We’ve begun a major shift in how the internet is structured. Our current Web2, defined by a read/write architecture that, until recently was dominated by a handful of massive technology companies, is giving way to the next iteration of the internet: Web3. Unlike its predecessor, Web3 reflects a more decentralized internet where users and the community are in control instead of centralized companies. Its rise is as much a result of the natural evolution of technology as it is the growing anti-big tech sentiment and doubts around big tech’s ability to create equitable platforms that act in the best interest of their communities.
At its core, Web3 seeks to improve and resolve issues with the current centralized platform-intermediated interactions. Gartner’s Avivah Litan defined Web3 as a decentralized web in which users can control their own data and identity. Web3’s foundation is blockchain-based technology, leveraged for trust verification, and includes privacy protection, decentralized infrastructure and application platforms and decentralized identities. This is a revolutionary step that will enable users, creators and developers to hold greater stakes and the ability to vote on a platform in much the way a cooperative works. But this deeper connection will come at a price that cybersecurity professionals must take into consideration.
In Web3, security must be at the forefront of every innovation, action and interaction and not be considered an afterthought. In the hypothetical, data security could be enhanced because of the open, decentralized networks that Web3 envisioned.
There are potential security benefits to decentralized architectures, but there are also drawbacks. With increased transparency, there also is increased exposure of an attack surface and there are significant challenges to protecting the architecture, smart contracts and data. The spike in ransomware attacks, breaches of DeFi and cryptocurrency platforms and data leaks in 2021 looks likely to spill over into 2022 as we move deeper into Web3.
As Web3 use cases enter everyday life, ransomware and digital extortion will likely become more common because these attacks are so lucrative. The booming value of cryptocurrencies, victims’ willingness to pay and the difficulty authorities have in catching attackers are also contributing factors to this rise in cybercriminal activity on Web3.
Web3’s framework centers around a decentralized network that can lead to increased robustness and a decentralized form of technology (blockchain) that discourages any particular person or group from having full control of an ecosystem. Rather, all users collectively can retain control. While there is no single governing entity in Web3, blockchains are databases that hold records while algorithmically ensuring security and transparency. In Web3, users’ data is opaque and identity is decoupled from the data itself. That means users’ data belongs to them and is not owned by any single entity; users can clearly see who has access to their data and what type of access they have.
Currently, in Web3 users can interact with protocols without giving away too much personal data and, in the future, the hope is that they should be the ones to decide when, how and for how long to share and/or permit others to access their data.