Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
11/2/2017
09:00 AM
Raymond Pompon
Raymond Pompon
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency

With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.

Justin Shattuck also contributed to this article. 

In a recent post, our colleague David Holmes answered the hypothetical board question “Are we doing anything with Bitcoin?” by slamming the door on a technological trend that is not only underway but is rapidly expanding. (Heck, Bitcoin itself is “old news” now.)

Still, the question about cryptocurrencies should be on every CISO’s brain. Even if CISOs don’t need to talk to a board or board members, they should be advising CFOs about cryptocurrency. More and more organizations, both in real life and online, are evolving and adapting to accept cryptocurrencies like Bitcoin. Here are answers to five of the most common concerns.

1. Volatility — as Compared to What?
Yes, right now Bitcoin is five times more volatile than gold, but it is relatively new. The concept of Bitcoin was announced in October 2008, and its first open-source release followed in January 2009. The very volatility engendered by Bitcoin’s newness has the potential to produce substantial wealth. More importantly, as cryptocurrency spreads and becomes ingrained into how we do business, we can expect its volatility to damp down. One thing to remember ics that Bitcoin has a built-in transparent mathematical mechanism to limit its inflation, whereas other currencies are left to the mercy of governments and the commodities markets. Finally, as with any currency, the value of Bitcoin is largely dependent on what we humans ascribe to it. Cryptocurrency is now recognized as a major player across the globe, so don’t expect it go away anytime soon. Who knows? In a few years, government-backed currencies could become even more volatile than Bitcoin.

2. Maturity
Yes, cryptocurrencies are new, and legislatures are grappling to deal with them. Guess what? So is the Internet and our entire way of living, immersed in an online world. However, unlike most new technology, Bitcoin is secure by design because of math—and mathematics is thousands of years old. Because of its transparent design, researchers have been able to examine and track any potential vulnerabilities in bitcoin. There aren’t any esoteric control mechanisms being driven by politics like “Bretton Woods” or T-bills that we find in “mature” financial systems. Also, the cryptocurrency concept isn’t limited to blockchain. Monero (XMR), introduced in 2014 and based on the CryptoNote protocol, possesses significant algorithmic differences relating to blockchain obfuscation. There will be advances and new directions in this market as it really catches on.

3. The Nation-State
True, there is no nation-state that backs Bitcoin—and that’s a good thing. We have plenty of government-backed currencies, and some of them aren’t doing too well. That’s why crypto-currencies offer a stable alternative not tied to political machinations. Bitcoin is decentralized and considered largely unregulated in the United States, and so can be insulated from these kinds of shocks. Large markets like Coinbase (a digital asset exchange company) are responsible for disclosing coin purchases from users. Additionally, companies like Coinme, a licensed Bitcoin ATM operator, have been working with legislatures and the Securities and Exchange Commission (SEC) to ensure current and future compliance.

Blockchain is open source, so anyone with a better idea can have a go at developing a more stable, more useful cryptocurrency. New features are being added to Bitcoin, which is why there are two forks. The community was divided, and ultimately the community decided which direction to go (Bitcoin vs. Bitcoin Cash). Read that again. The community decided. Not some politician or bureaucratic wonk. The community. Then the community members chose which one of the two standards to use. That’s a nice alternative to where we are with the nation-state-based currencies that we are stuck with.

4. All Those Flipping Thefts
First off, you cannot “steal” bitcoins. What you can do is gain control of a wallet (a private key running in software) and counterfeit transactions of that identity. Granted, the Bitcoin value is stolen in such cases, but because transactions are recorded in a public blockchain ledger, you can easily see where those fraudulent transactions have gone—which is why criminals have created "tumblers” to launder their transactions. You want to talk about volatility? The biggest launderer of Bitcoins unexpectedly shut down of couple months ago, and now we have companies set up for the sole purpose of tracking Bitcoin transactions. So, yes, you can steal, but you can't easily hide.

5. Quantum Expiration
Someday, quantum technology will shatter the cryptography implemented in current blockchain algorithms. This is probably decades off, but once it starts to become a reality, how many Bitcoins do you want to bet that cryptocurrencies will evolve their execution methods to adapt to the threat? Did we mention that blockchain is open source? That means anyone can propose a solution to quantum attacks. Oh, wait—someone already did.

Cryptocurrency is more than Bitcoin
Due to Bitcoin’s popularity, there are now more derived "alt-coins" (Coins that are meant to be alternatives to Bitcoin.) than anyone could have imagined. However, thanks to Bitcoin’s tremendous success, you can see how everyone wants to be a “whale” and get rich quick off of cryptocurrency. Of these alt-coins, there are a handful that have enough significant differences from Bitcoin to be considered viable by their respective communities: Litecoin (LTC), Etherium (ETH), Dash (originally Darkcoin), Zcash (ZEC), Monero (XMR), Doge, Ripple ... and the list goes on. The reality is, there are more than a handful of coins available for use, and CISOs are going to need to have knowledge (or at least people around them with knowledge) of what is happening in the crypto-coin space so that organizations can properly advise their financial teams.

Blockchain is More than Cryptocurrency
People are now adopting blockchain itself and the technology behind it, not just the currency. There are untold new markets like contract law, health care, and real estate for blockchain and cryptocurrency to disrupt. It’s going to be an exciting future, and CISOs need to be ready for it.

Get the latest application threat intelligence from F5 Labs.

Raymond Pompon is a Principal Threat Researcher Evangelist with F5 labs. With over 20 years of experience in Internet security, he has worked closely with Federal law enforcement in cyber-crime investigations. He has recently written IT Security Risk Control Management: An ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, Inc,  8/20/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
F5 makes apps go-faster, smarter, and safer. With solutions for the cloud and the data center, F5 technology provides unparalleled visibility and control, allowing customers to secure their users, applications, and data. For more information, visit www.f5.com.
Featured Writers
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15601
PUBLISHED: 2018-08-21
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
CVE-2018-15603
PUBLISHED: 2018-08-21
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.
CVE-2018-15598
PUBLISHED: 2018-08-21
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
CVE-2018-15599
PUBLISHED: 2018-08-21
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
CVE-2018-0501
PUBLISHED: 2018-08-21
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.