Security and confidentiality in the era of digital economies has become the number one priority, the cornerstone of enterprises all over the world. According to Gartner, 100% of large enterprises will be asked to report on cybersecurity and technology risks to their board of directors at least annually by 2020. Security and risk management is becoming a must, an investment that makes clients feel confident in their future.

“The thing that kept me awake at night [as a NATO military commander] was cybersecurity. Cybersecurity proceeds from the highest levels of our national interest ... through our medical, our educational, to our personal finance [systems].”

Admiral James Stavridis, Ret.
Former-NATO Commander

IDC estimates that in 2019, spending on global security solutions will exceed $101.3 billion, with banking, discrete manufacturing, and federal and central government investing more than $30 billion combined. Gartner encourages enterprises all over the world to scale IT security to build trust and resilience. Forrester Research reports, “your security budget needs room to surge.” Still wondering what to do?

“Security leaders exist in a universe where seemingly infinite external factors can derail the most disciplined budgets.”

Forrester Security Budgets 2019: The Year of Services Arrives

The failure to manage digital risks leads to sabotaging digital businesses and exposing organizations to potential impacts far beyond simple opportunity loss. This is a technological race where the opposing parties are constantly improving their instruments. In this everlasting race, the party that is most aware and aggressive wins — at least for a while.

“Just like the bears and bulls are constantly struggling on the markets, so too are hackers and security departments battling behind the scenes. The security of a business is the security of the clients. The security and confidence of the clients is an investment that provides enormous returns in the future.”

Anton Kravchenko
CEO Xena Exchange

Xena Exchange, a digital asset exchange from London, has announced its plans to invest $5 million in security.

“Since the very beginning, Xena Exchange has built a comprehensive threat model to identify and address all relevant risks as well as priorities to keep security efforts aligned with the development of platform features, the user base, and the asset volume growth.”

Anton Galchenko
CTO Xena Exchange

Currently, all security measures necessary to protect clients and assets are already in place at Xena Exchange, including infrastructure protection and monitoring services, secure data storage, strictly restricted and auditable access policies, and geo-distributed cold-wallet custody with protection against internal fraud and key loss, to name a few. Nevertheless, the malicious forces never sleep, and the only way to keep the protection level high is to constantly evolve the threat model and improve the measures against the existing and emerging security risks.

Xena Exchange divides its security efforts into three main categories – external security services, infrastructure security, and client security – taking into consideration the experience and best practices of the leading enterprises in the fields of banking, investment, and trading.

One widely used practice in external security services is the so-called “bug bounty program,” which engages security researchers from around the world to investigate and report security vulnerabilities missed by internal procedures and penetration tests. Xena Exchange runs regular penetration tests on new features and infrastructure components to ensure the absence of common security vulnerabilities, but the bug bounty program is still a must when it comes to ultimate security.

“To improve the security of their connected systems, every corporation should have a vulnerability disclosure policy that allows them to receive security submissions from the outside world.”

Jeff Massmilla
Chief Product Cybersecurity Officer, General Motors

In addition, the company intends to actively engage threat intelligence services that provide crucial information for security officers to assess the actual threat landscape, evolve their threat model, and address emerging threats before they become risks, as well as conduct security audits for critical software code and smart contracts to prevent most vulnerabilities in the first place.

“We put significant stress on security training for exchange personnel, ensuring a high level of awareness regarding actual threats and the measures against them.”

Anton Galchenko
CTO Xena Exchange

Infrastructure security solutions aim to improve protection against hacker attacks, confidential information leaks, and various reputational and financial risks. Xena Exchange plans to build its own Security Operation Center (SOC) – a centralized unit that deals with security issues on an organizational and technical level – and integrate the following solutions to strengthen the platform’s security:

  • Security Information and Event Management (SIEM) – a set of tools and services offering a holistic view of an organization's information security
  • Privileged Access Management (PAM) – a solution that improves the security, control, management, and monitoring of access to critical assets and provides an additional layer of monitoring for any suspicious activity
  • Anti-Advanced Persistent Threat (APT) Solutions – solutions that address the most sophisticated attacks undetectable by any single security measure

Crucial in the digital asset world, custody infrastructure requires the most attention: The more assets are under the platform’s control, the stronger the protection it needs. The company plans to constantly evolve its custody infrastructure to address the requirements of  institutional-grade clients, at the same time working on decentralized custodian solutions to allow clients to keep their assets under their own control.

To increase the account protection of its clients, Xena Exchange plans to implement risk-based authentication solutions that check the client environment (e.g., device and browser) and behavior (typing speed, mouse-moving patterns) with special artificial intelligence (AI) algorithms to ensure client authenticity, preventing account takeover and malicious software (malware, browser plugin) activity. Anti-fraud solutions perform real-time transactions and trade-scoring to prevent market manipulation and ensure compliance to trading rules.

In addition, the company considers anti-phishing services a must-have in their security strategy. These services perform constant monitoring of online resources (web, social networks, messengers) in order to detect phishing attacks targeting Xena Exchange clients, including fake websites, emails, and actors, and acts correspondingly to eliminate such malicious activities.

“Security is one of the essential demands of users. The fact that Xena Exchange plans to invest $5 million into the security and confidence of their clients is hardly amazing on the traditional market but is a great step forward for the entire world of crypto.”

Ilya Sachkov,
CEO IB Group

According to the University of Maryland, there is a hacker attack every 39 seconds. Juniper Research reports that the average cost of a data breach will exceed $150 million in 2020, and only 38% of global organizations claim they are prepared to handle a sophisticated cyber attack. Considering this, the answer to the question of whether security is an investment seems to be obvious. It absolutely is an investment.