Businesses should embrace Web3 – but do so carefully


Opinions expressed by Entrepreneur contributors are their own.

After much initial skepticism and doubt, Web3 has emerged as a real source of value, paving the way for a new generation of decentralized applications (dApps) built on the blockchain. These dApps offer fantastic opportunities for forward-thinking companies to transform their business operations and increase their efficiency.

A 2023 survey of 600 enterprise decision makers in the US, UK and China found that nearly 90% of them use blockchain technology in some capacity, with 87% saying they plan to invest in blockchain in the next year. This reflects businesses' fear of being left behind as blockchain developments accelerate globally. According to Deloitte, 73% of finance executives believe their organization will miss an opportunity for competitive advantage if they do not adopt blockchain and digital assets.

Proponents of Web3 tout the greater stability and security of the decentralized web compared to its predecessor, as the blockchain ensures that every transaction is public and verifiable, improving record-keeping and data integrity.

However, despite the promise of greater blockchain security, the growing adoption of Web3 technologies has not eliminated security risks, merely changed them: The Web3 Security Landscape 2023 Report from Salus shows that cyberattacks on the Web3 industry resulted IN loss of over $1.7 billion last yearhighlighting the wide range of threats within the decentralized world.

Connected: Confused about Web3? Steve Aoki breaks down his business to show how you can make money.

New security challenges

Web3 avoids some of the security headaches Web 2.0 but introduces several new ones, almost all unique to the industry.

Some of the biggest attacks of the year are included the $200 million attack to cloud-based blockchain service provider Mixin Network; THE The $197 million attack on Euler Finance; North Korea-linked Lazarus Group attack on both cryptocurrency exchange Poloniex and Atomic Waller, stealing more than 126 million dollars from scratch and more than 100 million dollars from the latter.

Most Web2 attacks target users. However, most of the threats facing the Web3 industry take advantage of vulnerabilities in decentralized application code and protocols. Access control issues accounted for 39% of all attacks on Web3, while flash loan protocols, where flash loans are used to maximize the impact of another form of attack such as exploiting smart contract bugs or manipulating cryptocurrency asset prices in an exchange. in more than 16% of attacks.

User-targeted attacks, as mentioned, are “less popular” on Web3. Fishing attacks, which use social engineering tricks to manipulate unsuspecting users into exposing data, spreading malware infections or granting access to restricted systems accounted for only 4% of all attacks.

In addition to software vulnerabilities, retail investors continue to fall for exit scams and “carpeting:” fraudulent crypto projects that convince the community to support them before making off with the funds they have raised.

Mitigation is possible

Reassuringly, there are concrete steps businesses can take to reduce the likelihood of falling victim to each of these threats. With due care and caution, there is no reason to forgo the many potential benefits of Web3.

Connected: 5 Essential Tips for Starting a Successful Web 3.0 Venture

Improve authentication

Introducing stronger authentication and authorization mechanisms, such as decentralized identifiers (DID), access tokens or biometric and multi-factor authentication, will mitigate many security threats, such as access control-based vulnerabilities and phishing attacks. Companies must ensure that they always adhere to the principle of least privilege, a crucial step in staying secure online in both Web2 and Web3.

Increasing complexity

As in real life, cyber attackers like to get in and out quickly to avoid detection, so increasing the complexity of participating in Web3 projects will make attacks less likely. DeFi protocols that offer quick loans can be protected from threats by introducing minimum borrowing amounts and time limits, as well as additional fees to increase costs for attackers. Likewise, attacks on oracles can be reduced in a number of ways, such as by avoiding the use of shallowly liquid markets for price predictions and by increasing manipulation costs for attackers through the use of TWAP (weighted average price time ) mechanisms.

Hardware wallets – the use of physical technology to store private cryptographic keys online until they are needed – can also help to avoid hacks. Aside from physically stealing the hardware wallet itself, which resembles a USB drive, they are virtually impossible for cybercriminals to access.

Implement controls

As with Web2, businesses must regularly update their access permissions to avoid dents in their security armor. In addition, they must perform full audits of all smart contract code, as this often falls prey to re-entry vulnerabilities. They should also stick to it control-effect-interaction model.

Perform due diligence

Organizations can hire penetration testing to find and exploit their vulnerabilities before attackers do. Extensive employee education is also essential to enable individuals to identify and avoid phishing attacks and other threats.

Finally, be sure to research new projects and their teams carefully to ensure they have a credible track record, thus avoiding falling victim to rugpull scams. Prioritize projects that have undergone transparent security assessments by reputable auditors.

Connected: How to own your online narrative – even when the internet owns you

Embrace Web3, but do it carefully

The high exposure to fraud on the Web3 is one of the main obstacles preventing the mass adoption of decentralized technologies. However, although the amount of total losses in 2023 was very high, it was lower than the number for 2022. This suggests that the overall safety of the landscape is improving, as more companies adopt the necessary precautions.

As Salus points out, $1.7 billion in losses is still an alarming figure and one that highlights the importance of improving security and educating users about the dangers of Web3. The technology's inherent vulnerabilities are spread across multiple domains, requiring a multifaceted approach to security that can be enhanced by prioritizing those platforms and protocols that implement the strongest security measures.

My main takeaway from the report is that businesses should not shy away from embracing Web3 and all the potential it offers. However, their adoption of the technology must be accompanied by extensive vetting and research, as well as adherence to the same strict security standards as they use in their legacy technology systems.



Source link