Why security pros should care about Bitcoin's troubles

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.networkworld.com/news/2014/021814-why-security-pros-should-care-278838.html?source=nww_rss

Chief security officers who believe the latest Bitcoin problems do not
affect them should think again. Securing such digital currency flowing
through peer-to-peer payment systems may one day be the responsibility of
security pros.

The world of Bitcoin has certainly had a bad week. A bug in its protocol
forced two exchanges, Mt. Gox and BitStamp, to halt trading temporarily.
The flaw was also blamed for the theft of $2.6 million from the Bitcoin
wallet belonging to Silk Road 2, the online black market that took the
place of the original Silk Road after it was shutdown by federal
authorities. Both anonymous marketplaces provide a place on the dark web to
sell and buy illegal drugs.

While the latest events may seem unimportant to security pros, they should
not be ignored, because they represent the maturing process of a payment
system that corporations may one day be asking CSOs to secure.

"It's absolutely part of the maturing process," DenA(c)e Carrington,
analyst for Forrester Research, said. "The question is whether Bitcoin can
withstand these and future breaches and attacks, and Bitcoin advocates are
confident that it will. Only time will tell."

Even if Bitcoin doesn't make it, other so-called "cryptocurrency" might.
Namecoin, Litecoin, Dogecoin, PPCoin and Mastercoin are examples of other
organizations using cryptography to control the creation and transfer of
digital money.

If Bitcoin proves unreliable, one of its rivals could rise to the top with
a better system, much like successful peer-to-peer file-sharing services
followed the demise of Napster, the service that launched the industry, but
was shuttered in 2001 for copyright violation.

If companies adopt such payment systems, then CSOs will need to hire talent
or train staff to secure them, experts say. The additional responsibilities
could also change the role of the CSO from a protector of information to a
defender against financial losses.

"Suddenly, CSOs would be directly responsible for basically financial
things," Cameron Camp, security researcher for anti-virus vendor ESET,
said. "You see CSOs as protecting corporate information and making sure
companies are operating securely, but now they would also be in charge of
handling money directly."

The day is already here for some security pros. Overstock.com became the
first major online retailer to accept Bitcoins, and industry observers
expect others to follow. The site SpendBitcoins lists many places on the
web where people can spend their digital currency.

Companies such as BitGo have already hit the market with services to help
retailers and other organizations secure Bitcoin transactions. "What's
beginning to emerge are Bitcoin exchange or wallet platforms that are
focused more on security," Carrington said.

Such efforts will be necessary to drive adoption of digital currency.
Payment platforms will need to build a reputation for reliability and
security as high as a traditional online banking system to become
mainstream.

"The market in general needs more assurances than it's getting from Bitcoin
that this is going to be secure, auditable and not subject to unscrupulous
hacking before (companies) put more trust in it," Camp said. "That may come
from Bitcoin or a replacement for Bitcoin."

As adoption of digital currency grows, CSOs will likely have to deal with a
new layer of regulatory compliance, which is sure to follow once
governments get involved.

"Bitcoin has been allowed to continue for the sake of the experiment, which
is how it is viewed," Al Pascual, analyst for Javelin Strategy & Research,
said. "Digital currency will one day be the norm, and it will be the (U.S.)
Treasury that manages it."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!