FINTECH
they should have a good understanding of their underlying infrastructure ; clear visibility of assets and an ability to manage them effectively and consistently are key foundations for good cyber security .
Cryptocurrency exchanges should aim to perform detailed threat modelling against their main business processes , especially around transfer and withdrawal processing . A good strategy is to make sure they do not store more funds than necessary in hot wallets , as well as make it difficult for attackers to infiltrate and approve transactions , even if they are able to acquire a high level of privileged access .
Limor Kessem : For-profit cyber criminals are not about to slow down these attacks , take for example a
mass-extortion campaign launched in 2020 against more than 100 financial-services companies across the world . The goal for companies should be to continually simplify users ' access while more securely adopting web , mobile , IoT and cloud technologies . Metrics should reflect striking a balance between usability and security through the use of risk-based access , single sign-on , integrated access management control , identity federation and mobile multifactor authentication .
Norma Krayem : We need to differentiate between banks and cryptocurrency exchanges . Banks will always be targeted by attackers but have robust cyber protections in place to manage and address cyber risk and are heavily regulated to do so . Cryptocurrency exchanges are complicated and vary greatly in who runs them , how they are set up and what types of protections they have in place
Cryptocurrency exchanges are top targets and we have seen hackers and nation states successfully steal cryptocurrencies around the world , but they are doing that using the same tools , tactics and procedures we see in aspects of the financial services sector .
Corey Hamilton : I think it really goes back to the fundamentals of strong cyber security hygiene . Many organisations have got new devices coming into their environment , but when was the last time a vulnerability assessment was conducted ? Has the organisation reevaluated its patch management policies ? Is there an accurate inventory of assets ? Have escalated permissions been reviewed across the organisation ? These are all important but often overlooked .
As we progress towards a cashless society , how can digital wallets be adequately secured ? Could we be approaching an era of frequent ‘ cyber muggings ’?
David Emm : COVID-19 has certainly accelerated the shift towards a cashless society . However , it ’ s important that
48 April 2021