Understanding Information security in web2 and web3 spaces

cyber-security

The web2 space is the second generation of the internet. It’s a network of networks and people, devices, applications and data. Web2 is also a network of content and services that can be accessed via any device at any time with an internet connection.

When it comes to business, there is so much information stored on servers. It can be easy for hackers to walk in and snaffle valuable data – from your financial info to personal details and everything in between.

Any application stores some sensitive information that makes them vulnerable to a wide range of cyberattacks, including hacking, phishing and malware. These attacks can result in data breaches, loss of sensitive information, and financial losses; hence its security is the gatekeeper for data.

cyber-security-information-security

Besides, any web2 applications rely on third-party vendors for services such as hosting, payment processing, and content delivery. These dependencies can create security risks if the third-party vendors have vulnerabilities or are compromised.

However, a common cause of security breaches in the web2 space – human error. This can include mistakes such as weak passwords, clicking on malicious links, and falling for phishing scams.

From Data Breaches to Decentralisation: Information security in blockchain technology and the web3 space
Information-security

When it comes to blockchain technology, information security needs to be viewed through a different lens.

As for decentralised applications (dApps), there is still a lot of confusion around how these applications handle data, how they store it, and whether or not they need to encrypt it before storing it on their network.

With the blockchain nature, data and applications are stored on multiple computers. This makes it difficult to identify and protect sensitive information, as well as detect and respond to cyber threats.

As there is no central server or any single point of failure, it becomes difficult for organisations using blockchain technology to identify where sensitive information is stored and protect it from cyber threats.

With users are being responsible for securing their own assets, traditional security models, such as firewalls and antivirus software, may not be effective in securing web3 applications.

To break it down and explain more with real-life examples, B.gain sat down with a cyber security leader, Chris D and discussed information security in web2 and web3 spaces.

B.gain: Chris, could you please provide an example of a security vulnerability in the web2 space and how it is addressed in the web3 space?

Chris: An example of a security vulnerability which exists in the Web2 space that Web3 solves is fairly obvious to Web3 natives – digital asset security. When you collect digital assets, whether that be in game assets like skins or tokens i.e. crypto currencies, and in Web2 could be Qantas frequent flyer points or even currency, in web2, assets are stored on the central servers of the provider and being compromised, your digital assets are compromised too.

With blockchain and leveraging cryptography, the ownership and store of assets can be decentralised and you as the user have the power to hold the digital assets on a piece of decentralised hardware, or software wallet. Providing a much harder attack vector for adversaries and the like to conquer.

This of course shifts the responsibility of the security to the edge, being the user, and requires users to be more tech and security savvy, so they are not caught by phishing scandals, or malware which targets their locally stored crypto holdings. Hence why hardware wallets provide even greater protection.

B.gain: What are some of the key trends and innovations in information security for the web3 space we can expect to see in the future?

Chris: One of the key trends is going to be an increase in hardware wallet manufactures, such as Trezor or Ledger. As with any new technology, we need new ways to protect the digital goods, and with the increase of people moving to Web3, the increase of crafty attackers leveraging different techniques to capture your crypto or NFT’s. This growing offensive trend presents a paradigm shift, and more business for manufactures of this kind of hardware technology can be witnessed with more secure technologies such as airgap hardware wallets, Ellipal Titan, hitting the market.

B.gain: How do you stay up-to-date with the latest trends in information security in the web3 space?

Chris: Same way I stay up to date with web2 security: newsletters, twitter, threat feeds and generally what I hear from my colleague in the Cyber Security space. In cyber security, your passion leads you to places that others typically don’t go for looking.

However, Web2 and Web3 really aren’t that different when it comes to attackers & hackers. The underlying problems still exist, and if anything, there’s more with the fact of how quickly the space moves. Sometimes innovation needs to take a breath and account for any gaps they introduce. Hence why projects should be leveraging security advisors, consultants and businesses to support them in their web3 journey, as your information security strategy is integral to keeping your business and your communities’ assets safe.

(Chris D, Cyber Security Leader, known as Cryptic Kris, Cyber Security Web3 Advisor).

Conclusion

Summing up, Web2 and Web3 really aren’t that different when it comes to attackers & hackers. The main challenge in information security in the web2 space is to ensure that web applications, or any important files that are stored on different devices are secure and compliant with regulations and standards.

This might require:

  • implementing robust security measures,
  • training employees on security best practices
  • encryption of files
  • regularly auditing and testing the security of web applications

As for information security in the web3 space, we need to ensure that these new technologies can provide a secure and reliable infrastructure for decentralised applications and services. This will require innovative approaches to security, including new authentication methods, improved smart contract auditing, and guidance form cyber security experts.

IMG 9281

Olga Bubnova, Founder & CEO at B.gain

Expert in Brand Management, Marketing and Communications for Tech.

I write about tech in simple terms.