The term “cybersecurity” has never been so important. The DeFi explosion in 2020-2021 caused cyber-attacks on crypto-projects and their customers. During international conferences, meetups, and round tables, business leaders and tech gurus actively discuss the strategies that can be applied to deal with the growing cybersecurity risks. No company in the world would like to appear in the titles of newspapers and media with such words “was hacked” or “suffered from an exploit”…”. The terms Web 3.0 and cybersecurity cannot be used independently. Thus, every company operating in the Web 3.0 industry should invest in cybersecurity.
Today solid digital companies appoint a specialist or even a top manager responsible for ensuring their cybersecurity. Apart from fulfilling direct business duties, this specialist has to answer the following questions:
Does investing in cybersecurity bring profits to businesses? How much will my business gain by investing $100K in cybersecurity? Let’s try to figure out the answers.
Simply, cybersecurity is a set of activities carried out by a company to protect itself from digital attacks. Cybersecurity encompasses three main components: preventing, addressing, and dealing with the outcomes of cyberattacks.
Cybersecurity touches all elements of the company’s operations, including computers, networks, data, programs, applications, and people. Every company should always have a cyberattack recovery plan in place since no business is 100% free of the risk of security compromise.
Although Web 3.0 constitutes the evolution of the previous version of the Web, it has its unique security implications and risks for businesses. Decentralization brings new opportunities to both companies and users but also opens new attack vectors for bad actors.
According to the recent Hacken research, Web 3.0 projects lose $8.9M on average by falling victim to hacks or other forms of exploits. For small and middle-sized projects, this sum may be too big to return to normal business. Thus, even if Web 3.0 companies invest $1M annually in cybersecurity, they get almost 10X ROI. However, this is just an approximate estimation since investing in cybersecurity improves the company’s reputation in the eyes of both users and partners. During times of high market volatility and uncertainty, users prefer choosing risk-free investment opportunities even with lower than average income rates.
Getting to a 10X ROI is difficult but possible. Companies should realize that there is no one-fits-all cybersecurity solution making them absolutely unbeatable for bad actors. However, there is a set of cybersecurity activities companies can and should take to raise their resistance to cyberattacks to new levels. This list includes but is not limited to:
Full-scope automated and manual security check of your project’s smart contracts by professional security engineers during which they look for both major vulnerabilities and minor bugs. The key benefits of smart contract audit for your project are time optimization and the use of the years of auditors’ expertise. On average, the cost of a smart contract audit varies between $5K and $30K. For extremely big smart contracts, this figure is much higher and may reach up to $500K. Smart contract audit is a one-time measure and if a company decides to apply for additional audit a few months later, it will need to cover its full price.
Simulation of real-world cyberattacks performed by certified engineers who follow the rules and scope agreed with the customer. The purpose of penetration testing is to detect vulnerabilities in the tested solutions so that a project can timely take measures to prevent possible real hacks in the future. The cost of penetration testing varies between $4K and $100K. The key benefit of penetration testing is the opportunity for a project to determine its real security level. Penetration testing is also a one-time measure.
Unlike a smart contract audit and penetration testing, bug bounty program is the continuous security testing process performed by independent researchers seeking to get financial rewards for their findings. The key advantage of a bug bounty program over other forms of security testing is the number of specialists looking for bugs in the client’s solution. Bug bounty platforms may unite thousands of specialists and, thus, the customer gets a unique set of skills and knowledge mobilized to improve its security. The other advantage of this form of security testing is that, apart from subscription fee, a customer pays only for bugs detected. On average, companies pay a few hundred dollars for minor bugs and up to $50K or even $100K for major and critical bugs. Thus, the more bugs the company’s solution contains, the bigger reward it will need to pay for the work performed by independent researchers.
The security of the company’s products is correlated with the level of employees’ knowledge and expertise. Every solid company invests in personal and professional growth of its employees. Companies should strive to create a working environment in which employees would be able to spend up to 20% of their working time for training (“Google rule”). This provides for allocating additional budget to invite business mentors, buy entry tickets to business conferences and meetups, and purchase subscriptions to online training or webinars.
The companies in which there is a healthy internal environment are less risky to experience insider attacks or malicious activities from the side of developers or managers such as exit scams or rug pulls. To this end, companies should strive to appoint the specialist responsible for communication with employees and the organization of team-building activities, family meetings, etc. As a result, employees would treat their company and its employees as a home and close friends and, thus, would not try to cause them any damage, both financial and reputational losses.
Thus, companies of up to 100 employees need to allocate at least $100K annually for cybersecurity purposes. The higher the cybersecurity budget, the stronger their resistance to possible cyberattacks.
Overall, by investing in cybersecurity companies demonstrate their strong focus on getting leadership in the fast-growing Web 3.0 economy. It is reasonable to conclude that cybersecurity is the digital healthcare for Web 3.0 players.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.