With the digital economy boom in the last couple of years, digital assets have also been thrust into the spotlight. It includes resources that are issued and transferred using distributed ledger or blockchain technology — from cryptocurrencies and non-fungible tokens (NFTs) to central bank digital currencies (CBDCs). With the increased adoption of mobile/e-wallets, it is predicted that by the end of 2025, nearly 60% of the world will be using digital assets. In addition, with a growing acceptance of cryptocurrency as a valid form of payment, companies like Tesla, PayPal, Xbox and Amazon, are fueling the record surge of digital assets.
But as digitalization in the financial services industry accelerates, financial fraud and hacks — like the recent repeat attacks against Cream Finance — are also on the upswing. Digital assets are associated with heightened levels of volatility due to speculation as well as regulatory risks and general skepticism. The rising adoption of cryptocurrencies has also been linked to ransomware attacks. Cryptocurrency transactions are inherently less regulated and not governed by a central authority, making it a conduit for criminal activity around the world.
With Asia warming up to digital assets, attack tactics are only going to become more difficult to detect and will grow in sophistication. Is the region prepared to counter fraudsters who are more emboldened in their nefarious ways? What is the way forward? Regulation, technology and organizations need to work in tandem to stay one step ahead.
Regulations on the rise
While cryptocurrency could soon be recognized as a mainstream currency, it will be long before it becomes a mainstream payment option. By their very nature, cryptocurrencies are freewheeling, ignoring the traditional conventions that assets play by — from borders to ties with specific agencies within a government. This presents a problem to policymakers who are used to assets with clear-cut definitions. The key barriers to this are confidence and trust — vital concerns for anyone who uses cryptocurrency.
Additionally, with CBDC adoption rising, at least 81 countries are currently pursuing CBDC development. China has already made the digital yuan a public priority and has an ambitious goal of competing with the U.S. dollar by creating a digital Asian alternative. As more countries prepare to launch their own CBDC, we can expect an exponential number of innovations to emerge from this digital finance arms race.
It will be imperative for the financial services sector to instill confidence that it is guarded by controls adhering to industry regulations and guidelines. For instance, the World Economic Forum (WEF) released a toolkit for policymakers regarding the creation of CBDCs, and the Cryptocurrency Security Standard (CCSS) has put forth a standardization of the security techniques and methodologies, among other guidelines that are being employed globally. Locally, governments are also starting to act. In 2021, Singapore passed a bill to tighten regulations on virtual payment service providers dealing with cryptocurrency.
However, to ensure that policies and guidelines remain robust in the long run, regulations must be informed by actual use cases and consultations with technology innovators. This will only further reinforce important objectives to drive economic inclusion, competition and growth.
AI and digital assets should go hand-in-hand
As regulations start taking shape, the financial services sector also needs to take a proactive role in protecting digital assets. While the financial services industry embraces digital assets and adopts new technologies, bad actors are also following suit and their attack surfaces are expanding exponentially, by the second.
To accurately calculate risk and threats, several time-varying signals will need to be analyzed. Analyzing and improving cybersecurity posture is not a human-scale problem anymore. Solutions powered by advanced artificial intelligence and machine learning will be important, especially since bad actors are using those same technologies to launch their attacks. Moreover, as digital assets like cryptocurrency and NFTs utilize blockchain technology, it means that there are more markers to help identify fraudulent activities.
Blockchain and AI have evolved into leading technologies that power innovation across many industries, working in unison to build and organize immense databases, strengthen cybersecurity protocols, and perform tasks in a fraction of the time it takes humans. However, when deploying AI, the financial services sector needs to ensure that there are robust checks and balances to secure data and information and build trustworthy AI systems.
Integrating AI and cloud security solutions into cybersecurity systems will be crucial in bringing detection and prevention systems to the next level. A successful security-driven networking approach will marry AI-driven security systems with modern threat intelligence and networking technologies to create a unified system.
Culture-first: modernizing legacy systems with ‘DevSecOps’
As digital assets continue to flourish, it will create a fertile fintech ecosystem for experimentation and innovation. In today’s digital-first landscape, financial services companies are in a constant race to innovate. There’s little room for error, especially with security postures. However, legacy applications and infrastructure are straining traditional IT resources, leading to challenges with integration and heightened cybersecurity concerns.
Security, traditionally, has been disjointed from software development and security tests would take place late in the production cycle. Having security as a core process throughout development would ensure loopholes and weaknesses are exposed early on so that remediation actions can be implemented efficiently.
For financial services companies to effectively eliminate silos, identify vulnerabilities early and provide better, faster delivery through collaboration and teamwork within the organization, also known as DevSecOps. Only when security is a core component of the development journey, FSIs will be able to effortlessly tweak the rules that guard the technology and remain flexible in their approach toward future developments and challenges. Moreover, with a DevSecOps culture in place, it can ensure that regulations and necessary checks and balances are built-in to uphold the integrity of any financial services industry systems.
Simply rolling out new technology to keep up with emerging trends without understanding the underlying systemic issues places the financial services sector in an extremely risky position. Modernizing legacy systems doesn’t necessarily mean overhauling and implementing wholly new core technologies all at once. On the other hand, many well-established financial services companies have also been resistant to change and hesitant to integrate digital assets. This has prompted younger customers to make the switch to alternatives like neobanks that understand their needs and support them in this new pathway to building wealth.
As Asia warms up to cryptocurrency and digital assets and starts investing in digital assets, we need to pace ourselves to stay ahead of nefarious actors who are ready to pounce on every vulnerability.