We take security very seriously.
Here’s a Q&A with our security partner Digital.security of Econocom Group.
We want our investors to take a closer look at how we keep their funds secure, our operations stable and all information well protected. This Q&A will give you a good insight into how we are making it absolutely water-tight.
1. Tell us a little bit about Digital Security company.
As the name suggests, our corporation helps companies to permanently improve the way they protect their information and support them in securing their digital transformation and the opportunities offered by the IoT.
Therefore, at Digital Security, we capitalize on the talents we recruit. We are surrounded by a passionate, curious and highly skilled team, which is able to understand and to adapt itself to the emerging threats. The value of Digital Security is our ability to let our employees blossom and allow them to satisfy their curiosity in order to: better understand and grasp threats, permanently find new solutions and working methods for companies, and serve at best their cybersecurity needs.
2. And now the key question for our investors. How will you make Amon secure for investors (ICO phase) and consumers (operations phase)?
We were selected by Amon to independently assess their security at different levels :
- Consulting, design and security review of Amon’s ICO concept tokenisation;
- Ethereum smart contract security audit (best practices, source code, security checklists …);
- wallet security (design, authentication, storage …).
Every step of our missions was concluded with a dedicated report that includes technical recommendations, correction plans and an executive summary.
3. Data security is very important, especially for a Fintech company. How is Amon’s customer data secured?
Most companies won’t disclose details about security measures they implement. Our mission is to make sure Amon’s customer data security policy is in accordance with security state-of-the-art and best practices.
More about this may be disclosed directly under NDA by Amon’s team.
4. With evolving technologies and the Cyber Threats that come with it, how do you keep up with the changes?
Digital Security has a dedicated team called a CERT (https://www.digital.security/en/cert-ubik). Its main tasks are:
- To ensure the availability of an emergency team response 24/7;
- to stay current on the last threats in order to be well prepared;
- to rapidly detect new threats;
- to assess smart devices in its own test laboratory;
- to communicate with other worldwide CERTs.
A CERT is an operational entity in charge of threat intelligence and incident response on information systems and new technologies.
CERT brings together experts from different fields: telecom, IT and electronics, spectrum analyzers, RF receivers and reverse engineering platforms are namely required for assessing the security of connected objects and for implementing an incident response process within the Information Systems.
5. Recently the poor security of some exchanges and wallets has caused a lot of damage to the entire community. What is your point of view?
Indeed, there has been a lot of security incidents in the last few years in the blockchain industry. Developers and system administrators are now quite aware of the fact that security is important, but they are often unable to implement “security by design” because of preconceived ideas. Systems and applications still lack some major input validations and “defense in depth” measures and with the amount of money that is handled, attackers are encouraged to find vulnerabilities, that’s why dedicated security experts should take part in these projects.
6. As Security partners of Amon, what role does Digital Security play in ensuring stable/secure operations?
The golden rule to implement stable and secure operations is to make sure you have defined a strong security policy, set up key periodic controls, permanent controls, which will help you stay aware of your operational risks.
Digital Security’s role was first to make sure security basics were already implemented, to check that the full ICO process and following phases were compliant with state-of-the-art security measures, and finally to give permanent security controls recommendations. One of these will be an important bug bounty security campaign, which will come up soon.
7. Are ICOs in general taking care of cyber security in the current atmosphere?
A lot of ICOs are ephemeral and disposable and are just created to raise money without having a real, concrete and achievable project in mind. Those ICOs are not really interested in security and several of them have already been hacked in the past.
On the contrary, real projects backed by serious founders and investors take appropriate measures to secure their business by hiring dedicated security experts to audit their backend, smart contract and social media accounts, to ensure their successful operation.
8. What are the possible security loopholes that Fintech companies must guard against?
Fintech companies have to deal with increasingly frequent phishing attempts (fake emails, fake websites, fake social media accounts) that try to confuse small and medium investors. A new threat is the smart contract hacking: Ethereum is a pretty robust platform for smart contracts and ICOs. However, writing secure smart contracts is a new and difficult challenge for developers and there is still a long way to go develop new tools and techniques to protect smart contracts.
In the meantime, a lot of classic vulnerabilities are still exploited, like web, system and database attacks.
9. How vulnerable are companies and consumers in the blockchain space to cyber security threats?
Blockchain companies are very prone to hacking attacks because of their exploitation area. This latter is very wide: it goes from system, to web application, to smart contract, and usually handle large amounts of money. Moreover, blockchain smart contract code and data are nearly completely public, which ease attacks.
Along with the IoT sector, Blockchain companies are the biggest security challenges and still will be in the next few years.
Amon private ICO begins soon. Join the whitelist at amon.tech for FREE Amon Card + 25% Bonus tokens.