The international cybercrime prevention company Group-IB and the Swiss insurance broker ASPIS SA project - CryptoIns it platform-have developed a scoring model for assessing the cybersecurity of crypto-exchanges. The product allows you to rank the exchange on the degree of protection from external influences and calculate insurance rates of cyber risks for their customers.
The scoring model based on the assessment of Group-IB and CryptoIns specialists will be used in the calculation of insurance tariffs for clients of crypto-exchanges. According to Group-IB, the damage from targeted attacks on the crypto currency exchange in 2017 and 2018 the first nine months of the year amounted to $877 million. During this time it was hacked at least 13 trading platforms.
Security assessment takes Group-IB. Several indicators are taken into account: the level of technical security of the infrastructure, the reliability of key storage, the level of protection of passwords and personal customer data, the ability to withstand potential cyber threats, etc. Evaluation is made both on the basis of open data and with the help of specialized tests (for example, penetration from using social engineering techniques). In addition, an “incident map” is being built, consisting of factual information on all attacks on the stock exchange, attempts at fraud, data compromise, etc. For their part, CryptoIns experts evaluate the dynamics of trading volume, commissions, quality of traded assets and some other indicators.
On the basis of the data obtained, points are calculated that reflect the level of risk of the exchange in terms of potential damage from the activities of cybercriminals. The first group includes reliable exchanges that are least exposed to such risks. To the last, fourth-the most vulnerable. Based on this classification, the insurance rate for the customer is calculated. Insurance covers the risk of complete termination of the crypto-exchange as a result of hacker attacks and fraud on the part of employees and founders of the crypto-exchange. The insurance certificate is issued by a licensed insurance company Selecta Insurance and Reinsurance Company (Caribbean) Limited...
Source: Kommersant.