Organizations must ensure they are not exposed to undue risk when taking advantage of the benefits these technologies enable.
As leaders around the globe investigate how to leverage the benefits of blockchain technologies, security is often a primary concern. They may be aware of the many security benefits inherent with a blockchain, such as cryptography, immutability, decentralization. But questions remain, such as: what is the best approach to blockchain as a technical problem? How are attackers compromising blockchain technologies? Given its inherent security qualities, how would an attacker even compromise a blockchain?
Leaders today must challenge conventional wisdom and think differently, in order to achieve the highest possible security in the context of blockchain. Here are three key considerations, each with a series of insights based on security research and other data, to empower leaders to act on these challenges.
1. Security is not just a technical problem, it is a leadership problem
Most organizations today do not recognize cybersecurity as the core leadership discipline that it is. Take, for example, the informal investigation by security journalist Brian Krebs. His study, researching the leadership webpages of the 100 largest companies in the world by market value, found that only 5% listed any sort of cybersecurity leader. This vividly demonstrates that most companies do not consider cybersecurity to be a key component of the overall business leadership team.
It also echoes one of the key findings of a two-year study recently published on healthcare security, where one of the major structural flaws was that “decision-makers at healthcare facilities have little insight or control over the security practices”. These examples demonstrate a powerful measure of what many of us in the security industry already know to be true: too many leaders consider security to be a technical issue rather than a leadership issue.
However, the markets have spoken, and industries around the world are starting to consider security as the core leadership issue that it is. In the fallout of the infamous Target breach: both the Chief Executive and the Chief Information Officer were fired as a result. The Director of the US Government Office of Personnel Management (OPM) was forced to resign when her agency suffered a catastrophic breach; as was the Co-chairman of Sony Pictures Entertainment after their infamous breach.
What all of these have in common is that these leaders – in both the public and private sectors – probably would not have considered cybersecurity to be core to their job responsibilities prior to the breaches. But the consensus across their respective organizations was that cybersecurity is the responsibility of the top levels of leadership; they were held accountable for failures in security.