Securing digital assets against future threats

Two major technological advances—AI and quantum computing—are driving significant innovation across industries. Unfortunately, the cybercriminal ecosystem is no different.

Cybercriminals’ experimentation with AI, the threat quantum computing poses to encrypted data, and the rapid adoption of digitized value are driving massive changes, says Ian Rogers, chief experience officer at Ledger, a secure signing platform provider.

“We’ve lived through the ‘once-in-humanity’ digitization of all information, and now we’re living through the ‘once-in-humanity’ digitization of all value,” he says. “And I will say, maybe we all have a little whiplash from the Internet, but you ain’t seen nothing yet.”

The ubiquity of AI and continued advances in quantum computing will change the security landscape and what companies and consumers need to protect their digital assets. Quantum computing poses challenges for the cryptocurrency ecosystem, especially for areas that have not been updated to use post-quantum cryptography, while AI lowers barriers to creating artificial identities and persuasive fake information.

effect? Unless companies and digital asset owners adopt more stringent security, they face more advanced risks and threats to their portfolios.

Interruption, but when?

As the mentorship scandal shows, AI is already a threat to those using the technology. A variety of other AI-enhanced attacks have also emerged. Attackers use AI code generators to create variations in their tools, which often successfully evade malware detectors and antivirus software. In one example, a cybercrime group called GreedyBear. Created 150 wallet extensions for Firefox A malicious campaign using AI code generators stole more than $1 million from users.

Increasingly, AI is being used in companies to masquerade as executives or create artificial identities for fraud. The attacks are often very convincing, even stupid Tech-savvy victimsCharles Guillaume, Ledger’s Chief Technology Officer, says:

“As a user, it’s very difficult to know whether you’re interacting with a human or a bot,” he says. “How do you know you’re talking to me today and I’m a human? Because it’s already easy enough for an AI to impersonate me.”

The threat posed by quantum computing to encrypted data is real, but it is still in the future. For example, it is likely that a quantum computer capable of storing a million qubits would be required to break the public key encryption commonly used today. However, even with rapid investment in research and development, a practical quantum computer will be elusive. Usable in the next decade or two.

However, even though practical quantum computing may not be here today, sensitive data needs to start being protected now. Far-sighted crypto thieves—not to mention nation-state threat actors—can collect high-value data today in the hopes that the data will still be valuable when it can be decrypted in a decade. Scheme, “known as”Harvest now, decrypt later.” means that post-quantum encryption needs to be used to protect today’s most valuable data from the future development of a practical quantum computer.

“Assessing risk is not that easy,” says Guillemet. “However, the good news is that we have a solution to this threat.”

The entire cryptocurrency ecosystem needs to adopt post-quantum cryptographic algorithms to protect asset owners from these future risks. The EU and the US are already moving forward. Quantum-resistant crypto is needed by 2035.. Ecosystem companies, such as Ledger, are building tools to make it easier to adopt post-quantum security and prove the authenticity of digital assets.

The next generation needs to be identified.

With these rapidly developing technologies threatening ecosystems, the boundaries between identity protection and asset protection are becoming blurred. Securing both identity and assets has become imperative. As the trend toward digitization of all values ​​continues, cryptocurrency technology providers need to innovate in both identity and privacy. Security alone is not enough; Consumers and companies also need better identity and privacy.

Self storage and permissionless pricing are essential for the future, but tighten security. Cryptocurrencies are predicated on the principle of self-custody—that is, a user, not a third party, holds the keys that store them in a digital wallet—and require no authorization to use them. However, these characteristics also mean that, if stolen, that value is irretrievably lost.

These attributes mean that crypto-security providers need to continue to innovate, Rogers says.

“If we’re doing cryptocurrency, we need self-custody, and if we have self-custody, we need security,” he says. “It doesn’t matter whether it’s on the consumer side, the organizational side, or the government side – someone is going to hold those tokens, and it’s very hard to steal a billion gold bars, but it’s easy to steal a billion cryptocurrency.”

When a third party, such as a cryptocurrency exchange, is the custodian of an owner’s digital assets, proof of identity is critical. Guillemet says that with AI able to spoof users or steal users’ digital identities, and quantum computing potentially undermining some legacy cryptosystems, identity also needs well-tested security.

“Cryptography is the answer,” he says. “If I can authenticate myself and verify my content, you’ll have a strong guarantee that you’re talking to me and that I’m a human being.”

Securing the next generation economy

A major difference between digital assets and physical assets is that bits are easily copied, while atoms require more effort. Thus, security decisions must be made today to prepare for tomorrow’s digital-based economies. As a start, post-quantum encryption algorithms must be adopted at all levels of the cryptocurrency ecosystem, and at least a decade before a viable quantum computer is built.

Security is a chain, and it is never stronger than the weakest link. Most of the time this link is the user, which is why the de facto mantra of cryptocurrency marketplaces is “do your own research.” Security technology needs to be simple and train the user by default, so they can make the right decision and avoid signing their assets.

Cryptosecurity firms need to innovate in both security and user experience to help consumers make the right decisions. Modern hardware wallets display important information on secure screens before allowing the user to sign a transaction, such as Ledger wallets’ transaction check feature, which often helps alert the user if something appears amiss. The user does not have to try to understand what type of transaction they are signing, but they are still protected.

Another ledger initiative, known as Clear the signature.The goal, says Guillemet, is to present all relevant details of a transaction before the asset owner signs the contract. “We’re working on our next-generation devices, and we’re making sure they’re going to be post-quantum crypto ready,” he says. “We will carry this ability to new generations.”

He added that cybercriminals do not rest and are constantly innovating. Although the timing of the arrival of certain threats is uncertain, the fact that they will arrive is not. Almost every consumer relies on their smartphone for security, but the security of these devices may not be enough in the future. Guillemet emphasizes, “So we are talking about the next generation, but I think it is already here and we cannot wait. This is what we need to prepare for the future.”