The importance of blockchain security in an interconnected world.
By Ian Barker
Blockchain is best known for its application in securing cryptocurrency. But in recent years it’s expanded to drive emerging business in other sectors such as healthcare, real estate, smart contracts, and more.
Because blockchain ensures a tamper-proof ledger of the distributed transactions, it’s sometimes used for high-risk transactions and exchanges. But this presents high stakes opportunities for adversaries to steal money and sensitive information.
We spoke to Thomas Carter, CEO of True I/O, to find out more about the risks to blockchains and the challenges of securing them.
BN: What are the most used cyberattacks against blockchain?
TC: Blockchain networks typically have no single point of failure, but this doesn’t mean organizations utilizing these networks are entirely safe from risk. External events outside of the control of the blockchain can still pose potential threats, and perpetrators of cybercrime have been attempting to identify and exploit vulnerabilities in the blockchain for personal profit since the technology was introduced in 2008. By leveraging many different attack vectors, they jeopardize the security of blockchain networks and target the data and money of the organizations using them.
One typical cyberattack includes a bug called transaction malleability, which compromises the network while transactions are pending validation. In these situations, attackers attempt to alter a transaction’s ID to disrupt the chain and payment verification process. Perhaps the most significant example of this type of attack occurred in 2014 when Bitcoin experienced a large-scale, long-lasting attack that resulted from transaction malleability. In addition to negatively impacting the overall user experience and attracting negative media attention, this attack also caused Mt. Gox, the world’s first Bitcoin exchange, to go bankrupt.
Similarly, Ethereum was targeted by a hacker in 2016 who exploited the network’s smart contracts. In doing so, they created an overflow in the network, severely impacting the creation of blocks and the transaction validation process while slowing the web for users worldwide.
Other common cyberattacks against blockchain include distributed denial of service, time jacking, and routing and sybil attacks.
BN: Which industries are at the most risk and why?
TC: Regardless of industry, any entity allocating insufficient time, money, and resources to preserve the security of its users and their private data is at risk of becoming the target of an attack. Unfortunately, because many organizations do not currently prioritize cybersecurity in their budgets, many are at risk and do not even know it.
A recent survey that cybersecurity only accounts for an average of 5.7 percent of an organization’s total IT spending. Data from the last five years shows that the range typically varies between two percent and 11.5 percent of total IT budgets, with firms in the technology sector spending the most and government entities spending the least.
We observe the most vulnerabilities within small businesses and organizations in the healthcare, higher education, energy, and government sectors. We also often see financial institutions and organizations in the media and telecommunication sector targeted by cyberattacks.
BN: What is the difference between public/private blockchain protection?
TC: While a public blockchain is decentralized — meaning that anyone can access and participate in the network — private blockchains require specific permissions from users and have a single administrative entity controlling the entire network. However, this doesn’t mean that private blockchains are necessarily more secure.
Public blockchains are often more secure because they possess a more considerable amount of nodes. Nodes are the devices that maintain copies of the ledger, verify transactions, and share information. With more nodes, attackers can’t take control of the consensus network. Public blockchains are, therefore, more robust against cybercrime.
On the other hand, private blockchains possess far fewer nodes than public blockchains. With fewer nodes, there is a greater risk of being hacked and experiencing a breach or manipulation of data. To ensure protection against unexpected attacks and events like natural disasters that can disrupt the network, private blockchains distribute the network globally to promote continuity and seamless operations.
BN: What should companies do to protect themselves?
TC: No organization is entirely safe from cyberattacks. Essentially, there are two types of companies: the ones that are aware they have been breached and those that haven’t realized. To mitigate the risk of cyber attacks, it is essential to provide adequate funding for cybersecurity-related software to identify and prevent potential vulnerabilities in the network. These technologies reduce risk by providing an additional layer of security around your network and data, making it harder for attackers to succeed in their efforts while minimizing the time it takes to detect a breach.
When it comes to private blockchains with fewer nodes, it is imperative to ensure that there are no single points of failure on either an organizational or platform level and that the network is distributed globally, as mentioned above. In doing so, they protect against potential cyberattacks and can guarantee continuous operations, even in a natural disaster or coordinated attack.
An event like a global internet outage would disrupt even a public blockchain network such as Bitcoin or Ethereum, creating outages that would impact an organization’s operations as with any other technology. In these situations, it is essential to have resources in place to respond and remedy these issues quickly.