Welcome to the final 2024 episode of A Little Privacy, Please! Today, we're delighted to have Matthew Gerstenfeld, co-founder and CEO of Munichain, who will share insights about his company's innovative product. Our Nixon Peabody Public Finance partner and occasional co-host, Rudy Salo, also joins us.
Thank you, Matt and Rudy, for joining us and discussing how to enhance the safety of municipal deals.
Matthew, tell us about Munichain, how the idea came about, and what the product does.
Munichain was created about seven or eight years ago when I worked in underwriting, sales, and trading. I realized there were many parties involved in public finance, such as advisors, bond attorneys, and banks, and most of the technology originated from the '90s. Many parties were unaccounted for, so Munichain was born as the connective tissue for the public finance market to hyper-connect folks who would otherwise rely on other means of communication.
What makes Munichain so secure?
We challenge assumptions by probing for all possibilities that could go wrong on our infrastructure. This includes access control reviews to ensure proper permissions are in place and penetration testing to simulate attacks and expose vulnerabilities. We intentionally challenge assumptions to confirm the integrity of our systems.
We've been sounding the alarm for municipalities in the United States. Recently, there was an incident in Michigan involving a competitive deal that got hacked. Can you give us more details about what happened?
I don't have all the specific details, as it's still under investigation, but it seems the incident stemmed from a lack of in-depth defense. A single point of failure led to the entire system breaking down. This often happens when cybersecurity is approached as a check-the-box scenario. Minimum protection requirements were met, but they weren't expanded upon. One contaminated ingredient can spoil the entire dish; similarly, one party exposing a vulnerability can affect the entire group.
Could you identify blind spots in the public finance industry regarding cybersecurity and payment fraud and how municipalities should address these gaps?
It boils down to asset management. Many organizations fail to fully inventory and manage their technologies. Basic security practices like multi-factor authentication and conditional access control are essential. Munichain focuses on internal productivity and securely piping information to other parties, removing access instantaneously. This helps manage and trace information more effectively.
Why do you think municipalities have been delayed in implementing this tech compared to private industries?
The issue lies in overly complex processes and too much red tape, which slow down the testing and implementation of new technology. Creating a more operational space for technologists and cybersecurity experts to work efficiently without bureaucratic delays is crucial. This reduces dependency on internal failure points and addresses larger vulnerabilities in the market.
Let’s go around and share our cybersecurity and privacy resolutions for 2025.
Matthew: My priority is the simplification of understanding top priority safeguards. Overly fancy possibilities can make you lose sight of the basics. For example, managed devices ensure that every Munichain employee or partner operates on a managed device at all times. This provides insight into operations and helps identify mishaps quickly.
Jenny: I agree on the cyber education piece. Educating employees and each other on available services and tech is crucial. If we're not talking about it, that's when bad things happen.
Rudy: My resolution is to co-host or guest host A Little Privacy, Please! three times in 2025 instead of just two. I'll achieve this by educating myself about the industry and the threats to municipal finance.
Jason: I'm going to stop using my dog's name as my password. That's my 2025 resolution.
The views expressed in this video are personal opinions and do not represent the views or policies of Munichain LLC or its affiliates. This content is for informational purposes only and is not intended as professional advice.
