To prepare, the ISF recommends you take these actions:
- Take steps to validate and maintain the integrity of key databases.
- Incorporate scenarios of compromised information integrity into business risk assessments; involve appropriate stakeholders across the organization gauge business impact.
- Collaborate with peers to share intelligence about attacks on information integrity.
- Consult with legal professionals before making public any information that provides factual evidence to counter false claims.
- Monitor access and changes made to sensitive information using tools like Federated Identity and Access Management (FIAM) systems and Content Management Systems (CMS).
Subverted blockchains shatter trust
Many organizations are exploring blockchain technology because it promises to ensure the integrity of transactions without the need for a trusted third party at the center of the exchange.
In an article for Harvard Business Review last year, Don Tapscott and son Alex Tapscott, authors of Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, And the World, argued, "our two-year research project, involving hundreds of interviews with blockchain experts, provides strong evidence that the blockchain could transform business, government, and society in perhaps even more profound ways."
The Tapscotts suggest 65 percent of top global banks will have large-scale blockchain implementations in place by 2019.
But Durbin notes that like any technology, blockchains will be vulnerable to compromise. Potential vulnerabilities include weak encryption, hashing and key management; poorly written programs; incorrect permissions; and inadequate business rules. In the event a blockchain is compromised, ISF says customer, senior management and user trust in the affected process will be shattered, and will require substantial effort to rebuild.
A compromised blockchain could lead to unauthorized transactions or data breaches, diversion of funds, fraud and even validating fraudulent transactions.
To avoid that fate, Durbin says attention must be paid to building information security into the design, build, implementation and operational phases of blockchain-based applications. Close collaboration will be required between business managers, developers and information security professionals.
The ISF recommends you do the following:
- Appoint a sponsor or steering committee to consult widely and take decisions concerning the adoption and use of blockchains throughout your organization.
- Train employees on how to use blockchains securely, and to detect suspicious activity.
- Assess the security controls of external parties using blockchains (e.g., audit the strength of their security controls, such as cryptographic key management and access control measures).
- Engage with industry forums and experts to contribute to the development of good practice guidelines and standards for secure implementation.
- Consult legal to understand the contractual implications of using a blockchain.
- Demand that information security requirements are incorporated during the design, implementation and operation of a blockchain-based application.
- Consider the implications of decentralized blockchain systems on existing governance and change management processes
Theme 3: Deterioration when controls are eroded by regulations and technology
Sign up for Computerworld eNewsletters.