Cybersecurity

Data breaches, security and cryptocurrency: What you need to know

It seems like cryptocurrencies can not catch a break in 2019. Some US $ 1.7 trillion in crypto currency was stolen lastyear and we’ve seen exchanges breached , funds lost and expectations adjusted .

Cryptocurrencies are built on blockchain technology, which still promises much thanks to its ‘distributed ledger’ technology. Blockchain is a process to manage transactions that require security and authentication, such as contracts and other agreements, with less risk of data breaches.

A blockchain primer

Blockchains are ‘ledgers ‘ that record transactions digitally. The trick is that they are distributed: shared between multiple computers or ‘nodes’. Every node has a copy of the ledger file. These may be financial transactions, such as a payment or funds transfer, or other transactions, such as a signature or amendment to a contract.

Every ‘page’ in the digital ledger is a separate ‘block’. When a transaction is made, the nodes use an algorithm to verify the block’s history. If a majority of the nodes confirm that the history and signature are valid, it is added to the ‘chain’ of transactions, forming a ‘blockchain’.

Security is managed by the digital signatures or ‘keys’ attached to the block. These guarantee the identity of the parties to every transaction and are kept in a digital ‘wallet’.

Every wallet has two keys: one private, one public. Nodes use an algorithm to see if they match; if they do, the transaction can be authenticated.

If a user sends a message (for example, making a purchase or signing a contract) it will typically be encrypted with their wallet’s private key. This identifies the transmitter. Every node passes through the private key attached to the message against the public key attached to the wallet to see if they match. If they do, the transaction is authenticated.

Alternatively, a user might send a message encrypted with the recipient’s public key. Only the recipient has the private key, so only they can authenticate the message and view its contents.

Crypto-crime

On the face of it, this makes blockchain and cryptocurrencies highly secure. Security breaches can arise, however, when private keys are compromised or lost.

This was the case in Canada, where in 2018 the owner of a cryptocurrency exchange dies (though suspensions are rising about a criminal conspiracy). No one has been able to access the exchange’s private keys . It’s estimated that around C $ 250 million (roughly US $ 190 million) in Cryptocurrency is held in the exchange, with owners unable to access their funds.

In New Zealand, we have recently seen the exchange is closed down – except that in this case, the funds are transferred out. The most likely explanation is that criminals gained access to the servers holding the exchange’s private keys. They were then able to download the keys to their own machines and wipe the servers, leaving the exchange unable to access their wallets.

Change is coming

These problems – and others like them – will probably give rise to better regulation of exchanges. With the amount of cryptocurrency stolen in 2018, the industry is ready to improve its security.

Specifically, the Financial Action Task Force (FATF) , which is made up of 38 member nations, is taking action. New anti-money laundering and combating the financing of terrorism (AML / CFT) regulations will come into force in Q3 2019, requiring cryptocurrency exchanges and wallet providers to implement strict know-your-customer (KYC) checks. Countries that do not comply will risk being put on a blacklist.

This will make it harder for criminals to launder cryptocurrency, but of course no solution is foolproof. More broadly, with blockchain’s strengths and vulnerabilities, just as it has with credit cards, e-commerce and other new technologies.

Blockchain for business?

Some businesses have jumped early into blockchain, while others have been more circumspect. Certainly the legal profession, for example, because of great potential in using blockchain to manage all sorts of legal transactions involving contracts and exchange. Also, it promises much in terms of secure communications and information sharing.

Should your business be considering blockchain and, if so, how will it be managed and implemented?

As always, effective board governance is the key to success. It’s vital that all board members gain at least a layman’s understanding of the technology and its capabilities. We have seen that interest in cryptocurrencies is waning and, in time, they may not prove to blockchain’s ‘killer app’.

If your business deals with private or sensitive data, blockchain potentially has much to offer. It would not be possible to improve operations, profits or both by helping prevent breaches and regulatory compliance.

The future for blockchain is – most likely – bright, although there are definitely some challenges to overcome. We’ll keep you updated as it evolves and matures. Until then, we recommend your CIO keeps on the technology and updates the board when and as needed.

To learn more about good governance for your organization, visit diligent.com/au or request a meeting with one of our governance experts.

Featured Blog