Ray Pompon, Principal Threat Research Evangelist, F5 networks
Hackers have a soft spot for targeting cryptocurrencies thanks to a lack of heavy regulation unlike traditional financial services. Cryptocurrency funds have no legal obligation to implement protection measures, so inherently they are not as exhaustive or technical. This makes them prime targets for hackers. Transactions can be extremely difficult to reverse, so although some funds cover customer losses, the reality is that if the exchange stretches into the millions, they have no obligation to help.
Bitcoin is now worth $3.5k, despite major fluctuations in value. For perspective in 2011, Bitcoin had parity with the US dollar, so the opportunities for hackers targeting cryptocurrencies have skyrocketed in recent years. Over the last seven years, F5 Labs has noted an almost twelve-thousand-fold increase in crypto theft and identified 73 major cryptocurrency incidents, each costing on average, a crippling $31 million.
The victims of cryptocurrency thefts
Many technological services in the cryptocurrency industry are targets for cybercriminals, but the most commonly hit technical services, according to F5 Labs research, are cryptocurrency exchanges (63% of incidents). These are the digital equivalent of currency exchanges enabling customers to buy or sell various cryptocurrencies, making them an obvious nexus for high value transactions.
Cryptocurrency uses storage mechanisms called wallets, of which there are two kinds. A “hot wallet” is Internet-connected and used to store cryptocurrencies used for day-to-day transactions – basically the equivalent of your real-life wallet. Hot wallets can run on cryptocurrency exchanges for easy trading, but they can also run as client software on a computer or mobile device. As a result, hot wallets are more likely stolen by cyber-criminals.
To reduce the risk, cryptocurrency technology also leverages “cold wallets” that are not connected. The best cold wallets are air-gapped systems, such as a USB stick with a strong password. Within cryptocurrency exchanges, cold wallets exist as separate, strongly-encrypted databases requiring a wallet owner to unlock it with a private key. Of the known attacked technologies, hot wallets within exchanges are ripped off three times as much as cold wallets. Wallet software for clients that is outside of an exchange can also be attacked. These incidents currently represent around one seventh of all cryptocurrency thefts.
Mining services are another potentially hackable cryptocurrency technology, although this is a relatively rare occurrence.
What does the future hold for protecting cryptocurrency exchanges
Applications are complex conglomerations of interacting services in a variety of environments, glued together with APIs, authentication credentials, and networks. This means they have an extensive attack surface and therefore need extensive security testing and protection.
Regulating the cryptocurrency industry is finally becoming a priority for governments around the world, and some have already begun defining cybersecurity measures. For instance, many countries are looking at Korea Regulation 5.5.7 (Regulation on Supervision of Electronic Finance) as one of the leaders in this respect, as it treats cryptocurrency exchange cybersecurity measures in the same way that a financial institution would. This is an example that should be followed and embraced, as one of the most effective ways to protect cryptocurrency exchanges, especially if the cryptocurrency industry continues growing at its current rate.
TIPS TO PROTECT YOUR CASHFLOW DURING THE COVID-19 PANDEMIC
By Rita Cool, Certified Financial Planner at Alexander Forbes Financial Planning Consultants
The full impact of the COVID-19 pandemic is as yet unknown, but individuals have already begun to have their lives disrupted by the country’s economic shutdown, with retrenchments, salary cuts and forced unpaid leave making them take stock of their financial position.
The basic principles of financial planning are especially relevant at this time, but in the short term, cash flow is more important to many people.
To help safeguard you and your family’s financial security, here are some tips to follow to make sure you’re making your money work hard for you:
- Draw up a budget – this is especially relevant if you’re worried about possible retrenchment of yourself or your partner. This will help you know how much you need to cover your basic living expenses and where you can save money. Don’t only look at what you need to spend money on, but also when you think you will need that money. Perhaps you paid school fees upfront at the beginning of the year, or your car registration is only due again next year.
- Check your bank fees. Are you in the best structure for your needs? Are you paying for services that you never use? Consider moving banks to get a better deal.
- Banks have waived the Saswitch fee payable for withdrawing cash at another ATM other than your own bank, but if you’re doing this, be aware of when this switches back as you can end up paying almost double the bank fees.
- Did you know that you start paying interest immediately if you draw cash from a credit card and that you do not get three or six months’ interest free?
- Go through your house while you have extra time and identify potential items which you could sell, as this will free up cash.
- Where possible, pay cash for items as the interest rate on hire purchase items is very high and you pay around 20% more for those items than the sticker price. If you cannot afford the item and you don’t need it right now, wait.
- Look around for bargains online rather than driving around. There are some good sales on, and you can support businesses that need your help.
- At the same time, be aware of spending extra cash you could be saving towards your financial safety net. There are lots of deals available, so balance the need for the 70% off bikini or new laptop with being cautious about the future.
- Use store coupons and discount vouchers. The main food retailers have loyalty programme structures that can be tailored to your specific spending patterns. Make sure you claim point or vouchers but look out for monthly costs to belong to a rewards program. Ask yourself if your monthly savings validate the cost. Optimally a reward scheme shouldn’t cost you money.
- Check with your insurance company if your premium can be reduced because you’re driving less during lockdown.
- Check your current insurances. Do an insurance rebroke. Make sure you are covered for what you need and take things off the list that you do not have any more and add what you have bought since the last update. Make sure you are not under or over insured and that your premium is market related. The cheapest premium isn’t always the best so be aware of exclusions and excesses and make sure you can afford the excess if you need to claim.
- In most cases you can reduce your monthly insurance premiums by not having a cash pay-out in the future. If you want a pay-out, save the extra premium in an investment product, not a risk product.
- Be wary of consolidating debt. You might pay a lower interest rate but it might well be over a longer period so the total interest paid will be higher. If you have debt issues, set up a debt plan with dates and goals to reduce the debt little by little. Do not give up.
- Be aware that payment holidays are not a free loan, you still owe the money and you’re paying interest on it. Check with your service provider.
Remember that the pandemic will pass. Try not to panic as this may lead to rash financial decisions, which could have an impact on your finances later down the line.
FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT
Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS firms must address the data issues flagged and created by the Covid-19 pandemic
When the pandemic started, organisations within the financial services sector were faced with three key questions. How do we do homeworking? How do we go remote? How do we manage this?
In trying to answer these questions, the business continuity measures taken by FS firms were not up to scratch. Mistakes that could have been avoided were made. To start off with, users had to be given the necessary equipment to make remote working happen and they had to have access to the infrastructure needed, such as broadband. Users also had to have access to the information and data needed to do their job. And this is where they started to run into trouble. While software applications like Zoom and Microsoft Teams made it possible to stay connected, the systems in place were not adequate to facilitate secure data management practices en masse.
These are the downsides that need to be addressed.
Where’s the governance?
Historically, firms operating in the financial sector have been slow to adopt cloud technology, preferring to store sensitive data on premise, in order to mitigate perceived risk. As such, through the lockdown, much of the data people need access to is not in the cloud, but is stored in applications or file servers.
Adding to the issue, the VPNs of many organisations don’t have the capacity to allow large numbers of users online. This lack of VPN availability has forced FS firms to allow users access to GDPR sensitive data multiple times, with little or no method of tracking in place.
In order to acquire the information they need to do their jobs while out of the office, employees have been copying, downloading and sharing files that now exist outside of the corporate firewall, without any governance or security considerations. Such data is now, for all intents and purposes, in the wild, making it harder to bring back under control. Teams working remotely don’t have the corporate governance and security protocols that they would have when working in the office.
So, being forced to work remotely, at short notice, has impacted compliance and governance in a very negative manner. The way data is being handled greatly increases the chance of a data breach occurring. It also flies in the face of FCA regulation, and in particular GDPR where personal data is being used. While the FCA might be a little more lax in light of the current challenges right now, this will change when data breaches start to occur and customers start asking questions. Poor choices now will not be a reasonable excuse to avoid future fines.
If this crisis has shown us one important thing, it’s that the slowness of financial services firms in adopting cloud technology, which made it significantly harder for them to access and use data, has hurt business continuity, security and privacy.
Better Data Practices
So, how can organisations take control of their data? For many this means deploying it to the cloud in a rapid manner, whilst retaining security and governance practices. It is possible for organisations to make data accessible if the technology is deployed correctly, allowing all the necessary controls to remain in place. Having the short-term decisions correctly in place and making them under an umbrella of good governance and accountability, ensures that you don’t suffer knee jerk reactions and risk losing control of data.
By keeping on top of your data as much as possible, you significantly reduce the opportunity for chaos to happen. That starts with making it available on a safe and secure platform. At a time like this, it is imperative that organisations have a good understanding of their data. Information asset registers should be kept up to date to track where their information is, where it’s being used and the purpose for which it’s being used.
For our clients, we are now using AI to help them assess and understand their data, flag any risks their data is posing to their organisation, and help them mitigate that risk. By implementing the right systems this can all be automated, and there is nothing stopping organisations from doing this with next to zero impact on their userbase.
Remote working is becoming the norm: It has been proven to work and organisations will start reflecting on how much office space and connectivity they really need. As such, organisations are being forced to act now and adapt their data governance and compliance practices to suit the ‘new normal’. Waiting until the pandemic passes is not an option.
TRIO OF NEW REGIONAL DIRECTORS HEAD UP TIGERWIT’S GLOBAL EXPANSION
Following the release of their record revenue for the last financial year, award-winning online trading platform, TigerWit, has strengthened their...
SECURING THE EVIDENCE FOR VAT AND TAX
Filippa Jörnstedt, Senior Regulatory Counsel at Sovos Businesses are almost entirely digital in their nature. With sophisticated technology now...
TIPS TO PROTECT YOUR CASHFLOW DURING THE COVID-19 PANDEMIC
By Rita Cool, Certified Financial Planner at Alexander Forbes Financial Planning Consultants The full impact of the COVID-19 pandemic is...
RETAILERS WHO OPEN THEIR DOORS WILL NEED EXTRA HELP
With thousands of retail stores given the green light to open in the next few weeks the government needs to...
LEADING BANK IN TURKEY USES ONESPAN’S MOBILE APP SECURITY SOLUTION TO HANDLE DOUBLING OF DEMAND FROM COVID-19
OneSpan’s scalability helps DenizBank protect millions of mobile banking users as the coronavirus pandemic drives massive increase in hacking attacks...
KASKO PARTNERS WITH VIVIUM TO LAUNCH FULLY DIGITAL BIKE INSURANCE IN BELGIUM
Vivium, a member of the P&V Group, turned to the InsurTech provider to build an omni-channel and bilingual insurance product,...
THE STRATEGIC ALLIANCE BETWEEN MINSAIT AND AURIGA WILL PROVIDE AN INNOVATIVE OMNICHANNEL PLATFORM FOR A SUPERIOR BANKING EXPERIENCE
Minsait, an Indra company, and Auriga have reached a strategic agreement that will strengthen their position in the digital transformation...
INFORMAL PUBLIC TRANSPORT: FRONT-LINE MOBILITY HEROES
By Devin de Vries, CEO, Where Is My Transport Every week, 5 billion commuters in emerging markets have no...
FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT
Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS...
FROM MANUAL TO MACHINE LEARNING: HOW TO APPROACH THE RECONCILIATION ‘PROBLEM’
By Christian Nentwich, CEO at Duco At the start of 2020, before the global coronavirus pandemic changed the world,...
5 WAYS TO MAXIMISE THE VALUE OF INSTANT PAYMENTS
Lauren Jones, International Payments Ambassador, Icon Solutions Instant payments are the ‘new normal’. The last decade saw a ramp-up...
THE BEST PATHS TO SECURE AUTO FINANCING IN 2020
The previously flourishing economy has taken some dramatic turns in the last few months due to the health and economic...
TIPS FOR BUSINESS EXPANSION
Alan Sutherland, CEO of Kind Consumer Every successful business had a beginning. Its founders usually looked for ways to...
THREE QUESTIONS FINANCE LEADERS SHOULD BE ASKING THEMSELVES DURING THE PANDEMIC
Chris Pope, Global VP of Innovation at ServiceNow We’re living through unprecedented times, dealing with a situation completely out...
HOW WILL COVID-19 IMPACT ESG INVESTING LONG-TERM?
By Kerstin Engler, Senior Wealth Manager, Geneva Management Group. Sustainability is a trend on the rise in every sector...
EIS LAUNCHES IN THE UK AS INSURANCE COMPANIES LOOK BEYOND PROTECTION TO DELIVER MORE VALUE TO CONSUMERS
Leading digital insurance platform expands global footprint to meet UK insurance market demands EIS, a core and digital platform provider...
TINK TECHNOLOGY ENABLES MULTI-BANKING FOR NORDEA’S NORDIC APP CUSTOMERS
Tink’s account aggregation, data enrichment and personal financial management technologies have been integrated into Nordea’s mobile banking app to deliver...
BITCOIN COMES OF AGE
Katharine Wooller, Managing Director, UK and Eire, Dacxi The Bitcoin halving event, which occurred on the 11th May, has...
KEEPING PAYROLL SAFE AND SECURE IN LOCKDOWN” – HOW FINANCE FIRMS’ PAYROLL TEAMS CAN MAKE IT HAPPEN
by Richard Dutton, account director, Symatrix With companies across the UK switching to remote working since the pandemic took...
EMERGENCE PARTNERS LAUNCHES TO HELP BUSINESSES NAVIGATE A NEW WORLD OF EMERGING TECHNOLOGY
Consulting firm will partner with clients to transform their businesses using disruptive technologies Emergence Partners, has today launched to provide strategic counsel...