Ever since the publication of the Bitcoin white paper 12 years ago, there has been much excitement in business circles about the potential advantages that this revolutionary technology might provide to enterprise. It was immediately clear that many of the design characteristics inherent to blockchain could provide clear business benefits, from the potential for its distributed nature to guarantee operational resilience and eliminate any single point of failure, to how its intrinsic qualities of transparency and immutability could assist organizations to demonstrate accountability.
And, indeed, in recent years there has been a flurry of activity as organizations of all shapes and sizes scrambled to capitalize on these and other potential advantages, proving to their shareholders, customers and the broader public that they prioritized innovation and the latest technologies. Of course, as the technology has continued to evolve, it has become clearer that there are certain sectors that stand to benefit more than others from adopting blockchain technology, and some of those early adopters and experimenters have since moved on to pastures new, in search of the next latest and greatest thing that will revolutionize business as we know it.
For those who have remained committed to seeing through the promise originally offered by blockchain, recent years have heralded dramatic changes within the industry. In addition to game-changing developments such as smart contracts and sharding, we have witnessed the emergence of an entirely new financial subsector — decentralized finance or, DeFi, for short. As well as being remembered for a number of other things, 2020 will no doubt be recalled as the year in which DeFi really started to boom. The last few months alone have seen the amount of money locked in the space balloon to $12 billion, a clear indication, if any more were needed, that DeFi holds real potential and that the sector isn’t going away anytime soon.
Anyone with a background in cybersecurity has been watching all of this unfold with a mixture of awe and terror. While it is great to watch this nascent technology that we all know and love so well commence its long climb towards market dominance, it is also now high-time that we address the elephant in the room: the blockchain risk-reward matrix, which ignores high risk for the potential of high rewards.
Those design principles that we talked about earlier — decentralization, immutability, and availability — have imbued the blockchain industry as a whole with a certain feeling of invincibility when it comes to the risks posed by cybercriminals and hackers. To some extent this is justified; blockchain is secure and resilient by design, likely more so than many of the centralized systems in use by enterprises at present. However, we can’t simply turn a blind eye to the fact that blockchain doesn’t exactly have the best reputation when it comes to cybersecurity. On the contrary, events like the Mt. Gox and DAO hacks tarnished the industry’s reputation, leaving an indelible stain and providing blockchain skeptics with a tangible example of a time when the industry let its guards down.
In business, accountability is everything. It’s one of the things that drew people to blockchain in the first place and, ironically, it has been one of the things that has hampered broader adoption of the technology by enterprises. As blockchain has matured, so too have companies’ expectations of what it can achieve for their businesses. We stand poised at the point of broad industry adoption of blockchain, and demonstrating clear accountability and adherence to cybersecurity best practices could be the final push we need to get over the line.
When it comes to demonstrating accountability, presenting a robust cybersecurity strategy has emerged in recent years as one of the most effective ways in which to do so. As such, cybersecurity has assumed its place as a priority item on the agendas of business leaders in a variety of industry sectors. As well as having the potential to cripple an organization financially, highly-publicized hacks and data breaches have resulted in intense scrutiny from regulators. Events such as the Equifax data breach, which eventually saw that company settle with regulators to the sum of US$700 million, and the introduction of the General Data Protection Regulation (GDPR) which leverages penalties of up to US$23.6 million — or 4% of annual global turnover, depending on whichever is greater — mean that corporations can no longer afford to be lax in their approach to warding off cybercriminals.
See related article: Rented hash power for 51% attacks is a ‘huge vulnerability’ for proof-of-work blockchains, says ETC Labs CEO
As enterprises become more serious about implementing blockchain solutions that will impact their businesses, so too must blockchain companies become more serious in proving their security and resilience. To this end, it is crucial that the blockchain sector implements standardized information security measures across the board to demonstrate that projects comply with the rigorous standards expected by the companies with whom they wish to work.
There are many ways in which projects can achieve this, but a good place to start is by proactively soliciting a comprehensive security audit from a security expert. The results of such an audit can assist founders to identify potential vulnerabilities or areas of concern, helping them to see around corners to the possible threats that may arise down the line. If enough projects opt to take this holistic and proactive approach to information security it will pay dividends, and greatly help to fortify the blockchain sector against potential catastrophes.
Those who neglect to take action now would do well to remember that, on countless occasions before, cybercriminals and hackers have proven their ingenuity and creativity when it comes to bypassing security systems and protocols that were thought to be secure. Not only that, but regulators will not simply take it for granted that blockchain systems for business are sufficiently secure by design.
As Suchitra Nair, director at Deloitte U.K.’s Risk Advisory practice, puts it: “Operational resilience of the blockchain will be a key focus area for regulators and will need to be rigorously tested and evidenced by the firm to gain regulatory assurance. Senior management should be able to articulate the key risks underpinning the blockchain solution and the governance and control framework that has been established to manage them.”
In the true spirit of blockchain, success in security is an undertaking of the entire community. The weakest link breaks the chain, hurting the legitimacy of the space and stifling the trust needed to shepherd mainstream adoption. Although the innovation of blockchain is still gaining its footing across industries, the collective effort of bolstering cybersecurity efforts will do wonders for the maturity of the space, carving the path for blockchain to prove its full potential.