Cybercrime is the greatest threat to enterprises, and blockchain technology could go a long way in fighting it. Most data breaches in 2020 were caused due to human errors, of which 45 percent involved hacking, 22 percent featured phishing, and 17 percent involved malware.
The inherently decentralised nature of blockchain technology has several applications, of which cybersecurity should be explored. Data on blockchain cannot be tampered with, as network nodes automatically cross-reference each other and pinpoint the node with misrepresented information.
Blockchain technology provides the highest standards of data transparency and integrity. As blockchain technology automates data storage, it eliminates the leading cause of data breaches — human error.
Moneycontrol spoke to Preetam Rao, CEO of QuillAudits, which offers cybersecurity solutions for blockchain and cryptocurrency products, who explains how cybersecurity is a crucial component of the blockchain ecosystem. Edited excerpts:
Which techniques have been adopted to achieve cybersecurity in the growing blockchain ecosystem?
There are various techniques such as authentication, non-repudiation, and confidentiality. For authentication, we can say that a transaction in the blockchain or the smart contract can be used to authenticate the different entities. In complete non-repudiation, the actions of all entities are recorded in the blockchain. Some sort of non-repudiation is provided by blockchain technologies using digital signatures. Confidentiality is analysed within the blockchain network. In complete confidentiality, only selected entities can access information from other entities.
Then there is partial and no confidentiality. The information is accessible to only a particular set of entities in partial confidentiality, while other data is public. An example of this is the ‘voting system’ using blockchain, where votes are encrypted, but the registration content is not.
Could you share some application areas where cybersecurity has been achieved with the help of blockchain?
We know that cybersecurity is the practice of protecting systems and networks from digital attacks. Three major use-cases of blockchain for cybersecurity are:
When blockchain is involved, we can use different technologies. Bitcoin, Ethereum, and the Hyperledger Project are three alternatives. Apart from these three, there are several other variants and categories. People also rely upon technologies derived from Bitcoin or Ethereum, known as Bitcoin-based and Ethereum-based.
Also, others propose an ad-hoc technology, such as offering new block or transaction formats based on their needs.
Some proposals are technology-independent or can work with multiple ones, such as combining a public ledger with a private one. Thus they will be included in each of the previous categories.
What about other industries that are approaching the application of blockchain for cybersecurity?
Many industrial initiatives have been based on the application areas that address cybersecurity properties. The application areas include IoT, cloud, e-commerce, healthcare, public services, and various independent services.
We can say that the idea behind the first use of blockchain and Bitcoin was carried out by keeping cybersecurity goals in mind. In most industrial applications, there is an underlying cybersecurity goal that may not be visible as cybersecurity applications. Blockchain was used primarily for the integrity and consistency of financial transactions.
Some additional application areas were incorporated as the blockchain ecosystem matured; it was done with the help of some more complex logic through smart contracts, advanced access, and authorisation control models.
What is the state of the cyberthreat landscape across the Web3 ecosystem? What new types of cyberthreats should Web3 projects work to combat?
I would say that 85 percent of breaches in 2020 involved a human element, according to Verizon’s 2021 Data Breach Investigations Report. Phishing attacks still account for most breaches via social engineering, which targets cloud-based email servers.
Most reported cyber incidents in the second half of 2021 were ransomware, cryptomining, attacks on cloud services and software supply chain.
Still, we can see an increase in cybersecurity threats through the following vectors — IoT, cloud service providers, third parties, and social engineering. These hacks can be carried out through actors such as cybercriminals, nation-states, hackers, third parties and others.
Some of the novel threats that the third iteration of the Web must combat are smart contract logic hacks, cryptojacking, rug pulls, ice phishing, and others. The growing Web3 ecosystem can be made secure with the help of a thorough, smart contract audit, monitoring, and incorporation of bug bounty and pen-testing methods.
Could you elaborate on the new developments in the cybersecurity field that are helping secure financial operations on blockchain?
Blockchain has emerged as one of the leading innovations in the financial sector. It holds a promise to mitigate frauds and ensure quick and secure transactions and trades. The ultimate goal is to help financial institutions manage risk within the interconnected global financial system.
Blockchain applications can be seen in banking and finance in various forms, such as payments, KYC/AML and records management, capital markets, and syndicated lending.
Key developments such as distributed ledger and smart contracts have emerged as excellent methods to track transactions and ensure the accuracy and security of information. With the help of these new developments, blockchain gave low-cost startups a chance to compete with large financial institutions promoting financial inclusion.
Blockchain has emerged as an alternative to banks with no minimum balance required, accessibility, and banking fee barriers.
How is QuillAudits aiding in strengthening Web3 protocols through cybersecurity methodologies?
We believe that cybersecurity assessments are necessary to review and audit the integrity of emerging Web3 protocols. Regular testing and verification can help ensure that potential vulnerabilities are identified and addressed to reduce and avoid future misconfigurations or exploits.
What is the role of smart contract auditing to secure blockchain projects from potential threats?
Smart contracts are one of the most appealing parts of the blockchain. It indicates that blockchain provides distributed, immutable records of all events and allows for writing a computer code that defines how the process will be managed and what would be the required steps.
Security is one of the most critical aspects of smart contract implementation in the current scenario. QuillAudits has audited more than 500 Web3 projects.
We believe that a smart contract audit is an important requirement because it provides better code optimisation, performance optimisation of smart contracts, enhanced security of wallets, and security against hacking attacks.
What are the cybersecurity trends you hope to see in the coming years?
The most common cyberattacks experienced by companies are phishing attacks, network intrusion and others. Phishing accounts for a major chunk of global frauds as well, along with other fraud types such as Trojan horse. If we analyse sector-wise, financial services are the most affected, followed by ICT, manufacturing and retail.
Now, based on the above-cited analysis, we can derive some key cybersecurity trends that we can see shortly: geo-targeted phishing threats, cloud security, GDPR (General Data Protection Regulation) compliance, financial services cyberattacks, increased ransomware attacks, and zero trust security models.
Can you elaborate on some security issues of existing blockchain and what would be needed to make them more secure?
Blockchain networks can be classified into private or public. Public networks are open and might allow anyone to join, whereas private blockchain only allow familiar organisations to participate.
The top blockchain security challenges are 51 percent attacks, and to prevent 51 percent attacks, protocols should avoid using proof-of-work consensus procedures and make sure that the hash rate is higher.
Then there are phishing attacks and to prevent them, you can improve browser security by installing add-ons that can notify you about unsafe websites. Avoid open Wi-Fi networks while doing transactions and make sure your system is up to date.
One of the most common security issues is blockchain endpoints (where users interact with the blockchain through electronic devices). To prevent endpoint vulnerabilities, we should remember not to regularly save blockchain keys on electronic devices and review the system.