Paul Fan, CYBAVO: “It is much better to focus resources on preventing incidents than having to recover from them”
As more people invest their financial savings into digital assets, cryptocurrency exchanges need to ensure the highest level of security.
Since a significant part of the population lost their jobs because of the pandemic, many turned to trading and investing in cryptocurrencies to get by. However, the lack of knowledge and appropriate security measures meant that new crypto owners and exchange platforms quickly became attractive targets for hackers. Unfortunately, just like in the real world, funds can be stolen even from institutions that were supposed to keep them safe.
To discuss the future of blockchain and the cryptocurrency landscape, we reached out to Paul Fan, CEO and Co-Founder of CYBAVO – a company providing security for the new environment of digital assets.
How did CYBAVO originate? What has your journey been like since your launch in 2018?
Throughout 2016 - 2018, there was a big increase in the number of cryptocurrency exchanges across Asia, especially in China, Korea, Japan, and Taiwan. Unfortunately, few of these exchanges had enough knowledge or security systems in place to keep their users and their funds safe, therefore many got hacked and had their funds stolen.
CYBAVO got started with blockchain security by helping these exchanges perform forensic audits after they were hacked. They wanted to know how the private keys were stolen and how could they do better in the future? My Co-Founder Tim and I even received requests from law enforcement to help perform incident response. Eventually, we did this so many times that we realized the best way to help was to build an infrastructure they could use that would ensure the security of private keys. With our team’s combined 100-plus years of experience in cybersecurity, we are confident that the platform we have developed delivers a secure and robust digital asset management platform.
Can you tell us a little bit about what you do? Which industries and issues do you focus on?
CYBAVO is a blockchain cybersecurity company. We deliver a secure digital asset management platform for enterprises like cryptocurrency exchanges, banks, blockchain, Dapp developers, and other institutions. Recent trends have shown that many industries are shifting their information infrastructure onto the blockchain. Even governments are building Central Bank Digital Currencies (CBDCs), which use the same technology as blockchain and Cryptocurrencies. This technology is called Public Key Cryptography (PKC), and at the heart of this technology is something called a Private Key. PKC is an approach to encrypting private data in a way that anyone with the public key can encrypt it, but only those who hold the private key can decrypt it. So on a blockchain, the public key is a user’s account, and the private key is what controls the account.
The key issue we focus on here at CYBAVO is how do we empower institutions to securely manage private keys? Many times, the corporate officers that have the right to approve transactions do not have the proper cybersecurity training to keep the private keys secure. Conversely, trained IT and security staff can safeguard the private keys, but how do we eliminate the possibility of these private keys being used to execute unauthorized transactions? This is one of the core issues that CYBAVO addresses.
You take great pride in your CYBAVO VAULT solution. Would you like to tell us more about it?
As mentioned earlier, CYBAVO’s platform was designed and built by a team of cybersecurity veterans with over 100-plus years of industry experience combined. CYBAVO is built with a unique mechanism and combines Multi-Party Computation (MPC) technology, NIST-certified encryption algorithms, and a custom security-hardened infrastructure to eliminate the reliance on a single private key. This facilitates the secure generation, management, and operation of multiple wallet instances, for multiple users, across an organization.
Our flagship product, CYBAVO VAULT, leverages a unique model that separates the authority to approve transactions from the responsibility of securing the private keys:
● Users can authorize transactions on their mobile phone via a dedicated app, which allows them to use the private key without being able to access or store it.
● Private keys are kept in the Secure Key Store, which also governs the transaction policies and user roles.
● Finally, there is a Security Seal that mediates traffic, verifies user integrity, and checks policy enforcement before broadcasting transactions to the blockchain.
In which ways has the pandemic influenced the crypto landscape?
If we take a look at how Bitcoin’s value has evolved over the past few years, the answer is very clear. At the start of the pandemic, Bitcoin’s price was around $7,500. Since then, it has hit an all-time high of $69,045 in November of 2021. This growth was fueled, in large part, by the unpredictability of traditional markets at the start of the pandemic and customers becoming more aware of the shortcomings of giving centralized entities full control over their finances. Additionally, with millions of people around the world under lockdowns, cryptocurrency’s ability to be traded from anywhere and at any time made it much more accessible to investors than other options.
What are some of the main security threats surrounding digital assets that new owners should be aware of?
For most users, the way they access and manage digital assets is via cryptocurrency exchanges or other third-party services. As these organizations have to safeguard user funds, it’s important to look at what measures they have in place to protect their customers. For these institutions, some best practices that should be in place include:
● Integrate with systems that enforce security and risk control settings
● Implement separation of roles and duties to prevent internal theft
● Implement Multi-Factor Authentication (MFA) to prevent their users’ identity theft
● Have proper insurance coverage in place in case funds get stolen
How do you think the digital asset landscape is going to evolve in the next few years?
The possibilities for the implementation of blockchain technology across various industries, specifically cryptocurrency, is endless, so it may be difficult to pinpoint what will happen in the longer term. For the next few years, however, with large institutions opening up to diversifying into cryptocurrencies, the demand for comprehensive security infrastructures and custody solutions for digital assets will greatly increase. At the same time, as regulations surrounding digital assets become increasingly clear, we can also expect to see a rise in the number of compliance services and technologies. Of course, we will also see the development of many new and varied applications on existing and new blockchains.
Cryptocurrencies will become more widely accepted for general users, and we will see massive onboarding on DeFi, NFT, and GameFi platforms.
What misconceptions surrounding the crypto space do you run into most often?
There certainly are misconceptions and concerns surrounding the crypto space. One big issue is that with million-dollar crypto hacks regularly making headlines, many believe that cryptocurrencies aren’t secure. In fact, the core of cryptocurrencies – cryptography and decentralized networks – is actually very secure. But some of our “entry points,” like cryptocurrency exchanges, may have vulnerabilities that can be attacked.
There are, however, many ways and many tools available for institutions to keep their assets safe, whether it be using effective and reliable encryption technology, setting up a robust security infrastructure, or creating workflows to reduce internal theft. The trick is to correctly implement the right technology to ensure that access to these digital assets on the blockchain is safe and secure.
In your opinion, what cybersecurity measures should be a must for companies and individuals nowadays?
Hacks and cybersecurity weaknesses can come in many forms, so it is of utmost importance to have comprehensive cybersecurity measures in place. If I were to select two of the top cybersecurity measures that companies and individuals should take, I would focus on:
● Employee and user education: It is much better to focus resources on preventing incidents than having to recover from them. Therefore, it’s imperative that organizations provide employees with proper cybersecurity training and follow through on implementing the organization’s cybersecurity guidelines.
● Multi-Factor Authentication: Reports have shown that a large number of hacks nowadays take place due to non-existing or poorly implemented MFA. Adding this extra layer of authentication is one of the easiest but most useful cybersecurity measures a company can invest in, and should definitely be a top priority for institutions.
Share with us, what does the future hold for CYBAVO?
The blockchain and digital asset landscape are shaping up to be very exciting. Once governments set clearer expectations and regulations with regard to digital assets, I expect to see even faster growth and wider acceptance of the crypto industry. For CYBAVO specifically, these regulations will also help us provide an even more complete and comprehensive platform for our customers. As an example, our solution offers a built-in Anti-Money Laundering (AML) feature. However, as regulating bodies now provide clearer guidelines, CYBAVO has further improved this feature by offering our customers integration options with leading AML solution providers. Based on our team’s insights and analysis of current trends, we also have new products in the pipeline that we will deliver to clients this year. CYBAVO will continue to grow and evolve as the blockchain ecosystem thrives while remaining steadfast in our mission of protecting and securing digital assets for institutions.