Why security pros should care about Bitcoin's troubles

Recent struggles for the "cryptocurrency" signal maturing process for payment system that CSOs may need to secure one day

Chief security officers who believe the latest Bitcoin problems do not affect them should think again. Securing such digital currency flowing through peer-to-peer payment systems may one day be the responsibility of security pros.

The world of Bitcoin has certainly had a bad week. A bug in its protocol forced two exchanges, Mt. Gox and BitStamp, to halt trading temporarily. The flaw was also blamed for the theft of $2.6 million from the Bitcoin wallet belonging to Silk Road 2, the online black market that took the place of the original Silk Road after it was shutdown by federal authorities. Both anonymous marketplaces provide a place on the dark web to sell and buy illegal drugs.

While the latest events may seem unimportant to security pros, they should not be ignored, because they represent the maturing process of a payment system that corporations may one day be asking CSOs to secure.

"It's absolutely part of the maturing process," Denée Carrington, analyst for Forrester Research, said. "The question is whether Bitcoin can withstand these and future breaches and attacks, and Bitcoin advocates are confident that it will. Only time will tell."

Even if Bitcoin doesn't make it, other so-called "cryptocurrency" might. Namecoin, Litecoin, Dogecoin, PPCoin and Mastercoin are examples of other organizations using cryptography to control the creation and transfer of digital money.

If Bitcoin proves unreliable, one of its rivals could rise to the top with a better system, much like successful peer-to-peer file-sharing services followed the demise of Napster, the service that launched the industry, but was shuttered in 2001 for copyright violation.

If companies adopt such payment systems, then CSOs will need to hire talent or train staff to secure them, experts say. The additional responsibilities could also change the role of the CSO from a protector of information to a defender against financial losses.

"Suddenly, CSOs would be directly responsible for basically financial things," Cameron Camp, security researcher for anti-virus vendor ESET, said. "You see CSOs as protecting corporate information and making sure companies are operating securely, but now they would also be in charge of handling money directly."

The day is already here for some security pros. Overstock.com became the first major online retailer to accept Bitcoins, and industry observers expect others to follow. The site SpendBitcoins lists many places on the web where people can spend their digital currency.

Companies such as BitGo have already hit the market with services to help retailers and other organizations secure Bitcoin transactions. "What's beginning to emerge are Bitcoin exchange or wallet platforms that are focused more on security," Carrington said.

Such efforts will be necessary to drive adoption of digital currency. Payment platforms will need to build a reputation for reliability and security as high as a traditional online banking system to become mainstream.

"The market in general needs more assurances than it's getting from Bitcoin that this is going to be secure, auditable and not subject to unscrupulous hacking before (companies) put more trust in it," Camp said. "That may come from Bitcoin or a replacement for Bitcoin."

As adoption of digital currency grows, CSOs will likely have to deal with a new layer of regulatory compliance, which is sure to follow once governments get involved.

"Bitcoin has been allowed to continue for the sake of the experiment, which is how it is viewed," Al Pascual, analyst for Javelin Strategy & Research, said. "Digital currency will one day be the norm, and it will be the (U.S.) Treasury that manages it."

Join the CSO newsletter!

Error: Please check your email address.

Tags Mt. GoxOverstock.comsecurityBitstamp

More about CSOForrester ResearchJavelinNapsterOverstock.com

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts