Article Series: Four-part series exploring how blockchain security differs from “traditional” cybersecurity

Blockchain Security Traditional Cybersecurity

How Blockchain Security Differs From Traditional Cybersecurity – 1 – Node Operators

Blockchain is a rapidly-evolving technology with a great deal of interest and investment. Decentralized Finance (DeFi), in particular, has a great deal of money invested in it as well as a growing number of high-profile and expensive hacks.  Beyond DeFi, many companies, both large and small, are investing heavily in blockchain technology. As blockchain increasingly underpins major systems, securing this technology becomes increasingly vital.  Financial systems built on the blockchain can suffer significant losses due to blockchain hacks.  The use of blockchain for supply chain tracking and audit logging relies on the blockchain being immutable. However, the widespread adoption of blockchain technology is relatively recent, and security has not always kept up with the technology.  In many cases, traditional IT security best practices do not work for the blockchain, leaving the potential for security gaps and additional breaches. This article is the first in a four-part series exploring how blockchain security differs from IT security or "traditional" cybersecurity.  In this article, we explore the differences for node operators, followed by smart contract developers and the blockchain’s users. The Transition from IT to Blockchain Security Blockchains such as Bitcoin, Ethereum, and others are built on top of traditional IT systems. A blockchain node is a...
Smart Contract Security Differences

How Blockchain Security Differs From Traditional Cybersecurity – 2 – Smart Contract Developers

This article is the second in a four-part series discussing the differences between traditional IT security / cybersecurity and blockchain security.  Check out the first article in the series discussing the differences for node operators. This article focuses on the differences between application security (AppSec) for traditional applications and smart contracts.  While the first blockchains, like Bitcoin, were not designed to support smart contracts, their invention dramatically expanded the capabilities of blockchain platforms.  The ability to deploy code on top of the blockchain has been one of the main drivers of blockchain’s widespread adoption and success. Traditional Development vs. Smart Contract Development Traditional applications and smart contracts can implement much of the same functionality.  Smart contract platforms are Turing complete, and, on some of them, smart contract developers can use the same programming languages as for traditional application development. However, traditional applications and smart contracts operate in very different environments.  Some of the big differences include the following: Infrastructure Stack: Most applications run directly on top of the operating system.  Smart contracts are more like web applications, code that runs within the context of another application.  This design places constraints on the smart contract’s capabilities and the increased complexity creates more opportunities for...
Blockchain User Security

How Blockchain Security Differs From Traditional Cybersecurity – 3 – User Security

This article is the third in a four-part series exploring the differences between traditional IT security and blockchain security.  Check out the first two articles in the series exploring the differences for node operators and application developers. This article explores how user security differs between traditional IT and blockchain environments.  While identical products and services may be hosted in traditional IT and blockchain environments, the differences between these ecosystems can have significant security implications for their users. IT vs. Blockchain Security for Users Traditional IT and the blockchain operate under very different philosophies.  Many traditional IT systems are centralized and try to control every aspect of the user experience.  In contrast, the ethos of blockchain technology focuses on decentralization and self-custody. These different philosophies have resulted in very different infrastructures and ways of doing things.  These differences have significant impacts on the user experience and user security.  Some of the biggest differences between IT and blockchain security for users include the following. Account Security Traditionally, access to user accounts has been managed based on passwords.  Ideally, a user will have a unique, strong, and random password for each account, but this is not always true.  As a result, biometrics, multi-factor authentication (MFA), and other techniques...
Blockchain Crypto SOC

How Blockchain Security Differs From Traditional Cybersecurity – 4 – Security Operations (SOC)

This article concludes our four-part series on the basic differences between traditional IT security and blockchain security. Previous articles discussed the security differences critical for node operators, smart contract developers, and end users. In many ways, Security Operations Center (SOC) analysts and node operators face similar blockchain-related security challenges. The scale of SOC operations brings with it unique security challenges. Reduced telemetry from decentralized infrastructure hinders SOC detection, but additional information available on-chain could drive new ways of detecting security-related events. The effectiveness of a SOC that is focused on detecting and responding to blockchain, crypto, and DeFi threats might be significantly improved if it took a "fusion" approach that combines various fraud detection methods with the most effective cybersecurity methods, all adapted for blockchains and decentralized networks. To illustrate the differences, this article examines the scenario in which a corporate SOC monitors and detects threats to assets and solutions deployed on a permissionless, immutable, public blockchain. Other blockchain types, such as Hybrid, Consortium, or Private, that give an organization more control over the blockchain would have more similarities with traditional IT SOCs. The Role of the SOC The SOC is responsible for securing an enterprise against attack. This includes operating and monitoring security...