Source: Written by Mark Chaplin, Principal, ISF
10 Aug 2018

As blockchain approaches its 10th anniversary, the crypto-based technology is still perceived as emerging and remains the subject of much hype and misunderstanding. Like many technologies in the early stages of its evolution, blockchain is receiving increasing attention from businesses, government, media and criminals alike. What is this mysterious technology, why do organisations care and what should businesses do about it.

In simple terms, blockchain is a digital ledger that can be used to maintain a record of electronic transactions. Originally developed to support the exchange of cryptocurrency (e.g. bitcoin), organisations are exploring other ways in which to use the blockchain beyond financial transactions. Examples include treasury functions, property exchange, asset ownership, supply chain management, logistics and more.

Blockchain makes significant use of encryption technology to create an infrastructure with a high degree of integrity that can facilitate trust between different parties. This can provide a range of business benefits, while helping to protect against threats, such as fraudulent transactions, theft and counterfeiting.

Blockchain’s early focus to support financial transactions, naturally drew attention from criminals, who immediately started exploiting the technology to make money. Common methods used by criminals to monetise blockchain include:

  • hijacking organisations’ computers and demanding payment in bitcoin (e.g. via ransomware such as CryptoLocker)
  • using hijacked computers to perform unauthorised mining (generation) of cryptocurrency, commonly referred to as cryptojacking.

Despite a decade of blockchain evolution, the technology remains volatile and could still change dramatically over the coming months and years. As blockchain technology matures and its use increases, it will continue transform how businesses operate whether adopted directly or imposed by suppliers, customers and business partners.

Blockchain’s dependence on encryption will require a great deal of technical expertise within an organisation, if benefits are to be achieved. Organisations adopting blockchain will face traditional challenges associated with emerging technology, such as scalability, interoperability, speed, compatibility, software integrity, usability and cost. At the same time organisations will need to tackle the corresponding threat landscape that blockchain forces upon them.

Beyond the control of organisations, it is expected that legislation and regulation will evolve, albeit in different ways and at different speeds, which will further influence the environment in which businesses operate.

With benefits comes risk, and organisations will need to prepare. Business leaders, therefore, need understand the significance of blockchain, acknowledge both the benefits and risks associated with this technology, and take steps to ensure effective adoption.

To ensure the benefits of blockchain are realised and corresponding risks are managed effectively, organisations should:

  1. Examine commercial opportunities of using blockchain and develop a strategy for the use and protection of blockchain-related solutions.
  2. Determine the extent to which blockchain technology is already in use within the organisation’s technical infrastructure, or the broader supply chain.
  3. Monitor developments in the evolution of blockchain, including how it is being adopted in other industry sectors, how financial institutions are attempting to control it, and how governments are taking steps to regulate its use.
  4. Incorporate blockchain into the organisation’s technology strategy and security architecture, to ensure future use of the technology meets the needs of the organisation.
  5. Apply good practices for cryptography and update standards and procedures for designing, building, implementing and maintaining blockchain-based solutions that support critical business operations. This will often build on existing PKI capabilities.
  6. Establish a technical competency within the organisation that is responsible for blockchain. This will typically involve specialists who are skilled and experienced in cryptography, PKI, technical infrastructure and business processes.
  7. Identify and address commercial risks associated with using blockchain, including those associated with legislation and regulation (e.g. tax), contracts, information and technology, and supply chain.

The Information Security Forum performs extensive research covering information risk and cyber security, which is complemented with a comprehensive suite of risk management tools and publications. Organisations can manage the business risks associated with blockchain, by using many of the ISF’s tools, publications and services, including the: