The past decade or so has witnessed cybersecurity issues continue to become increasingly more prominent, especially in relation to the burgeoning Web3 economy. This is because, over the years, bad actors have become highly sophisticated with their ploys, resulting in a slew of scandals that have either resulted in major regulatory issues or a loss of consumer confidence in this space.
In spite of this, it is estimated that the Web3 sector is set to grow to a valuation of $6T by the end of 2023, suggesting that the space is primed to witness a growing influx of investor interest even though, at present, the industry (especially the DeFi market) has been on the receiving end of numerous hacks and rug pulls.
With such massive sums of money in play, it stands to reason that Web3’s cybersecurity conundrum will persist for the foreseeable future unless experts are able to set in motion better security measures across the board. In this regard, the industry needs a revision of its existing security strategies to help deliver better end-user privacy alongside improved protocol safety.
Hacking incidents to rise, albeit with a slight caveat
With crypto losses emanating from hacking incidents spiking by a whopping 695% between Q1 2021 and 2022, many experts, including Christian Seifert, researcher for crypto security firm Forta, believe that hacking-related losses will keep growing all through 2023, impacting investors as well as several digital asset platforms in equal measure.
That said, he does believe that if end users and protocols adopt comprehensive security strategies such as wallets with advanced security features, routine audits, bug bounties, monitoring & incident response, and cyber insurance, some of these issues can be mitigated to a large degree. Seifert then went on to add:
“While hacking-related losses are likely to mount in 2023, I believe we will witness a drastic increase in the use of active defense/automated incident response systems that are capable of putting protocols in a position, both proactively as well as reactively, to slow down/ mitigate attacks on-chain without impacting legitimate users. This includes the emergence of zero trust/positive reputation systems to make protocols more resilient against attacks.”
A somewhat similar outlook is shared by Limaris Torres, security advisor for blockchain security firm Halborn, who is of the view that over the coming year, the industry will continue to witness a lot of exploitation in relation to both centralized exchanges and decentralized apps. “Wherever there is money, there will be people trying to get after the money,” she opined.
Growth of on-chain analytics and increased exploitation of faulty code
As things stand, the amount of financial crime occurring on-chain is at an all-time high; however, since blockchains are immutable by their very design, experts like Torres are convinced that in 2023, a growing number of crypto firms will continue to devise their very own on-chain analytics and monitoring systems.
On-chain monitoring refers to the process of collecting data related to a particular blockchain via the analysis of its transaction history, hashrates, and other specifics. It helps provide individuals with a potent tool through which they can gain real-time insights into the blockchain’s security-related activities.
Moreover, Torres believes that during the coming year, problems emanating as a result of faulty code logic will continue to become more pressing, requiring the focus of the entire industry. She added:
“Part of that is due to lack of education, as a lot of people are building new systems with less talented developers who don’t really have that computer science background. Because of these aspects, I think we’re going to continue seeing the exploitation of weak logic or improper use of code.”
A surge in deepfake scams expected alongside a dev talent shortage
A digital paradigm that many experts believe will cause havoc within the Web3 sector in 2023 is that of ‘deepfakes’. Simply put, deepfakes are the 21st century’s answer to image ‘photoshopping,’ allowing hackers to use techniques like artificial intelligence (AI) and machine learning to doctor the likeness of one person with another across mediums like videos, pictures, etc. On the subject, David Schwed, chief operating officer for Halborn, believes:
“We’re gonna start seeing a lot of deep fakes in phishing scams. Anyone can get a phishing email, but if you get a video call from your boss telling you to do something, how do you know the difference? A quick message like ‘Hey, I can’t really email right now, I just wanted to quickly call you and ask you to do…’ will catch a lot of people off guard and be successful for the scammer.”
In addition, Schwed also thinks that the web3 market will continue to witness a major shortage of high-quality developer talent throughout 2023, which needs to be urgently addressed.
In his personal experience, there’s currently a huge difference between the cybersecurity professionals coming from institutional banking versus the influx being witnessed by native Web3 projects. “In order to instill trust in the ecosystem, I think there needs to be education among crypto native projects on how to set up a mature cybersecurity program, not like a bank per se as they often don’t have the funding to be exactly the same, but a lot better than what they’re doing today,” he believes.
A.I. to become more prominent
With digital attacks on the rise, it is becoming more difficult for cybersecurity experts to respond to the various incidents taking place across the globe in real-time. Consequently, more and more industry veterans are now either making use of artificial intelligence (AI) systems or have at least considered implementing them into their existing security frameworks.
Technically speaking, machine learning algorithms — which are a key subset of AI tech — have the potential to examine/analyze vast amounts of data moving across different networks at an efficiency level that humans just cannot compete with. To this point, studies have shown that projects making use of AI data breach systems can, on average, save them approx. $3 million compared to those that don’t.
Looking ahead
With Web3-based digital technologies continuing to accrue more and more momentum with each passing day, it is safe to say that over the course of 2023, it will be essential that the crypto industry works toward fostering a culture of awareness around cybersecurity. Furthermore, it is not sufficient anymore for employers/employees to perceive cybersecurity as an IT issue alone. Instead, everyone must possess a basic awareness of the threats permeating the market today, as well as the necessary precautions needed to avoid them.
Image by Werner Moser from Pixabay