Episode 332 – Cybersecurity in the crypto world


Jane Lo, Singapore Correspondent speaks with Pasi Koistinen, Chief Information Security Officer (CISO), Coinhako

Pasi Koistinen is the Chief Information Security Officer (CISO) of Coinhako, Singapore’s market-leading crypto platform. Pasi drives Coinhako’s information security policies and is responsible for developing and establishing a world-class security framework to prevent, assess, and tackle internal and external threats to the company.

Previously he co-founded two cybersecurity companies, Cyber Intelligence House in Singapore and Silverskin Information security in Finland. The companies provide threat intelligence and penetration testing services. Pasi has worked as CISO, and head of security in several companies during his 23 years tenure in the field of cyber security.

In this podcast, Pasi shares his views on the cyber threat landscape in the crypto world.

He points out that the crypto world is not immune to risks observed in the banking world, such as scams, money laundering, and “old school” malware attacks to steal funds of clients.

He also notes that while attacks on crypto wallets and exchanges are notable, threat actors have been targeting the “DeFi” (decentralised finance) area within the crypto world. By exploiting, for example, design and key management weaknesses, and price discovery mechanisms flaws, threat actors have caused significant losses.

While the crypto world is facing both traditional “old school” and emerging threats such as those specific to blockchains, Pasi reminds cyber defenders that cyber security is a risk management process requiring a multi-disciplinary approach. He cautions against assuming that “defense always succeed everywhere”, and advises the importance of identifying the company’s critical assets, and building layers of defenses around these assets

With “people and endpoints being the number primary targets of attacks”, he also advises users to think about how they wish to secure their personal crypto wallets and endpoint devices such as mobile and laptops.

Most importantly, he emphasises that the evolving crypto risk landscape means that “what is considered secure today may not be true tomorrow”.

Recorded 27th June 2022 Singapore Time 11am