A new challenge for cyber security
Digital assets are becoming increasingly valuable as we live more of our lives online. One example is the rapid rise of thousands of different cryptocurrencies, which have provided opportunity for investors, but have in turn opened up new challenges. Issues such as money-laundering and consumer protection are providing headaches for regulators, and much of the market remains unregulated. Blockchain, the technology which underpins cryptocurrency transactions is in theory very secure. However, the wider use and storage of currencies has introduced many vulnerabilities, and a number of high profile hacks have brought the issue of security into sharp focus. In fact, in 2016, Reuters reported that nearly 33% of bitcoin trading platforms had been compromised.
What are the security risks?
In crypto, security failures typically arise from the use of keys (unique codes) which allow users to access cryptocurrency and make a transaction on the blockchain. When you put your money into an online digital wallet or a trading platform, you must then rely on the security systems of a service or platform provider. Startlingly, with the Wall Street Journal reporting that an estimated $1.7 billion in cryptocurrency has been stolen in recent years, you could conclude that some of these platforms appear to be missing the requisite security to handle valuable assets.
How can assets be kept safe?
Securing cryptocurrency, along with other digital assets is a fundamental part of the challenge, and a number of crypto vault providers offer this service. For cryptocurrency use to really grow and stabilise, a secure approach to mobilising assets into the wider financial ecosystem is required. This will give the owners easier access, allowing them to be used by providers of financial services and those offering financial products.
Companies are developing better systems which create a more frictionless environment between the digital vault and the front end platforms of service providers. This will not only allow cryptocurrency to be mobilised into the financial system, but will also create a number of points of vulnerability which could be exploited by hackers.
Military grade security for your digital assets
Although the first form of cryptocurrency, Bitcoin, was founded in 2009, crypto and other digital assets are still considered very new markets. With limited regulation, it is very attractive to hackers, with many motivated to put substantial time and effort into breaking security. Those managing the services are therefore having to not only build secure systems, but monitor them and keep them secure.
Assets can be very secure when locked in a “cold wallet” or vault which is not connected to a network. However in order for the market to grow, organisations need a more flexible solution and quick access such as a “hot” or connected wallets to be able to provide a service accessible to customers. This requires appropriate levels of verification and system security. The architecture for such a secure system requires multiple layers to create defence in depth. Factors such as identity and access control, data routing, validation, firewalls and audit all need to be considered in terms of the overall system and integrated to manage the business risk effectively. This approach needs to be underpinned with a secure software development lifecycle through design, build and test. Finally the deployment and support of the resulting software needs careful consideration: cloud and on premise have different pros and cons.
At Roke we ‘make and break’ today’s cyber security systems in order to design and build the next generation of secure, resilient systems to protect the assets of our customers. Through expertise gained from providing security systems to military and national security organisations, our engineers can help customers identify, prioritise and mitigate weaknesses, to protect assets, reduce costs and build a security culture.
Whether it’s creating a secure, new digital platform, or securing existing assets, we combine the skills of our security professionals and technologists to ensure risk can be assessed and managed so that security can be built in from the outset.
If you need more information on how we can help you secure your business or organisation’s digital assets or want to find out more about Cyber Resilience, please get in touch.