No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Where the Money Is: Cryptocurrency Industry Grapples With Rising Cybersecurity Risks

Regulations on cryptocurrency are coming. But that doesn’t mean crypto exchanges and other businesses can take it easy.

by FTI Consulting
July 6, 2022
in Cybersecurity
crypto security risks

So long as cryptocurrency remains largely unregulated in the U.S. and most of the rest of the world (and even once regulations proliferate), the industry must remain aggressive in planning for attacks.

FTI Consulting’s Todd Renner, Adriana Prado and Preston Fischer co-authored this article.

Notorious bank robber Willie Sutton famously said “because that’s where the money is” in response to why he robbed banks.[1] Today, many threat actors view cryptocurrency and other digital assets in the same light. The lack of regulation and security controls provides opportunities for lucrative gains for criminals, resulting in increased cyber attacks on cryptocurrency exchanges and the supporting infrastructure. This issue was significant enough to garner the attention of the U.S. government.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Treasury Department released a joint advisory in April warning of cryptocurrency-related cyber threats from a nation-state-sponsored threat group.[2] Observations from the U.S. government include “cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges.”

Putting this threat into actual numbers, in four separate cyber attacks from December 2021 to June 2022, about $960 million of cryptocurrency was stolen. Between the success of these attacks and the large amount of funds that cryptocurrency exchanges possess and handle, it has become imperative that organizations in the cryptocurrency market become better prepared for a potential cyber attack and the ensuing crisis.

Unlike traditional financial organizations, cryptocurrency users usually do not have the ability to recoup their funds. In most cases, once they are gone, they’re gone. In turn, as the entire cryptocurrency industry faces increased global scrutiny, both from a regulatory and security standpoint, reliability and trust are becoming increasingly important to investors and customers. As in the wider financial services and fintech industries, reputational and competitive resilience now requires strong cyber readiness to support organizations in preventing or quickly recovering from an incident and subsequent, irreversible damages. Since mandatory cybersecurity standards to combat threat actors and protect customers’ funds and privacy do not exist, adopting a robust, proactive approach to cyber readiness can become a competitive advantage.

Global cryptocurrency expansion

In September 2021, El Salvador became the first country to make Bitcoin legal tender. The government correspondingly released a national Bitcoin wallet, Chivo, for its citizens. The strategy behind the decision was that it would boost the economy and the job market, but so far, the results have not been as desired. The majority of Chivo’s users have already abandoned the app.[3] Making matters worse, the International Monetary Fund (IMF) is encouraging El Salvador to remove Bitcoin as legal tender because of the risk cryptocurrency poses and the difficulty the country would face in obtaining an IMF loan.[4]

Despite this test case, in April 2022, the Central African Republic (CAR) became the next country to adopt Bitcoin as legal tender, “driven by the need to solve currency and exchange rate challenges.”[5] It is too early to determine how this decision will impact CAR’s economy and if it will create new opportunities for businesses and its citizens. Regardless, cybersecurity should be front of mind for the country, as cyber actors are not constrained by borders or politics and will take advantage of an opportunity if they see one.

Regulatory response

Although Brazil is in the process of “regulating the domestic cryptocurrency market,”[6] it’s possible leaders are taking a wait-and-see approach before this bill is signed into law or eventually enforced. Instead, Brazil may decide to see how other countries, such as the U.S., decide to handle cryptocurrency regulation and use the outcome as a basis for adoption in their own country. Judging by recent actions in the U.S., cryptocurrency and its risks are a top concern.

President Joe Biden signed an executive order in March focused on digital assets, aimed at “addressing the risks and harnessing the potential benefits of digital assets and their underlying technology.”[7] More recently, the SEC announced “the allocation of 20 additional positions to the unit responsible for protecting investors in crypto markets and from cyber-related threats.”[8]

These decisions, coupled with regulation, could help tackle an unsustainable issue. Some exchanges that have cryptocurrency stolen rely on emergency funds to pay back their customers, but these resources are not limitless, and those without this backup plan are likely to go out of business. Regulation potentially helps with these issues, as government agencies and law enforcement would have firmer legal footing to track down cyber actors responsible and recover funds. Further, regulation offers the potential to help address other criminal actions, e.g., money laundering, and reduce investor risk. Existing Know Your Customer (KYC)[9] and anti-money laundering (AML) controls at major U.S. cryptocurrency exchanges have helped thwart fraud and cyber crime, and regulation would build on these successes.

Preparedness is key

Before becoming the next cryptocurrency exchange to suffer an attack and have funds stolen and in turn create a loss of confidence in the currency, harm brand reputation, enter fiscal insolvency and face regulatory fines, organizations in this industry must evaluate their cybersecurity and data protection programs immediately. This includes but is not limited to security protocols, technology stacks and documented data governance policies and procedures. This process should also involve establishing a robust incident response plan to protect the business and reputation in the event of a cyber attack.

The preparedness process should involve the following:

  • Assess wallet protections, wallet process, source code review, blockchain protocols, third-party vendors, and blockchain infrastructure to mitigate risk from code manipulation, vendor security gaps and gaps in infrastructure interoperability for transfers of value.
  • Implement fraud protections to ensure compliance with global regulations, including, AML and KYC.
  • Identify and assess evidence of anomalous, suspicious, fraudulent, or otherwise illicit activity associated with cryptocurrency assets.
  • Determine if cross-border data protection issues exist.
  • Store backups and wallets offline. Cold storage — a wallet not connected to the Internet — provides a safer alternative to hot storage, which can be susceptible to theft.
  • Conduct operational and product roadmap assessments to evaluate potential risks introduced through innovation and handling of transfers of value. Are there gaps in the operational elements of the product or business roadmap that would not align well with new technologies?
  • Ensure a robust communications preparedness plan is in place, which includes: organizational preparedness audit; cybersecurity preparedness playbook and response plan; and cyber attack simulations and table-top exercises.
  • Conduct assessments of digital identity and access management to ensure robust data security and limited data access

Cryptocurrency’s future

Even if cryptocurrency regulation is passed, it should not be viewed as a complete solution to the problem. The inherent anonymity of cryptocurrency means there is no guarantee organizations will be able to recover stolen cryptocurrency. Organizations will continue to rely on their reputation to attract investors, and in the meantime, customers will expect business to continue as usual and will demand restoration of their stolen funds. Without proper preparedness programs and protocols implemented ahead of time, cryptocurrency exchanges and organizations in the digital asset ecosystem will have significant challenges to overcome when technical issues occur, or when threat actors and nation-states target them.

References

[1] https://www.fbi.gov/history/famous-cases/willie-sutton

[2] https://www.cisa.gov/uscert/ncas/alerts/aa22-108a?mod=djemCybersecruityPro&tpl=cy

[3] https://restofworld.org/2022/el-salvador-chivo-bitcoin-wallet/

[4] https://www.bbc.com/news/world-latin-america-60135552

[5] https://qz.com/africa/2160520/bitcoin-becomes-the-official-currency-in-the-central-african-republic/

[6] https://www.bloomberg.com/news/articles/2022-02-22/brazil-s-senate-takes-first-step-toward-regulating-crypto

[7] https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/09/fact-sheet-president-biden-to-sign-executive-order-on-ensuring-responsible-innovation-in-digital-assets/

[8] https://www.sec.gov/news/press-release/2022-78?utm_medium=email&utm_source=govdelivery

[9] https://www.swift.com/your-needs/financial-crime-cyber-security/know-your-customer-kyc/meaning-kyc

 


Tags: Cryptocurrency
Previous Post

Building Dynamic Compliance With Modern Identity Governance Solutions

Next Post

Ukraine War Highlights Importance of Banks Investing in the Future of Compliance

FTI Consulting

FTI Consulting

Related Posts

ftx arena miami

2023: The Year of Crypto Compliance

by Ben Richmond
January 11, 2023

The November collapses of FTX and BlockFi, two of the world’s biggest cryptocurrency exchanges, were shocking — and devastating for...

The North Korean Crypto Threat_f

The North Korean Crypto Threat

by Corporate Compliance Insights
October 20, 2022

How to challenge North Korea's entry into the crypto field of play Facing the Latest Challenge to the Crypto Ecosystem...

unpacking crypto eo

Unpacking Biden’s Crypto Executive Order

by Harriet Christie
July 27, 2022

Rather than an exhaustive dossier of rules and regulations providing next steps for crypto firms, President Joe Biden’s March 9...

QA logo seery mike

Q&A: The SEC Would Love to Regulate Cryptocurrencies, But So Far, Their Efforts Are Hobbled. What’s the Current and Future State for Investment Managers?

by Bill Millar
April 20, 2022

President Joe Biden signed an executive order March 9 intended to instill consumer protection and financial stability, prevent illicit uses...

Next Post
russia ukraine war burned out building

Ukraine War Highlights Importance of Banks Investing in the Future of Compliance

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT