The travails of a Canadian cryptocurrency business highlight how too much security can be as bad as too little. However, adopting the right approach should enable your business to find the perfect middle ground.
In a news report, it was announced that one of the burgeoning number of cryptocurrency organisations, Quadriga CX, had run into massive security challenge. This was due to the fact that its CEO was so conscious about security that only he had the passwords and keys to access the nearly $200-million held in Bitcoin, Litecoin, Ether and other digital tokens for customers.
The problem was that when he passed away suddenly and unexpectedly, no employees at the company – or its customers – were able to access the money.
This raises a number of questions about the cryptocurrency market and the manner in which these digital tokens are protected. More than this though, it raises issues related to security, infrastructure and ultimately, to how the law as it stands deals with this emerging industry.
According to Ian Jacobsberg, a partner at law firm Hogan Lovells SA, crypto-assets are currently not regulated in this country. He explains that in a position paper on virtual currencies issued by the SA Reserve Bank (SARB) in 2014, it confirmed that it does not recognise virtual currencies – including cryptocurrencies – as legal tender for its purposes.
“On this basis, the SARB does not oversee, supervise or regulate the virtual currency landscape, systems or intermediaries for effectiveness, soundness, integrity or robustness. Consequently, any and all activities related to the acquisition, trading or use of virtual currencies are performed at the user’s sole and independent risk and have no recourse to the SARB,” he says.
“The SARB has, however, recognised the need to regulate cryptocurrencies and in fact released a consultation paper on crypto-assets in January of this year, with a view to introducing legislation that will regulate the use of cryptocurrencies in South Africa.”
In the particular case of Quadriga CX, he indicates that the users may have a claim for damages against the company for failing to take adequate steps to secure their investments. All told, around 115 000 end-users have brought a lawsuit in Canada against the company concerned, although the proceedings have been stayed, pending the resolution of a number of preliminary procedural issues.
“In the end, the key challenge that is faced in creating laws to govern cryptocurrencies, is that the commodities in question, by their very nature, are continuously and rapidly evolving. Meanwhile, the nature of the legislative environment is such that it is extremely difficult for the law to keep up with the pace of developments in this technology,” suggests Jacobsberg.
Fadi Kanafani, MEA senior director for NetApp, indicates that one thing that is clear in relation to this case is that with the capability of today’s technology, no company should have to find out about an incident like this from the headlines.
“After all, with the right solutions in place, you should be able to predict, pre-empt and even prevent critical damage to your IT infrastructure and ensure minimal downtime for your organisation. A strong and secure cyber-security framework requires one to be proactive, while incident response management must be a shared responsibility with cloud service providers and the customer,” he says.
“Data retention and archiving, authentication and authorisation, data loss prevention and privacy regulations all demand appropriate security technologies within storage solutions that provide both transparency and accountability.”
There are cyber-security technologies that can help anyone protect their data, know how their data is being used, and minimise the risk that data will be lost in the event of an attack or breach.
“Meanwhile, storage solutions can collect and store cyber-related information, analyse data to drive actionable intelligence, and allow agencies to quickly recover from cyber-related incidents similar to disaster recovery,” concludes Kanafani.