serve as a platform for financial transactions.
Its popularity in the cryptocurrency space, use of cryptography, and distributed nature prove to supporters that the blockchain is the solution to many of our current cybersecurity problems. Akamai Technologies, for example, is currently building a blockchain-powered network for online payments. “Blockchain in and of itself is a security technology,” says Andy Champagne, VP and CTO of Akamai Labs. “It is really grounded in security principles.”
News about hacks of Bitcoin exchanges is relevant for open, public networks where anyone can set up a node, but enterprise blockchain projects are different from public networks, Champagne says. “Enterprise blockchain is usually permissioned blockchain,” he says. “There’s a set of nodes, but the nodes are private, and access to the nodes is limited through a set of security perimeters to folks who are part of the institution.”
It’s not just hype, confirmed Andrew Howard, CTO at Kudelski Security. Even if it’s not a panacea, the benefits of blockchain are real, and the technology is here to stay. “The basic concept, hypothetically, is very resistant to attacks,” he says. “In an academic point of view, blockchain makes a lot of sense. They are very difficult to attack if properly implemented.”
While blockchain might be a difficult target for hackers, it’s not invulnerable. Many security experts warn that blockchain implementations bring with them a wide range of dangers that companies need to be aware of.
Crypto crime is big business
There haven’t been any reports yet of cyberattacks against enteprise blockchain projects, but that’s mostly because the technology is still in the development or pilot stages. Attacks on public blockchain projects are common.
According to Carbon Black, hackers have stolen $1.1 billion worth of cryptocurrency in the first half of this year. “The growth of cybercrime has fueled a rise in the number of individuals who can write malicious code, and the dark web gives them the perfect marketplaces to sell them on,” says Rick McElroy, Carbon Black’s security strategist. The expertise the criminals are gaining from these attacks, and the tools that are proliferating in the underground, can be leveraged against enterprise projects.
Most of the cryptocurrency attacks aren’t aimed at the core blockchain technology, McElroy adds. Instead, the criminals go after poorly secured exchanges and individuals and businesses who aren’t adequately protecting their wallets. They also launch man-in-the-middle attacks to divert cryptocurrency transactions into their own wallets.
Many of these issues have to do with end-user security or problems with implementation, not the blockchain encryption protocols themselves, according to a recent McAfee report about blockchain security. Enterprise projects could have implementation issues as well, even if they don’t have the same breadth of publicly exposed attack surface. “For any enterprise looking to adopt blockchain, they should first weigh the benefits and cost of implementation versus the risk of new technology adoption,” says McElroy.
With that in mind, here are the 5 biggest blockchain security risks: