The insurance industry is building new policies to cover the booming crypto and NFT sectors. Earlier in April the UK government announced plans to authorise the use of stable coins as payment, with FCA regulation applying, plus an NFT developed and backed by the Royal Mint. Arch & Lockton at Lloyd’s, Breach Insurance, Marsh & McLennan and Verlingue are just a few of the brands already offering coverage. That list will expand as digital currencies and assets become mainstream, backed by the WEF, United Nations and many other globalist organisations.
For millions of us, paying for something using digital coins, or even a share of a piece of artwork, is really no different from tapping a card on a terminal. Numbers change on screen and…that’s it, transaction completed. But does the rise in NFTs and coins open up businesses to a new wave of cyber attacks and ransom demands, how can insurers educate their clients on this payment method?
Simon Viney, Cyber Security Financial Services Sector Lead for BAE Systems Digital Intelligence takes a look at the risks.
The use of cryptocurrencies creates a higher risk of cybercrime because they exist in decentralised and independent online environments, outside the rules of banks and governments. This makes them more accessible and therefore easier for cyber criminals to exploit.
Cybercriminals typically employ tactics such as cryptojacking, phishing, ransomware attacks, and extortion. They can seek to hide their identities while demanding ransom in cryptocurrency, and they can convert it into traditional currencies without ever being discovered – so it’s hardly surprising that cryptocurrency is now the preferred form of exchange in ransomware attacks.
With little or no evidence to lead back to the perpetrators, and with more and more companies accepting cryptocurrency, cybercrime has become a significant threat across the business world.
The best way a business can protect itself from this kind of cyber attack is to implement robust crypto-payments controls and cybersecurity protocols and practices. For example, considering crypto payments in the same way they would high value cash payments where the source of the funds may be criminal. The principles of know your customer and understand the source of funds are especially valid for such payments.
In addition, companies need to be extra cautious about which applications and sites they use. Hackers will usually give up if they’re faced with a high level of cybersecurity protection. Frequent testing of software systems and data security and regular risk assessments are crucial.
And it’s essential that businesses and individuals are trained to recognise these new and emerging security threats, with a strong focus on phishing simulation.
It’s good news that law enforcers are increasing their focus in this area, and there have been a number of recent operations to disrupt and arrest operators.
But these criminals will evolve their tactics and look for more ways to make it more difficult to track and recover funds, so it’s important to do everything possible – constant vigilance, updating protection, training and collaboration – to try and remain one step ahead.