You can be on Entrepreneur’s cover!

This Data Security Consultant Explains Why Businesses Should Embrace Web3 — But Do It Cautiously As more companies are looking to integrate blockchain technologies into their operations and join the Web3 rally, it is important to understand how to build these applications in a secure way that will protect both customers and data infrastructures.

By Ralph Tkatchuk

Key Takeaways

  • While Web3 provides opportunities for business growth, it also poses security challenges.
  • As the decentralized blockchain advances, it's becoming safer — and businesses should welcome its potential with a healthy level of skepticism.
entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

After much initial skepticism and doubt, Web3 has emerged as a real source of value, paving the way for a new generation of decentralized applications (dApps) built on blockchain. These dApps provide fantastic opportunities for forward-thinking companies to transform their business operations and enhance their efficiency.

A 2023 survey of 600 enterprise decision-makers in the U.S., U.K. and China found that nearly 90% of them deploy blockchain technology in some capacity, with 87% saying they planned to invest in blockchain in the next year. This reflects businesses' fear of being left behind as blockchain developments accelerate globally. According to Deloitte, 73% of financial executives believe their organization will lose an opportunity for competitive advantage if they don't adopt blockchain and digital assets.

Advocates of Web3 laud the decentralized web's greater resilience and security compared to its predecessor, as blockchain ensures that every transaction is public and verifiable, improving record-keeping and data integrity.

However, despite the promise of blockchain's greater security, the increasing adoption of Web3 technologies has not eradicated security risks, merely changed them: The 2023 Web3 Security Landscape report by Salus shows that cyberattacks on the Web3 industry resulted in losses in excess of $1.7 billion last year, highlighting the extensive range of threats within the decentralized world.

Related: Confused About Web3? Steve Aoki Dissects His Business to Show How You Can Make Money.

New security challenges

Web3 avoids some of the security headaches of Web 2.0 but introduces several new ones, almost all unique to the industry.

Some of the biggest attacks of the year included the $200 million attack on the cloud-based blockchain services provider Mixin Network; the $197 million attack on Euler Finance; the North Korea-linked Lazarus Group attack on both the Poloniex cryptocurrency exchange and Atomic Waller, stealing more than $126 million from the former and more than $100 million from the latter.

The majority of Web2 attacks target users. Most threats faced by the Web3 industry, however, take advantage of code vulnerabilities of decentralized applications and protocols. Access control issues accounted for 39% of all Web3 attacks, whereas flash loan protocols, where flash loans are used to maximize the impact of another form of attack like the exploitation of smart contract bugs or the manipulation of cryptocurrency asset prices on an exchange, contributed to more than 16% of attacks.

User-targeted attacks, as mentioned, are "less popular" in Web3. Phishing attacks, which use social engineering tricks to manipulate unsuspecting users into exposing data, spreading malware infections or giving access to restricted systems accounted for a mere 4% of all attacks.

Besides software vulnerabilities, retail investors continue to fall for exit scams and "rugpulls:" fraudulent crypto projects that convince the community to back them before fleeing with the funds they've raised.

Mitigation is possible

Reassuringly, there are concrete steps that businesses can take to reduce the likelihood of falling victim to each of these threats. With appropriate caution and due diligence, there is no reason to pass up the many potential benefits of Web3.

Related: 5 Essential Tips for Starting a Successful Web 3.0 Venture

Enhance authentication

Introducing more robust authentication and authorization mechanisms, like decentralized identifiers (DIDs), access tokens or biometric and multi-factor authentication, will mitigate many security threats such as access control-based vulnerabilities and phishing attacks. Companies should make sure they always adhere to the principle of least privilege, a crucial step for remaining secure online across both Web2 and Web3.

Increase complexity

As in real life, cyber attackers like to get in and out quickly to avoid detection, so increasing the complexity of participation in Web3 projects will make attacks less likely. DeFi protocols offering flash loans can safeguard themselves against threats by introducing minimum borrowing amounts and time limits, as well as additional fees to raise the costs for attackers. In a similar vein, attacks on oracles can be reduced in a number of ways, such as by avoiding the use of markets with shallow liquidity for price predictions, and by increasing manipulation costs for attackers through the use of TWAP (time-weighted average price) mechanisms.

Hardware wallets — the use of physical technology to store private cryptographic keys online until they are needed — can also help to avoid hacks. Short of physically stealing the hardware wallet itself, which resembles a USB drive, they are virtually impossible for cybercriminals to access.

Implement checks

As with Web2, businesses should regularly update their access permissions to avoid chinks in their security armor. In addition, they should conduct thorough audits of all smart contract code, as this often falls prey to re-entry vulnerabilities. They should also adhere to the check-effect-interaction model.

Perform due diligence

Organizations can employ penetration testing to find and exploit their own vulnerabilities before attackers do. Extensive employee education is also crucial to enable individuals to identify and avoid phishing attacks and other threats.

Finally, make sure to research new projects and their teams carefully to ensure that they have a reliable track record, thus avoiding falling victim to rugpull scams. Prioritize projects that have undergone transparent security assessments by reputable auditors.

Related: How to Own Your Online Narrative — Even When the Internet Owns You

Embrace Web3, but do it cautiously

The high exposure to scams in Web3 is one of the major obstacles preventing mass adoption of decentralized technologies. However, though the amount of total losses in 2023 was very high, it was lower than the number for 2022. This suggests that the landscape's overall safety is improving, as more companies adopt the necessary precautionary measures.

As Salus points out, $1.7 billion in losses is still an alarming number, and one that emphasizes the importance of improving security and educating users about the risks of Web3. The inherent vulnerabilities of the technology are distributed across multiple areas, demanding a multi-pronged approach to security, which can be enhanced by prioritizing those platforms and protocols that implement the strongest security measures.

My main takeaway from the report is that businesses need not shy away from embracing Web3 and all of the potential it offers. However, their adoption of the technology should be accompanied by extensive checks and research, and adherence to the same strict standards of security as they employ in their legacy technology systems.

Ralph Tkatchuk

Entrepreneur Leadership Network® Contributor

Data Security Consultant

Ralph Tkatchuk is a data security consultant and and an IT guy with 15 years of field experience working with clients of various sizes and verticals. He is all about helping companies and individuals safeguard their data against malicious online abuse and fraud. His current specialty is in ecommerce data protection and prevention.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

This Dad Started a Side Hustle to Save for His Daughter's College Fund — Then It Earned $1 Million and Caught Apple's Attention

In 2015, Greg Kerr, now owner of Alchemy Merch, was working as musician when he noticed a lucrative opportunity.

Business News

I Designed My Dream Home For Free With an AI Architect — Here's How It Works

The AI architect, Vitruvius, created three designs in minutes, complete with floor plans and pictures of the inside and outside of the house.

Growing a Business

Bantam Bagels' Founder Fell Into a Mindset Trap 'People Don't Talk About' After Selling the Now-Defunct Business for $34 Million — Here's What Happened

Elyse Oleksak and her husband Nick founded their mini bagel business in 2013 — and it was an instant hit.

Business Solutions

Get an Extra 20% Off the Price of Microsoft Office for Mac or Windows Through April 16

Boost your productivity with special pricing on these proven products.

Business News

X Is Suddenly Prohibiting Users From Hiding Their Blue Checkmarks

Earlier this month, X gave blue checkmarks to accounts with over 2,500 verified users — regardless of whether or not they opted in.

Management

The Best Communicators Follow These 3 Rules When Talking to Those in Authority

Here's to turn a communication mishap into a powerful communication framework.When you are clear about the kind of communication you need, it's easier for people to say the right things and take the right actions.