FTX’s fallout late last year shined a spotlight on the risks of lacking security controls.
A Timeline of Irony
October 28th, 2021 – A “wise” man, named Matt Damon uttered the phrase, “Fortune Favors the Brave” while ACTING in a commercial for the then rapidly rising cryptocurrency exchange known as FTX. Other well-known celebrities like pig-skin-flinging Tom Brady and business magnate Kevin O’Leary also heeded this call to invest with FTX.
November 11th, 2022 – FTX, one of the world’s largest cryptocurrency exchanges, filed for bankruptcy. This news sent shockwaves through the cryptocurrency community and raised concerns about the stability and security of the industry.
December 13th, 2022 – FTX’s newly appointed CEO, John Ray, testifies in front of the House Financial Services Committee, and he did not mince his words. Ray described the company as having committed “classic embezzlement”. This consisted of unsatisfactory software usage, margin calls (Using other people’s money to purchase risky investments), and most important of all for us, LACKING SECURITY CONTROLS.
From Brave to Broke
While this situation is currently under investigation and more details will surely be released in the coming months, I wanted to highlight the comments made by John Ray in last month’s hearing as they were very interesting for people in the Information Security world. The entire testimony was almost 4 hours, so here are the biggest takeaways:
For IT control leaders and professionals around the United States, John Ray’s testimony brings up several key areas of improvement FTX could have made. And potentially a reminder for those professionals to evaluate their internal IT controls.
This is Not Just a Crypto Issue
FTX found a way around this and was caught red-handed, leaving all their investors with nothing more than a cheap bag of airplane peanuts. While there is still a lack of regulation around cryptocurrencies, the same cannot be said for the rest of the business world. All companies must follow the rules laid out specific to their industry. If you are an IT leader in your organization and feel your internal IT security controls could use some work, QoS is happy to assist you. In the past we have helped clients prepare for Service Organization Controls (SOC) audits, Cybersecurity Maturity Model Certification (CMMC 2.0) just to name a couple, as well as assist with ad-hoc audit tasks to help make your process easier.
For more information speak with a QoS consultant today, at firstname.lastname@example.org, or reach out through our contact form on our website, www.qosconsultingsolutions.com.
Michael Joe is a Security Consultant and blog writer at QoS Consulting Solutions, author of several captivating works on our website. Michael graduated from the College of Charleston in South Carolina with a Bachelor of Arts degree in Communication and with Latin Honors: Cum Laude. Michael’s passion for spreading awareness and knowledge of information technologies and cybersecurity is evident in his unique voice and writing style. As you noticed in his work, Michael’s storytelling and humor have a way of grasping the reader in a way few technology-focused blogs have done. Michael’s aim is to educate and entertain to change the way people perceive IT literature: Moving it away from a hyper-focus on so called “geeks”, towards the greater public. Cybersecurity is for EVERYONE, not just the techies in the trenches! Michael was expertly trained in the art of cybersecurity consulting.
See author's posts