The World Economic Forum (WEF) has published a post on its website by a security expert offering three major areas that leaders today should pay attention to on how to secure a blockchain. Most of all, Executive Partner of Independent Security Evaluators (ISE) Ted Harrington wrote (Apr 5) that strong leadership is the overarching key to upholdinging strong cybersecurity, as opposed to viewing it as merely being more of just a technical issue for engineers to resolve.
Harrington observed that most organizations today do not recognize the importance of cybersecurity as being a core area for leadership to look after. Citing a separate external study, for example, he said only 5% of the 100 largest companies in the world by market value have a dedicated position for a cybersecurity leader.
Yet, in recent years, top executives in both private and public sectors have been booted out following major security breaches, such as the ones that occurred at Target, Sony Pictures Entertainment, and the US Government Office of Personnel Management. Calling for a mindset shift amongst organizational leaders, Harrington recommends that organizations establish a security leadership position within, and for leaders to educate themselves on core security principles to understand the terrain better.
With all the various ways attackers can employ to get inside a system, Harrington also points out that the bulk of vulnerabilities tend to be due to gaps in the deployment of basic or regular security infrastructure and processes. “Extremely skilled attackers leveraging exotic, previously unknown vulnerabilities to pursue their devious ends” form only “a small part” of such breaches. Hence system developers should be adequately trained in security principles, and organizations must recognize that security essentials usually matter just as much, if not more so, than the “exotic novelties”.
In relation to this comes Harrington’s third observation: while attackers do sometimes choose to compromise a blockchain, they are more likely to jeopardize the configuration of the technology leveraging it. This is partly because hackers, Harrington explains, make cost-benefit analyses like everyone else in deciding if a particular action is worth taking.
Exploiting loopholes in security configurations and deployments are usually seen as the low hanging fruits for easy picking. For this, Harrington advises organizations build up their threat model to better understand the kinds of attackers they might have to deal with. Where necessary, security experts could be hired or partnered to plug these gaps.
ISE is an independent security consulting firm headquartered in Baltimore, Maryland focused on securing high-value assets for global enterprises, and performing security research.