Bitcoin is back, but not as you know it

Several of the first spot bitcoin exchange-traded funds (ETFs) to ever be listed on United States stock markets began trading last night. This follows the US Securities and Exchange Commission (SEC) approving the listing of 11 spot bitcoin ETFs after a legal battle with fund provider, Grayscale. The approval follows six years of knock-backs for many fund providers seeking permission to offer spot bitcoin ETFs. This is considered a watershed moment in the investing world, allowing more investors to gain exposure to the cryptocurrency asset without buying bitcoin directly themselves.

ETFs are baskets of assets that are professionally managed by fund providers. Ordinary investors can buy them on the stock market just like any other share. Among the 11 fund providers approved to launch their ETFs this week are BlackRock, Fidelity, Grayscale and VanEck.

Spot bitcoin ETFs give investors direct exposure to bitcoin at its spot (current) price. The ability to buy bitcoin exposure via a traditional stock exchange will give investors some degree of regulatory protection as the fund managers must comply with the Securities Act, Exchange Act, and SEC rules. Investors may also feel more peace of mind buying bitcoin via a professionally managed ETF instead of buying it directly themselves through an unregulated cryptocurrency trading platform.

However, SEC Chair Gary Gensler emphasised that the decision to approve the spot bitcoin ETFs did not mean the SEC endorsed cryptocurrency assets. He said bitcoin was “primarily a speculative, volatile asset that’s also used for illicit activity including ransomware, money laundering, sanction evasion, and terrorist financing”. He added: “While we approved the listing and trading of certain spot bitcoin ETP shares today, we did not approve or endorse bitcoin. Investors should remain cautious about the myriad risks associated with bitcoin and products whose value is tied to crypto.”

The SEC’s decision follows a lawsuit launched by Grayscale after the SEC refused to allow it to convert its Grayscale Bitcoin Trust into a listed ETF. The US Court of Appeals for the District of Columbia found that the SEC had failed to adequately explain its reasons for denying the listing. This meant the SEC had to review its ruling and either more fully explain its reasoning, or approve the listing of the ETF. Gensler said in light of these circumstances, “I feel the most sustainable path forward is to approve the listing and trading of these spot bitcoin [ETF] shares”. The SEC not only approved Grayscale’s product but 10 other spot bitcoin ETF applications awaiting a decision.

Gensler warned that the approval of spot bitcoin ETFs would not automatically open the door for other cryptocurrency ETF products. “It should in no way signal the Commission’s willingness to approve listing standards for crypto asset securities,” he said. Bitcoin closed slightly lower at US$46,382.60 in overnight trading. Cryptocurrencies are known for their volatility. In the case of bitcoin, it hit an all-time peak value of just under $69,000 in November 2021 before crashing to below $17,000 in 2022. Over the past 12 months, the bitcoin price has risen by almost 160%.

As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.

Be familiar with how vendors develop, test and release their software

IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.

“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.

That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.

“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.

Re-evaluate how your firm accepts software updates from ‘trusted’ vendors

While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.

“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.

Automation, and maybe even artificial intelligence-based IT tools, can help.

“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”

Develop a disaster recovery plan

An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.

One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.

Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.

Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.

Review vendor and insurance contracts

For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.

“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.

If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.

The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.

This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.

Weigh the advantages and disadvantages of the various platforms

The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.

CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.

Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”