Be in a position of strength: Auditing ICO and Cryptocurrency

(Photo: https://www.flickr.com/photos/81894496@N06/15896297412) How do you convince people to trust an organization and the quality of products and services it provides? The following terms may come to your mind immediately: certifications, accreditations, adherence to standards, user feedback and reviews, financial audits and opinions. There are many perspectives one can take and there is no right or wrong answer as individuals and

Clement LowBy: Clement Low, Mar 14, 2018
TwitterFacebookLinkedIn

 

(Photo: https://www.flickr.com/photos/81894496@N06/15896297412)

How do you convince people to trust an organization and the quality of products and services it provides?

The following terms may come to your mind immediately: certifications, accreditations, adherence to standards, user feedback and reviews, financial audits and opinions. There are many perspectives one can take and there is no right or wrong answer as individuals and organizations find varying reasons to build trust. However, assessments from an independent and trusted third party auditor on the organization can provide a large degree of assurance to users.

In the same vein, Initial Coin Offerings (ICO) and Cryptocurrencies can also be questioned by investors and consumers. The history of blockchain and cryptocurrency is not new. The first version of Bitcoin was announced and mining for coins began in 2009. The new technology gained significant publicity, popularity and investments only in recent years to the extent of analysts suggesting that it could be a bubble. The total combined market capitalization of cryptocurrencies crossed past USD $800 billion in January 2018. With such tremendous popularity in this relatively new and uncertain domain, there are many individuals and organizations wanting to get on the bandwagon as it can be seen as a technology disruption. It is no surprise that there are 1384 alternative coins (Altcoin) as of 7 January 2018 and growing. This has increased the diverse use cases and benefits of the technology which has the potential to significantly affect many individual’s way of life and how their businesses are conducted.

Worryingly, security for ICO and Cryptocurrencies has not caught up with its explosive growth. There are several high profile cyber attacks on cryptocurrencies which can derail consumers’ and investors’ confidence. At the moment, there are not many regulations, frameworks and requirements pertaining to this new technology. Even so, they are often not required nor enforced by regulatory bodies. This had led to many ICO and cryptocurrencies companies having lacklustre security plans and implementations. On a positive note, there are efforts attempting to close this gap. There are organizations offering audit services and assessments specifically on ICOs and cryptocurrencies. For instance, the PodOne ICO was audited by McAfee was given the highest possible score of 5 . There is also the specialized network Quanstamp which is designed to find vulnerabilities in Ethereum smart contracts with scalable proofs-of-audits.

The scale and scope of assessments depends on the level of audit assessment. An example below references the Platinum Audit assessment by Practical Assurance as of 12 March 2018 that contains the following requirements:

  • Business Identity Validation
  • Fraud Red Flag Assessment
  • Business Process Maturity Assessment
  • Technical Maturity Assessment
  • Information Security Assessment (IISF)
  • System Architecture Review
  • Vulnerability Assessment
  • Secure Source Code Review
  • Smart Contract Review
  • Self Attestation Report
  • Compliance Reporting Widget
  • Online Compliance Certificate
  • Detail Validated Audit Report (Manual Audit)
  • Remediation Assistance
  • Security & Compliance Support

The lists may seem intimidating to a young ICO or cryptocurrency organization. The key is to start small and build on the foundation as the business scales up. The management’s support, organization’s direction, employee’s attitude and culture is of utmost important to meet this objective and it is best to start inculcating this in the early formations of the organization.

The gap is closing

(Photo: http://www.geograph.org.uk/photo/4928585)

In my opinion, the security gap will start to close increasingly and security implementation may become a necessity to exist and operate in future. This can be attributed to the pervasiveness of cyber attacks affecting many high profile organizations worldwide which is getting attention to consumers who do not have prior knowledge of cyber security. Designing and implementing a resilient and secure architecture in the early stages of your ICO and cryptocurrency will help save costs compared to when it is done as an afterthought. Consumers and investors need to find compelling reasons to trust you to protect their interests and by doing so through reddit forums and reviews is insufficient.

It is wise to view security costs as an investment to your ICO and cryptocurrency instead of an overhead cost. By implementing a secured environment, it provides confidence to your customers and investors to conduct business. Once your organization starts to grow, adversaries will be more inclined to compromise your infrastructure and users as it is more lucrative to go after your higher-valued assets. Having a secured environment can mitigate these threats and prevent security incidents and hacks from being realized. In the event if it is compromised, you would also know how to react, respond and manage your stakeholders. Reiterating a point raised earlier, your ICO or cryptocurrency may experience explosive growth which does not keep up with your security plans and implementation. As a result, your business may not scale to its potential and lose opportunity costs.

(Photo: https://www.flickr.com/photos/pictures-of-money/17096832777)

In conclusion, it pays off to start investing in security in early stages or formation of an ICO or cryptocurrency. By doing so, it lays a strong foundation to scale and meet audit requirements in the future. The first step to achieve this is to find a trustworthy security consultancy company which you can trust that provides holistic security solutions, services and expertise. In the long term, the consultancy company will have a thorough understanding of your organization and direction which adds value and further depth to the services provided.

Please do not hesitate to contact Horangi Cyber Security for any questions pertaining to your security strategy and requirements as we have a team dedicated to cryptocurrency security.



Clement Low
By: Clement Low, Mar 14, 2018

Cyber Operations Consultant

TwitterFacebookLinkedIn