Securing our assets in the digital age.

By
Gary Crowther, Copywriter
Date:
08 August 2022
Photograph:

From consumers and banks to emerging FinTech brands, together we are progressing towards an era where our cash might be completely intangible. And when currency is nothing but data, how do we rest knowing that our digital assets are secure? 

Thankfully, cybersecurity is nothing new, but there is still a way to go before an ironclad defence against breaches and data loss can be erected. Until then, we rely on the greatest but also the most costly teacher of all; failure.

For instance, in December 2020, Ledger, one of the pioneers in digital asset storage, said the company had “fallen victim to a cyber-attack”. They warned that it was safe to assume that “your (customer) funds could be at risk of theft”. While anxiety-inducing, that exact feeling is what fuels the pace at which institutions are building on their security measures.

Anxiety can be a good thing. It’s what had us build walls around cities.

Fear of data loss has produced numerous podcasts, functions, journals, reports, articles, eBooks and courses aimed at equipping both consumers and businesses with the knowledge to safeguard against security breaches. And yet they keep happening, but why?

In Fugue’s State of Cloud Security 2020 report, it was revealed that misconfigured cloud-based databases are one of the leading causes of security breaches. Of course, there are other catalysts for data loss, each one a reminder for businesses to invest more heavily in their security measures, especially as we are going deeper into the digital age. 

A key industry example should all be paying very close attention to is Fireblocks, a digital asset custody, transfer and settlement platform valued “not far off $1 billion.” Yet in June 2021, they faced down an alleged lawsuit of around $75 million for a potential breach of their vaults. Are we actually learning from the mistakes of other enterprises? At a glance, it would not seem so.

And then there’s the matter of decentralised virtual money.

The complexity of the situation only deepens when we introduce cryptocurrency into the equation. With the staggering amount of legislation surrounding traditional and recognised currency, our anxieties are less severe. We like to believe that any loss of cash from a security breach will be returned to us thanks to long-established protocols and laws.

Crypto is a different beast entirely. Still a new kid on the block, legislative bodies are stumbling to build a coherent set of rules to regulate the digital currency. It really did slog into the mainstream, but organisations such as the BIS (Bank for International Settlements) recognise the institutional need for crypto as beneficial for most economies if properly regulated.

By edict of the BIS, banks are permitted to “broker” deals for clients to provide investment opportunities using crypto such as Bitcoin, but how secure are these transactions? When the money doesn’t actually exist in a physical form, losing it in a breach scenario seems all that more devastating. 

It goes without saying that these banks and financial institutions will require stringent security, FIPS (Federal Information and Processing Standards) and certified environments to put our minds at rest. One such environment is cold storage which involves the storing of inactive data that is rarely used or accessed. Typically, cold data must be retained for business or compliance purposes on a long-term basis, if not indefinitely.

And if our data is being stored for prolonged amounts of time, it is essential to ensure that everyone with digital assets has the option to access the highest levels of security available. Thankfully, tech-savvy entrepreneurs are meeting this demand by launching businesses designed exclusively to store and secure digital assets.

Intangible assets secured inside physical storage - it’s like a server room.

Enter Custodiex, a brand offering SaaS-based security and storage solutions for banks and financial institutions. Custodiex built its real time cold storage solution over a period of seven years, and stands as a prime example of an organisation that is based entirely on securing digital assets. They store said assets in what they claim to be the “world’s safest hardware”; two decommissioned nuclear bunkers.

Another example is Curv, a business with a bold claim. Announcing itself as the “Institutional Standard for Digital Asset Security”, Curv specialises in cryptography and cloud security, offering secure, distributed architecture for signing transactions. This permits any institution or enterprise to store and exchange digital assets on public or private blockchains. 

Do not relax just yet, however. Brandishing a double-edged sword, the BIS has given the green light for banks and financial institutions to also store and exchange cryptocurrencies through digital wallets. We might be looking at the dawn of a competitive marketplace where price may become the deciding factor when choosing the best storage for our digital assets.

And like we always say, you should always differentiate beyond price.

The risk here should raise some eyebrows, as competition naturally births undercutting tactics like special offers, deals and cheaper options for organisations on a budget. But when assessing the security of asset storage, cost should be the last thing to consider, especially if you’re storing critical data. 

Luckily, the BIS recognised this alarming threat and has established directives for slowing the process, encouraging data storage, security and non-bank brands independent of traditional financial institutions to mould the market and provide benchmark techniques for protecting data. 

This gives us some breathing room and time to establish the best practice for storing digital assets securely before the banking institutions can begin to roll out their services. One can only hope that they take note of businesses such as Custodiex and Curv when implementing security protocols surrounding the storage and exchange of digital assets.

Until then, we have time to observe and assess the success of cold storage solutions and identify weak points before a security breach can occur. Finally, we might actually start to move away from the costly method of trial and error, and instead implement proactive and preemptive measures for securing our assets.