• United States



Why security pros should care about Bitcoin’s troubles

Feb 15, 20144 mins
Application SecurityData and Information SecurityData Breach

Recent struggles for the "cryptocurrency" signal maturing process for payment system that CSOs may need to secure one day

Chief security officers who believe the latest Bitcoin problems do not affect them should think again. Securing such digital currency flowing through peer-to-peer payment systems may one day be the responsibility of security pros.

[Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment]

The world of Bitcoin has certainly had a bad week. A bug in its protocol forced two exchanges, Mt. Gox and BitStamp, to halt trading temporarily. The flaw was also blamed for the theft of $2.6 million from the Bitcoin wallet belonging to Silk Road 2, the online black market that took the place of the original Silk Road after it was shutdown by federal authorities. Both anonymous marketplaces provide a place on the dark web to sell and buy illegal drugs.

While the latest events may seem unimportant to security pros, they should not be ignored, because they represent the maturing process of a payment system that corporations may one day be asking CSOs to secure.

“It’s absolutely part of the maturing process,” Denée Carrington, analyst for Forrester Research, said. “The question is whether Bitcoin can withstand these and future breaches and attacks, and Bitcoin advocates are confident that it will. Only time will tell.”

Even if Bitcoin doesn’t make it, other so-called “cryptocurrency” might. Namecoin, Litecoin, Dogecoin, PPCoin and Mastercoin are examples of other organizations using cryptography to control the creation and transfer of digital money.

If Bitcoin proves unreliable, one of its rivals could rise to the top with a better system, much like successful peer-to-peer file-sharing services followed the demise of Napster, the service that launched the industry, but was shuttered in 2001 for copyright violation.

If companies adopt such payment systems, then CSOs will need to hire talent or train staff to secure them, experts say. The additional responsibilities could also change the role of the CSO from a protector of information to a defender against financial losses.

“Suddenly, CSOs would be directly responsible for basically financial things,” Cameron Camp, security researcher for anti-virus vendor ESET, said. “You see CSOs as protecting corporate information and making sure companies are operating securely, but now they would also be in charge of handling money directly.”

[Bitcoin payments could be a landmine for companies]

The day is already here for some security pros. became the first major online retailer to accept Bitcoins, and industry observers expect others to follow. The site SpendBitcoins lists many places on the web where people can spend their digital currency.

Companies such as BitGo have already hit the market with services to help retailers and other organizations secure Bitcoin transactions. “What’s beginning to emerge are Bitcoin exchange or wallet platforms that are focused more on security,” Carrington said.

Such efforts will be necessary to drive adoption of digital currency. Payment platforms will need to build a reputation for reliability and security as high as a traditional online banking system to become mainstream.

“The market in general needs more assurances than it’s getting from Bitcoin that this is going to be secure, auditable and not subject to unscrupulous hacking before (companies) put more trust in it,” Camp said. “That may come from Bitcoin or a replacement for Bitcoin.”

As adoption of digital currency grows, CSOs will likely have to deal with a new layer of regulatory compliance, which is sure to follow once governments get involved.

“Bitcoin has been allowed to continue for the sake of the experiment, which is how it is viewed,” Al Pascual, analyst for Javelin Strategy & Research, said. “Digital currency will one day be the norm, and it will be the (U.S.) Treasury that manages it.”