An Interview with Coinhako’s CISO Pasi Koistinen

Recently, we caught up with the newly appointed Chief Information Security Officer of Coinhako, a leading cryptocurrency exchange platform based out of Singapore. We decided to ask him a few questions about his latest role and his view on the crypto industry.

Q: Congratulations on your new position, albeit a bit late. To start with, can you tell us more about what made you choose Coinhako, or why Coinhako chose you?

A: The move to the crypto space was a natural one as I always had a personal interest in the fast-growing digital assets industry. Coinhako was a good choice because it is one of the longest-standing digital asset companies in Singapore. Also, I felt that Coinhako having the in-principle approval as a DPT service provider in Singapore was a good indicator of their reliability.

Q: Can you please tell us more about your experience before Coinhako?

A: For the last 22 years, I have been working in the cybersecurity industry and have held various positions such as CISO and lead consultant. Also, I am a cybersecurity entrepreneur and co-founded two cybersecurity firms over the course of my career.

Q: For those who aren’t aware, can you explain the role of a Chief Information Security Officer? What are your responsibilities at Coinhako?

A: My role as the CISO is to organize and manage cybersecurity activities across the whole company, and communicate related risks to stakeholders. I also act as the head of the security function and work in close contact with other business units spanning legal, compliance, programming, and user ops.

Q: We guess that you have already taken stock of the situation at Coinhako, how was it before you entered the picture, and what are the changes you are bringing to the organization?

A: As the new CISO, I am excited to bring to Coinhako my extensive experience from various industries and different companies. Part of my plan includes growing our cybersecurity capabilities through refining and adopting new technologies and protocols. As the company is scaling up operations, the plan also includes increasing the security team’s headcount, which will be instrumental in expanding our company’s technological capability and maturity.

Q: What are the usual threats faced by Coinhako, and other crypto companies in general?

A: The threats we face transcend beyond our company – crime syndicates generally have the same modus operandi for most attacks on other exchanges. The typical threat from a cybercrime syndicate is illegally obtaining assets from end customers through phishing attacks. Threat actors also target the exchanges by trying to infiltrate the systems via exposed systems or by hacking the employees. From our experience, the prime goal of such attacks is to steal customer data and the private encryption keys of the exchanges. Over the past months, we have seen a spike in such attacks. Mitigation of these threats requires a layered defense approach. As such, having a robust security framework consisting of multiple defensive controls to prevent, detect and react to attacks is especially important in ensuring the integrity of our platform and protecting our users’ assets.

Q: How are users impacted by these threats and as a user, what is my threat exposure in general while dealing with cryptocurrencies and transacting on exchange platforms?

A: Though the nature of the crypto economy is quite different from traditional finance, the handling of digital assets is actually not much different from internet banking. As such, it is not surprising that cybercriminals have been targeting users who handle large amounts of value. With the increasing numbers of scams and phishing attacks, it is advisable to exercise extra caution, regardless of the amount of value.

Q: Would you like to offer some tips to our readers about protecting themselves from scams, hacking or other threats and circumstances that may endanger their holdings?

A: The first rule of thumb is never click any message, link or file on the same device that you use for managing your digital assets. It is good practice to use 2FA for authentication but don’t rely on it to save you from a mis-click if a phishing attack is successful.

Q: We have heard in a few reports that there has been a surge in cyberattacks since the beginning of the Russo-Ukraine conflict. Has the situation impacted Coinhako in any way?

A: We have not worked with and supported any designated individual or entities specified by the sanctions program, or have known sanctions exposure, as we have been fully complying with all applicable sanctions regulations.

Q: What role do cryptocurrencies play in cybercrime, and how do you think it can be prevented?

A: Due to the anonymity of crypto, cryptocurrencies have been one of the preferred payment methods for cybercrime. However, they represent only a small percentage of the entire digital asset industry as cash is still the go-to medium for illicit payments. To prevent the proliferation of cryptocurrencies as a means of payment for cybercrimes, it will require international cooperation of policing agencies through UNODC and Interpol. With the maturity of the crypto space, coupled with the transparency of blockchain payments, such policing agencies are becoming more knowledgeable of the workings of crypto and getting pretty good at investigations. As responsible operators in the crypto space, it is also imperative for crypto exchanges and platforms to work in tandem with authorities to mitigate such criminal activities.

Q: What are your thoughts on the future of cryptocurrency?

A: The last two years have seen cryptocurrencies reaching mainstream consciousness. I posit that their adoption curve is just beginning though. We will continue to see extensive growth in value and adoption in both B2C and B2B. Going forward, I believe there will be continual structural demand for crypto and they will eventually play a significant role in the global financial ecosystem.

Q: Anything else you would like to add?

A: I think cryptocurrencies are a great learning opportunity for everyone. They are effectuating a radical change in the financial ecosystem and beyond, and I believe crypto will modernize the global financial system like the Internet did to the exchange of ideas and information.

 

Source: https://bitcoinist.com/an-interview-with-coinhakos-ciso-pasi-koistinen/