How the potential of Web3 could shape the world of cybersecurity

Back in March 2022, Harvard Business Review conducted a casual poll asking a simple question: ‘Have you ever heard of Web3’. 70% of respondents said no. Despite a small minority having an understanding of the term, Web3 is being heralded as the future of the internet. In 2022, Web3 has been gaining notable traction in thought leadership journals. However, the term is in fact not new. It was coined in 2014 by Gavin Wood, co-founder of Ethereum. Since, companies across Big Tech, asset management and venture capital have been exploring the possibility of its future.

So what exactly is Web3 and if it is the future of the internet, and consequently finance and technology sectors, what does this landscape look like in terms of cybersecurity? In order to understand how Web3 could shape the future of cybersecurity, it is important to summarise exactly what it is and how the history of the internet has arrived at this point today.

Web3 is essentially the third era of the internet and a departure from Web2 and of course Web1, which was the first generation of the world wide web. Society is currently existing in Web2. Web2 grew to dominance in society’s day-to-day lives in 2005, when its infrastructure meant sites such as Facebook, YouTube and Twitter came to fruition. In the period of Web2’s growth, there was mass adoption of the internet and people were able to create their own websites and publish their own content. Large centralised data centres were the power source behind Web2. Simultaneously, the use of smartphones to connect to the internet proliferated and companies such as Google, Amazon and Facebook embraced the opportunity to monetise consumer data. It became possible for people to buy products via ecommerce and online channels. However, people had no control of how their data was used and how it was stored. Web2 therefore facilitates both communication and commerce via a small select few companies who enjoy monopolistic control. Thus this version of the internet is defined as being a centralisation.

Web3 is a departure from Web2 because it is decentralised. Society is on the cusp of this transformation, signalling the end of single server or database dependence. Instead, the internet will run on decentralised networks such as peer to peer nodes or blockchain. In this new iteration of the web, users will interact directly with each other and there will be no need for companies and middle men for certain transactions. Financial transactions will also be decentralised as they will be carried out via blockchain cryptocurrencies.

However, despite adoption challenges, this bright new future comes risk and security concerns for everyday users. For all the regular consumers who embrace new iterations of the internet, there will always be cybercriminals embracing the change too and looking for ways to exploit people. Key concerns for Web3 include cryptojacking and always phishing threats.

Cryptojacking is already an issue for cybersecurity firms due to the ever growing presence of crypto miners. RAV researchers defined 2021 as ‘the year of the miner’, due to their enormous proliferation since the pandemic. The concern with Web3 is that crypto miners may seek to harvest a user’s coins without their consent. Whilst cryptojacking may not impact a user’s computer in the same way that traditional malware could do so, it could still be costly to a person’s wallet. We also know the threat of phishing is not new. However, what is new is the manner that it is being used today. Back in October 2021, phishing emails were used to steal cryptocurrency from 6,000 Coinbase customer accounts. The attack was implemented by exploiting a flaw in the company’s two-factor SMS system. Another malicious phishing attack example is a theft that took place in February 2022 whereby OpenSea users were robbed $1.7 million in NFTs.

Lamentably, the same freedom and end-user ownership that Web3 will be offering people will be the very same freedom that cybercriminals will be able to experience. With all the potential opportunities that Web3 could bring, there is a giant can of worms that could be opened. Advancements within the internet will call for cybersecurity solutions that match the pace of these developments. Systems will not only need to be secure, but they will need to meet the  highest compliance standards expected by regulators in order to safeguard consumers.