Ahead of Cyberevolution, The Paypers interviewed Max Imbiel, CISO of Bitpanda, about how the company is making investing accessible to everyone while ensuring safety and security in the digital assets space.
What is Bitpanda for those who may not be familiar with it yet?
Bitpanda is a European crypto platform, offering over 480 digital assets to buy, sell, and trade to achieve our goal of making investments accessible and affordable to everyone.
Crypto, as an asset class, is becoming increasingly demanded and thanks to new regulations (MiCAR, DORA, etc.) also perceived as a more stable and secure means of investing and is thus getting more widely accepted. In regard to traded assets, we see that only around 30% are Bitcoin and Ethereum, while the rest is on the various other assets. This showcases a strong diversification in investment and trading on our customer base.
The main challenges from a cybersecurity perspective are of course to keep all those funds and assets highly secure and only accessible to the people who are eligible to access them. Consumers in general are facing social engineering attacks, which are targeted at a personal level, trying to get them to move funds out of their secure wallets to external ones. This is not limited to specific sectors or industries and covers both end consumers as well as businesses.
The fraud attacks on customers are getting increasingly professional, targeting them at very personal levels. Also exploits on new vulnerabilities are getting more and more sophisticated, chaining various attacks together. So, the efficiency with which these attacks are taking place and are being prepared is gaining more traction. Furthermore, the accessibility of these methods is getting easier, with certain AI features being open and having no guardrail in terms of malicious usage.
One specific example we can see in our security industry, leveraging AI heavily, is 'Pig Butchering'. This type of fraud aims to get into a close relationship with the victim, for example through intimate messaging and sharing of similar interest. Once the bond is established, the fraudsters will then start to propose certain investment schemes to the victim, telling them to invest in certain assets and showing them false evidence of how their investments are getting strong interest. This is of course falsified evidence and when the victim has basically no more savings or money to invest, they will drop them and pull all assets away from them completely. AI is supporting the fraudsters here with a more personalised approach to the victims, using the technology to tailor more affectionate responses for the victims and making them fall for the scam more easily.
Implement a culture of risk awareness, security best practices, and failure tolerance. By supporting risk awareness, your employees will be able to identify any unusual behavior or potential incidents faster and they will also know how to report them fast and with precise details. Security best practices should be known by everybody in the organisation to have a widespread and acknowledged baseline that is applied by everybody. This will also help in stopping people from circumventing processes. And failure tolerance should be a given standard in any company. We as humans will always make mistakes, so how we treat those and learn from them is one of the most crucial points in how we can be more resilient. Be aware of the fact that attacks happen all the time and are affecting everybody. Focus and prioritise a preventive, rather than detective and responsive approach only.
We’ve just recently released a blog post on this perception on our homepage. We partnered with and assessed the reports of various industry-leading Blockchain analysis providers and companies working in the anti-fraud investigation industry. In stark comparison to FIAT, the percentage of crypto transactions linked to illicit activities was just 0.34% in 2023, down from 0.42% in 2022. The narrative that cryptocurrencies primarily serve illicit purposes does not hold up against the robust, transparent, and traceable nature of blockchain technology.
About Max Imbiel
Max Imbiel is a seasoned Cyber Security expert, the Global CISO for the leading European crypto platform Bitpanda and the driving force behind ‘ahead Security’, specialising in CISO activities, comprehensive consulting, and bespoke training programs aimed at bolstering cyber resilience and compliance. Max's notable leadership roles include Head of Security Architecture at Sky Deutschland, being the Deputy CISO at UniCredit Bank AG as well as Deputy Group CISO at N26. Now as Global CISO at Bitpanda, he leverages his vast experience to ensure unparalleled security, resilience, and regulatory compliance for the crypto broker's cutting-edge technology and operations.
About Bitpanda
Bitpanda was founded in Vienna in 2014 and is the leading European crypto platform. With a selection of over 2,800 digital assets, including more than 480 crypto assets and numerous stocks*, ETFs*, precious metals, and commodities, the Austrian fintech unicorn offers one of the most comprehensive ranges of digital assets available in Europe. Already trusted by over 5 million users, and dozens of institutional partners, Bitpanda holds licences in several countries and has a proven track record of working with local regulators to keep assets safe and secure.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now