When you’re responsible for thinking ahead and improving the way your company works, some decisions are easier than others. There are hundreds of places online to find the best enterprise phone system or the right server stack for you.
If you’re looking into blockchain or web3 technologies for your organization, you’re trying to see through a whirlwind of hype and speculation. The NFT bubble of the past two years has seen .jpgs sell for $69 million at auction, elaborate phishing scams to steal images of apes, and half a billion dollars stolen from a game about cartoon cats.
But with 81% of senior executives saying blockchain will be ‘critical’ or at least ‘important’ to their business going forward, it’s worth getting our heads around the potential blockchains offer.
58% of those surveyed highlighted cybersecurity as a main concern related to blockchain adoption. And cybersecurity is a top concern for you too, whether it’s protecting your company from hackers or keeping your customer’s data safe.
If you adopt blockchain in the wrong way, you could open yourself up to devastating hacks. On a decentralized system, there’s authority to turn to if something goes wrong.
With privacy being an increasing concern for consumers, you don’t want to find yourself reaching for the reputation management cheat sheet in an emergency.
With that in mind, let’s go over how blockchain impacts data protection and cybersecurity, from the pros and cons to real-world use cases.
How does the blockchain impact security?
A blockchain is a write-only database synchronized across a number of servers, whose operators don’t necessarily need to know each other to cooperate.
The most famous of these is the bitcoin blockchain, which contains the current account balance and entire transaction history of every user of the currency, going back to its first transaction in 2009.
On a permissionless blockchain, anyone can write to the database, and try to add a few zeroes to the end of your account balance in that database. To prevent this kind of fraud, permissionless blockchains make it difficult to write to the ‘canonical’ version of the database by requiring some kind of investment, such as proof-of-work mining with bitcoin or proof-of-stake with other chains like Tezos.
One advantage of the blockchain for businesses is that on-chain data is totally open for anyone to access, but the database is totally secure. On a chain like Ethereum, which enables users to store different data types to form software applications, the blockchain acts like a shared protocol where any app can talk to any other app, by any other developer, without the need for custom-built APIs.
This completely changes the way we think about cybersecurity. But as with Web 2.0 software, we see high profile hacks on ‘web3’ every year, up to half a billion dollars. What’s going on? Let’s get into the positive and negative impacts of blockchain on data protection for businesses.
The positive impacts
You might have heard that users on, say, Ethereum are anonymous, and that this enables all sorts of hacks and scams that didn’t exist before.
But that’s incorrect. What users on a blockchain are, is pseudonymous. Every account is an ID like “0x12345abcde…”, whose every action on the network is visible to everyone else.
In the early years of bitcoin, this traceability is how law enforcement broke up the Silk Road market where users were selling illegal substances. Some users might have thought they were anonymous, but every single transaction was happening in broad daylight and on bitcoin’s permanent record.
More recently, the Axie Infinity hacker who stole over half a billion dollars is moving their money around where everyone can see them.
This is good for cybersecurity as it means actors can be followed around the network without invading the real-world privacy of the account’s holder. If they stole from your company’s crypto wallet or smart contract, they can’t move a penny of it in secret. If that account holder hacks your server and issues a ransomware attack, law enforcement can use their resources to feasibly pattern-match the wallet to a real suspect.
Because the blockchain is publicly auditable and difficult to write to, on-chain data is inherently more secure than in a spreadsheet because it’s easy to authenticate. (Think of how you know a site with an SSL certificate is legitimate.) Not only that, but any changes to the data are recorded on-chain as a kind of transaction.
A chain like Ethereum isn’t just a public ledger, it’s also a kind of event log like you’d use to monitor activity on your cloud server. And because that event log is spread over more than 400,000 provider nodes, it’s almost impossible for a hacker to edit that history to cover their tracks.
Web3’s secret weapon is composability. For businesses or blockchain-native decentralized autonomous organizations (DAOs), it’s a whole new way to work with software.
Your business runs on countless SaaS applications and services run by other businesses. You could gain a competitive edge by bridging the gaps between these services to share data and automate workflows. It’s why dialpad power dialing integrates with popular CRMs like Salesforce and Intercom.
That’s great, but there’s a limit to how many one-off API integrations can be built and maintained reliably.
In contrast, Ethereum acts like a protocol like SMS or TCP/IP. Everything on the whole network follows the same handful of data structures, making all data legible to every app.
This means you don’t need permission from “Blockchain Salesforce” before you plug their product into your own operations. And with smart contracts being stored on-chain, that code can never be pulled out from under you if the provider goes out of business.
From a cybersecurity point of view, that means you can audit third-party software once and rely on it forever. You never have to worry about an update introducing a zero-day loophole hackers could exploit. The software stack your business relies on to protect customer data is easier to understand in the long term, which makes it easier to add to as threats change over time.
The negative impacts
The ongoing affiliate marketing vs dropshipping debate revolves around scale, which is crucial for any growing business. Everything you do at a young company has to be ready to scale exponentially, with only a linear increase in cost or effort at most.
The total transaction time of the blockchain might sound like a big-picture issue that shouldn’t affect you. Actually, it puts pressure on every line of code you write.
When Ethereum moves to a proof-of-stake algorithm to approve new blocks, it’ll free up congestion on the network and make transaction times much faster. But that change has been promised for years. Until it’s implemented, the cost of every transaction your business does will increase exponentially to the length of your smart contracts.
Someone’s going to have to pay those costs at every transaction, either you or your customer. While other, cheaper chains exist, they’re considered “Layer 2” to Ethereum’s “Layer 1” precisely because Ethereum is more secure.
One key aspect of WFO is managing permissions and company accounts efficiently. Employees can’t work effectively if they’re constantly petitioning for access to the tools they need, and your network admin’s time is too valuable to spend on this.
Quick fixes are very tempting, and that’s why bad permissioning is one of OWASP’s top ten most common cybersecurity issues seen in businesses.
Passwords and account management are an ongoing problem for users too. It’s easy enough to forget a password or to lose an updated license key somewhere in the emails. This is a routine issue your customer support team has to deal with all the time.
With a permissionless account (“wallet”) system, there’s no customer support you can turn to if your account is compromised. While Ethereum’s passwords are high-strength, you can’t ever change them. If your password is compromised, your only option is to create a new one.
Blockchain technology requires a whole new paradigm for building and deploying software. The traditional method would involve developing your minimum viable product and testing with an app store testing platform throughout. Then, shipping and iterating your way to product-market fit. Once your code is on the blockchain, it’s there forever.
This means smart contracts need to be thoroughly audited before they get committed to the blockchain. That on-chain code is inherently visible to the public means it’s easy for you to audit the services you’re trusting with your company’s data, but it also means hackers will pick up on any mistakes in no time.
The truth about blockchain cybersecurity
The blockchain opens up new ways of working for businesses, along with new models for cybersecurity and data protection. But at the end of the day, it’s just a tool. With phishing scams on web3 remaining as common as they are in your junk email folder, it’s still the case that the weakest link in any cybersecurity system is its human element.
Jenna Bunnell – Senior Manager, Content Marketing, Dialpad
Jenna Bunnell is the Senior Manager for Content Marketing at Dialpad, an AI-incorporated cloud-hosted unified communications system that provides valuable Dialpad outbound call center details for business owners and sales representatives. She is driven and passionate about communicating a brand’s design sensibility and visualizing how content can be presented in creative and comprehensive ways. Jenna Bunnell also published articles for domains such as SME News and Together Platform. Check out her LinkedIn profile.
Do follow our LinkedIn page for updates: [ Myraah IO on LinkedIn ]