Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
11/2/2017
09:00 AM
Raymond Pompon
Raymond Pompon
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency

With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.

Justin Shattuck also contributed to this article. 

In a recent post, our colleague David Holmes answered the hypothetical board question “Are we doing anything with Bitcoin?” by slamming the door on a technological trend that is not only underway but is rapidly expanding. (Heck, Bitcoin itself is “old news” now.)

Still, the question about cryptocurrencies should be on every CISO’s brain. Even if CISOs don’t need to talk to a board or board members, they should be advising CFOs about cryptocurrency. More and more organizations, both in real life and online, are evolving and adapting to accept cryptocurrencies like Bitcoin. Here are answers to five of the most common concerns.

1. Volatility — as Compared to What?
Yes, right now Bitcoin is five times more volatile than gold, but it is relatively new. The concept of Bitcoin was announced in October 2008, and its first open-source release followed in January 2009. The very volatility engendered by Bitcoin’s newness has the potential to produce substantial wealth. More importantly, as cryptocurrency spreads and becomes ingrained into how we do business, we can expect its volatility to damp down. One thing to remember ics that Bitcoin has a built-in transparent mathematical mechanism to limit its inflation, whereas other currencies are left to the mercy of governments and the commodities markets. Finally, as with any currency, the value of Bitcoin is largely dependent on what we humans ascribe to it. Cryptocurrency is now recognized as a major player across the globe, so don’t expect it go away anytime soon. Who knows? In a few years, government-backed currencies could become even more volatile than Bitcoin.

2. Maturity
Yes, cryptocurrencies are new, and legislatures are grappling to deal with them. Guess what? So is the Internet and our entire way of living, immersed in an online world. However, unlike most new technology, Bitcoin is secure by design because of math—and mathematics is thousands of years old. Because of its transparent design, researchers have been able to examine and track any potential vulnerabilities in bitcoin. There aren’t any esoteric control mechanisms being driven by politics like “Bretton Woods” or T-bills that we find in “mature” financial systems. Also, the cryptocurrency concept isn’t limited to blockchain. Monero (XMR), introduced in 2014 and based on the CryptoNote protocol, possesses significant algorithmic differences relating to blockchain obfuscation. There will be advances and new directions in this market as it really catches on.

3. The Nation-State
True, there is no nation-state that backs Bitcoin—and that’s a good thing. We have plenty of government-backed currencies, and some of them aren’t doing too well. That’s why crypto-currencies offer a stable alternative not tied to political machinations. Bitcoin is decentralized and considered largely unregulated in the United States, and so can be insulated from these kinds of shocks. Large markets like Coinbase (a digital asset exchange company) are responsible for disclosing coin purchases from users. Additionally, companies like Coinme, a licensed Bitcoin ATM operator, have been working with legislatures and the Securities and Exchange Commission (SEC) to ensure current and future compliance.

Blockchain is open source, so anyone with a better idea can have a go at developing a more stable, more useful cryptocurrency. New features are being added to Bitcoin, which is why there are two forks. The community was divided, and ultimately the community decided which direction to go (Bitcoin vs. Bitcoin Cash). Read that again. The community decided. Not some politician or bureaucratic wonk. The community. Then the community members chose which one of the two standards to use. That’s a nice alternative to where we are with the nation-state-based currencies that we are stuck with.

4. All Those Flipping Thefts
First off, you cannot “steal” bitcoins. What you can do is gain control of a wallet (a private key running in software) and counterfeit transactions of that identity. Granted, the Bitcoin value is stolen in such cases, but because transactions are recorded in a public blockchain ledger, you can easily see where those fraudulent transactions have gone—which is why criminals have created "tumblers” to launder their transactions. You want to talk about volatility? The biggest launderer of Bitcoins unexpectedly shut down of couple months ago, and now we have companies set up for the sole purpose of tracking Bitcoin transactions. So, yes, you can steal, but you can't easily hide.

5. Quantum Expiration
Someday, quantum technology will shatter the cryptography implemented in current blockchain algorithms. This is probably decades off, but once it starts to become a reality, how many Bitcoins do you want to bet that cryptocurrencies will evolve their execution methods to adapt to the threat? Did we mention that blockchain is open source? That means anyone can propose a solution to quantum attacks. Oh, wait—someone already did.

Cryptocurrency is more than Bitcoin
Due to Bitcoin’s popularity, there are now more derived "alt-coins" (Coins that are meant to be alternatives to Bitcoin.) than anyone could have imagined. However, thanks to Bitcoin’s tremendous success, you can see how everyone wants to be a “whale” and get rich quick off of cryptocurrency. Of these alt-coins, there are a handful that have enough significant differences from Bitcoin to be considered viable by their respective communities: Litecoin (LTC), Etherium (ETH), Dash (originally Darkcoin), Zcash (ZEC), Monero (XMR), Doge, Ripple ... and the list goes on. The reality is, there are more than a handful of coins available for use, and CISOs are going to need to have knowledge (or at least people around them with knowledge) of what is happening in the crypto-coin space so that organizations can properly advise their financial teams.

Blockchain is More than Cryptocurrency
People are now adopting blockchain itself and the technology behind it, not just the currency. There are untold new markets like contract law, health care, and real estate for blockchain and cryptocurrency to disrupt. It’s going to be an exciting future, and CISOs need to be ready for it.

Get the latest application threat intelligence from F5 Labs.

Raymond Pompon is a Principal Threat Researcher Evangelist with F5 labs. With over 20 years of experience in Internet security, he has worked closely with Federal law enforcement in cyber-crime investigations. He has recently written IT Security Risk Control Management: An ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
2018 on Track to Be One of the Worst Ever for Data Breaches
Jai Vijayan, Freelance writer,  11/12/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
F5 makes apps go-faster, smarter, and safer. With solutions for the cloud and the data center, F5 technology provides unparalleled visibility and control, allowing customers to secure their users, applications, and data. For more information, visit www.f5.com.
Featured Writers
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1643
PUBLISHED: 2018-11-15
The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2018-0693
PUBLISHED: 2018-11-15
Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbtrary file in the specific directory in FileZen via unspecified vectors.
CVE-2018-0694
PUBLISHED: 2018-11-15
FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2018-0695
PUBLISHED: 2018-11-15
Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0697
PUBLISHED: 2018-11-15
Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.