Story image

RSA says blockchain presents a new wave of cyber-risk for global organisations

06 Jul 2018

Network security company RSA has warned that the influx of blockchain implementations amongst global businesses has the potential to result in gaping cybersecurity vulnerabilities.

Globally, businesses are expected to invest $3.1 billion in blockchain solutions in 2018 (according to IDC), which is more than double the figure from the previous year.

Should these predictions be correct, RSA says security teams could be left blind to cyber-attack, with many Security Information and Event Management (SIEM) tools unable to baseline the ‘new normal’ behaviours associated with blockchain, allowing hackers to gain entry to corporate networks. Azeem Aleem, Global Director of RSA’s Worldwide Advanced Cyber Defence Practice says, “Opinions are mixed on whether blockchain is a flash in the pan, or the next major disruptor. However, there is evidence – particularly in financial services – that blockchain adoption is gaining momentum.

“If this is the case, then organisations need to be prepared for the impact this could have on their security operations teams.”

Aleem says the vulnerabilities will stem from hackers actively searching for exploits in the emerging technology, as they have done in the past.

“As with any new technology, hackers will look for vulnerabilities in how businesses implement blockchain, if not natively within technology itself,” Aleems says.  

“Any disruption or security breach due to a blockchain vulnerability could have a serious impact on operations. Organisations must take a business-driven approach to this new risk, so that advancement in one respect does not create risks elsewhere that could hinder long-term progress.”

RSA says blockchain technology creates a challenge for security operation centres (SOC), as it represents uncharted territory:

The company says emerging technologies broaden the IT landscape and can create security blind spots.

“Security teams must quickly understand the new ‘normal’ in their IT environment to detect suspicious behaviour faster. But this can be an extremely arduous process using traditional, log-based SIEM tools,” Aleem continues.  

“Without proper configuration when feeding this new data into the SIEM, the result is often a flood of false positives that leave security analysts fire-fighting, while hackers slip by in the confusion.” In order to overcome this challenge, RSA recommends that businesses take security into account from the very early stages of any blockchain implementation, while also taking advantage of developments in behavioural analytics and artificial intelligence to support the secure adoption of new technologies.

“Security cannot be an afterthought or a roadblock to innovation. Organisations do not have time to wait for older systems to catch up,” Aleem says.

“As a first step, you should ensure that you have low-level visibility into what the technology is doing, which means feeding relevant log data from the blockchain into your SIEM. Once analysed over a period of time, the SOC team will be able to detect an anomalous pattern against a normal pattern of behaviour.”

RSA points to research from 451 group, which suggest that - on average -  less than 30% of an organisation’s data passes through a SIEM.

The company says this severely limits the SOC teams’ ability to identify and respond to threats. Yet data feeds are only part of the puzzle.

“Organisations must arm their SOC with the right tools to help detect and prioritise security events effectively. User and entity behaviour analytics and advanced threat metrics can provide vital context,” Aleem concludes.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.