Cyberthreats are an ever-present threat to the integrity of financial institutions (FIs) and the trust in the economy and society. As we enter a new era with growing digital assets using cryptocurrencies, FIs are heavily focussed on assessing the risks and defensive mechanisms against cyberthreats on this new asset class.
With the growing adoption of cryptocurrencies and valuation, the temptations to attack and hack would also grow. However, cryptocurrencies’ underlying public blockchain layer – that supports the monetary value of cryptocurrencies – lies external to organisations, and is a relevant vulnerability surface that can be cyberattacked. As a result, cybersecurity responsibilities for these blockchain layers that support billions of dollars today can also be blurred. What and how should the global FI industry respond if a cryptocurrency blockchain layer faced a significant attack today? Is it a complacent belief that there are no hackers who would harm the very blockchain layers that are allowing them to be paid for their fraudulent activities?
What has not happened before does not mean it will not happen, and while we would all hope that such attacks would never be attempted, being prepared to guard this potential vulnerability would be prudent, while being cost-effective at this time.
Table 1 highlights that cybersecurity in cryptocurrency is directly about value preservation, complicated by the blockchain that is public and outside of an FI’s perimeter.
Source: Deutsche Bank
At this time, how the responsibility of cryptocurrency public infrastructure cybersecurity should be approached remains under-debated despite the growing mainstream participation. It cannot be “just” the sole responsibility of any organisation’s cybersecurity teams, and given the high value at stake, it cannot also be “just” based on the belief that no hackers would want to target the blockchain layers because it is not in their (current) interests to do so.
While there have not been many attacks against the cryptocurrency blockchains, it would be complacent to believe that cyberattacks in this layer would not happen in the future. Table 2 highlights some key differences between traditional and 21st century digital assets that make the latter increasingly more attractive to cyberhackers.
Source: Deutsche Bank
In summary, while the cybersecurity of cryptocurrency’s blockchain layers have been natively robust, given today’s heightened adoption and usage by mainstream industries, cryptocurrency’s high monetary valuation and its portability, a commensurate level of interest in the underlying cybersecurity would also be prudent by FIs that are participating in the space. An inclusive and collaborative approach would be most effective – and ideally include stakeholders like academia and the crypto-communities in addition to the FIs, investors and fintech participants. Joint industry conferences can be a starting point for example, to discuss how to manage and address the potential risks involved.
The journey itself can be highly insightful, and one that can be united by a common vision of both the traditional financial industry and the crypto one for a thriving crypto-digital asset financial market of the future.
Boon-Hiong Chan is the global head of market and technology advocacy, securities services, at Deutsche Bank.