Startups Can Differentiate By Doing Cybersecurity Right From Day One

Uploaded on 2018-12-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The speed of digital transformation forces large enterprises to increasingly make use of smaller software-based tech companies in order to keep up with the pace of their competition.

Meanwhile, data breaches continue to dominate the headlines. A worrying observation is that cyber criminals are targeting large enterprises more and more by targeting their suppliers, leading to a steep increase in third-party vendor data breaches.

As a result, large enterprises are increasing the time and energy they are spending on making sure their suppliers have implemented the highest security standards through recurring cybersecurity risk assessments and lengthy questionnaires. After all, there is a lot at stake; if consumer data is breached, the enterprises remain responsible. Most large enterprises have a rigid approach to procurement and third-party vendor risk management, and they try to transfer their risks to their suppliers as much as possible. In reality, however, most of the often-smaller suppliers don’t have the financial power to survive if their end customers’ data would be breached.

This is a more significant challenge for software companies who offer digital solutions in Financial Services; so-called FinTech and Tech-for-Fin companies. By opening the banking ecosystem through API’s (Application Programmable Interfaces), banks and financial institutions risk being compromised through integrations with the fintech company. Thus, some CISO’s even say their third-party vendors have become their biggest CyberSecurity risk.

This creates a tremendous opportunity for digital startups and scale-ups to differentiate themselves by doing security right from the start. Studies have shown that it’s easier and a lot cheaper to build proper security if it’s done in the beginning.

Moreover, we’ve noticed that if companies treat security as a mere compliance check-in-the-box, or even as an afterthought, it is a guarantee that a data breach will occur sooner rather than later. When we look at the most prominent cases where data has been breached, all of those companies had certifications such as ISO27K or PCI DSS. Nevertheless, they were breached.

As Christian Moldes wrote in the Journal of Cyber Security and Information Systems: “Organizations can be compliant but not secure: why is it that PCI-Certified Companies Are Being Breached? Organizations must continue to focus on the goal of safeguarding customer data, not just pass the PCI DSS assessment. Consumers are counting on organizations to secure data in transit while providing appropriate level of vulnerability management and overall risk management.”

Security should be embedded in the DNA of every software company.

Approaches to innovations such as “design thinking” and “minimum viable product” shouldn’t be interpreted as “we can add security much later”.

It is great to build a Minimum Viable Product just to demonstrate a business idea and a valuable concept, but once that conceptual piece of software is taken to the next level, it should be redesigned from the ground up with proper business continuity and embedded cyber security measures. Too often, we see a demonstrator evolve to become a product that then needs a full “2.0” redesign in order to meet the minimum security and continuity requirements, which is very costly and time consuming.

Patrick Coomans is Cyberhive Programme Manager with B-Hive,a European collaborative innovation fintech platform 

You Might Also Read:

UK Banks Fall Behind In FinTech:

« Charities Falling Victim To Cybercrime
Robots And AI Will Create More Jobs Than They Replace »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigiCert

DigiCert

DigiCert is the only provider of enterprise-grade SSL, IoT and PKI solutions. Our certificates are trusted everywhere, millions of times every day, by companies across the globe.

StratoKey

StratoKey

StratoKey is an intelligent Cloud Access Security Broker (CASB) that secures your cloud and SaaS applications against data breaches, so you can do secure and compliant business in the cloud.

National Association of Software and Services Companies (NASSCOM)

National Association of Software and Services Companies (NASSCOM)

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

Certus Software

Certus Software

Our Secure Data Erasure solutions protect customer data confidentiality by completely erasing it from data storage devices.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Blue Ridge Networks

Blue Ridge Networks

Blue Ridge offers a suite of solutions that enable secure remote access to the enterprise network with protection and control of endpoints.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

Immuta

Immuta

Immuta empowers data engineering and operations teams to automate data governance, security, access control & privacy protection.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

Kaesim Cybersecurity

Kaesim Cybersecurity

Kaesim are a global team of cybersecurity experts protecting businesses since 2015. We stop bad people damaging your business, your data and your reputation.

PixelQA

PixelQA

Are you looking for a security testing company to cross-check whether your software or mobile app has a possible security threat or not?