Perspectives

Digital Asset Does Not Only Mean Digital Risks

April 14, 2021 - 5 min read

Key Takeaways:

  • Despite the importance and danger of internal threats, many crypto firms remain almost oblivious to them. As these firms scale, and as larger firms begin to invest in crypto assets, this can leave them open to insider threats.
  • This level of internal threat means that the approach of the crypto industry to security should not be limited to defending against external threats.
  • LedgerVault’s features are underpinned by tailor-made guidance, which allows you to set up the most efficient governance framework according to your own needs.

Historically, cybersecurity in the crypto industry has focused on asset ownership. Up until quite recently, most crypto firms have been relatively small, which has allowed straightforward tracking of who has access to private keys. As a number of recent reports show, however, that is now changing.

But we have previously pointed out, with Ledger Vault security doesn’t have to mean more rigidity. As crypto becomes a mainstream asset, and as large firms increasingly hold crypto assets, insider threats are becoming more frequent and more dangerous. This means that securing digital assets today also means securing the way you and your team manage them.

Assessing risk

Despite the importance and danger of internal threats, many crypto firms remain almost oblivious to them. There are a number of reasons for this.

One is simply that external threats remain a major problem for companies in the crypto industry.

As a recent report from CipherTrace points out, crypto thefts, hacks, and frauds have amounted to an estimated value of $1.9 billion in 2020. While Hacks and Thefts are the sources of the second-highest level of crypto crime within the last three years, Fraud and Misappropriation rank the highest in the category.

Today, many in the industry are quite rightly focused on external threats. This becomes a problem, however, when this focus comes to define what a threat looks like, and when it hides other forms of threat. In the traditional financial sector, the danger of internal and insider threats has been long recognized, and banks have sophisticated systems in place for vetting employees and ensuring secure custody of their assets. If not, it can lead to big troubles, as Kerviel at the Société Générale found out the hard way.

But this kind of purposeful attack is not the only threat: it has also been estimated that large enterprises have more than 2,000 unsafe mobile device apps installed on them by their employees and that these could compromise the digital asset security chain.

This type of threat is increasingly visible across the industry. The CipherTrace report already mentioned points out that Exit Scams, or where a departing employee or investor uses their privileges to steal digital assets, have increased significantly in the last few years.

If this is an area in which crypto companies have lagged behind, this is partially due to what might be called the “philosophy” of the industry. A decade ago, many firms saw it as imperative to “move fast and break things”, and relied on informal systems of trust and often friendship to ensure the security of crypto assets. As these firms scale, and as larger firms begin to invest in crypto assets, this can leave them open to insider threats.

Upgrading your internal security

This level of internal threat means that the approach of the crypto industry to security should not be limited to defending against external threats, and nor should it focus primarily on private key ownership.

Instead, and as cybersecurity expert Barbara Ericson of Cloud Defense points out, firms need sophisticated access management systems in order to ensure that they cannot cause harm, (either by accident or on purpose).

As Ericson argues, “Put simply, you need vulnerability management because modern enterprises are more vulnerable to digital security threats than ever before. Nearly half of all organizations have suffered one or more digital breaches in the last year…The greater issue of digital security will become more complex and difficult to manage if you don’t begin managing your enterprise’s vulnerabilities right now.”

Ledger Vault provides companies with an easy yet powerful way of achieving this. Our system has been built to enable enterprises to implement a strong governance framework over their digital asset operations. You can design your own transaction flow to fit your organization’s needs. This means that companies have access to sophisticated tools that can be used to manage and protect digital assets from insider threats, without compromising the flexibility that many firms pride themselves on.

In addition, Ledger Vault offers a number of key features when it comes to defeating internal threats:

  • Ledger Vault is based on role-based access controls, and these can be tailored to fit the complex business processes of institutions of any size.
  • It allows these access controls to be segregated according to their role within your organization, and the level of access required for each employee and task. This system is based around five user roles — Shared-owners, administrators, wrapping key custodians, administrators, operators — that give companies a fine-grained level of control over their digital assets.
  • Role-based access control means that admins can quickly and easily assign access to individual employees, even on a temporary basis, which allows companies to maintain agility by using the appropriate governance framework.
  • Going further, Ledger Vault also allows you to customize your approval workflows to your governance policies, meaning that your security and access systems will always fit your managerial structures.

Each of these features is underpinned by tailor-made guidance which allows you to set up the most efficient governance framework according to your own needs, and to harden your security alongside this.

The Bottom Line

So, whether you are looking to improve the governance and security of your digital assets, or to scale your crypto business, make sure you invest in tools to ensure your digital asset custody is secure.

As the growing scale of insider threats indicates, it may be that the crypto industry needs to take a lesson from the traditional financial industry: sometimes you need to look inside rather than outside to identify your biggest vulnerabilities.

Our Ledger Vault platform is the most secure and flexible way for custodians, exchanges, crypto banks, and professional investors to store and manage their private keys. We would be happy to share more about our solution for digital asset storage, You can get in touch with our team directly here.