You are here

Blockchain Technology: Understanding the Risks

It’s certainly an exciting time to be involved in technology. Technological advancements have dramatically impacted not only our daily lives, but also our businesses. One innovation that cannot be ignored is blockchain—the platform on which growing lists of records, called blocks, are linked using cryptography.

At this point, most technologists are familiar with blockchain technology and how it works. Use cases are emerging on a daily basis, from Electronic Health Records (EHR) in healthcare, to supply chain tracking in manufacturing, to peer-to-peer banking in the financial industry. However, as blockchain becomes integrated into everyday data flows, the risks associated with securing data continue to grow—and companies that utilize blockchain should begin using traditional risk assessment methodologies to ensure proper security controls are in place to mitigate risk.

Blockchain Risk Management: Where Do I Start?

Luckily for us, the Accounting Blockchain Coalition (ABC) has developed a first-of-its-kind illustrative framework to help organizations document these risks. Although not an authoritative source, this framework gives guidance on examples of possible threats and vulnerabilities of digital assets, and provides examples of internal control activities potentially used to address them.

This document is an informative, effective, and beneficial guide for any company seeking to uncover inherent risks associated with their blockchain technology usage and institute strong security controls to help mitigate them.

The ABC has pulled its guidance and underlying methodology from the National Institute of Standards and Technologies 800-30 Risk Assessment Special Publication (NIST 800-30 SP). Every organization utilizing blockchain needs to understand core risk assessment staples, including inherent risks, threats, and vulnerabilities; the likelihood and impact of those vulnerabilities; and the needed internal controls tied to assets with high inherent risk scores. All of these staples are addressed in the document.

The ABC’s blockchain risk framework looks at specific blockchain digital assets such as core wallets, stable coins, privacy coins, utility tokens, cryptocurrencies, security tokens, and asset-backed tokens.  The tool then assigns inherent risk scores, maps possible threats, and ties in possible illustrative controls that can be used to mitigate risks. 

This Is Just the Beginning

No organized body has taken the time yet to sit down and truly scrutinize all of the possible blockchain risks and offer valuable insights on how to recognize and mitigate them—until now. The ABC has begun to show that even though blockchain is new, innovative, and not yet fully understood, companies can still protect their assets by implementing the same risk management systems used in any other area of their business.  

It’s important to note the ABC risk assessment tool, although extremely helpful, is just a start to the process. Instituting strong general internal controls throughout the environment—such as third-party risk, change control, security awareness training, vulnerability management, patch management, and board reporting—are key to having a robust overall risk management program.

It’s exciting that an entity has officially allotted resources and time to researching the new waters of blockchain security. The ABC’s document is a must-read for businesses looking for tips on how to apply tried-and-true risk management strategies to a field that they may not be extremely comfortable with yet.

The Accounting Blockchain Coalition will also be providing additional guidance on this topic in the months to come—so stay tuned.