Startups Can Differentiate By Doing Cybersecurity Right From Day One

Uploaded on 2018-12-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The speed of digital transformation forces large enterprises to increasingly make use of smaller software-based tech companies in order to keep up with the pace of their competition.

Meanwhile, data breaches continue to dominate the headlines. A worrying observation is that cyber criminals are targeting large enterprises more and more by targeting their suppliers, leading to a steep increase in third-party vendor data breaches.

As a result, large enterprises are increasing the time and energy they are spending on making sure their suppliers have implemented the highest security standards through recurring cybersecurity risk assessments and lengthy questionnaires. After all, there is a lot at stake; if consumer data is breached, the enterprises remain responsible. Most large enterprises have a rigid approach to procurement and third-party vendor risk management, and they try to transfer their risks to their suppliers as much as possible. In reality, however, most of the often-smaller suppliers don’t have the financial power to survive if their end customers’ data would be breached.

This is a more significant challenge for software companies who offer digital solutions in Financial Services; so-called FinTech and Tech-for-Fin companies. By opening the banking ecosystem through API’s (Application Programmable Interfaces), banks and financial institutions risk being compromised through integrations with the fintech company. Thus, some CISO’s even say their third-party vendors have become their biggest CyberSecurity risk.

This creates a tremendous opportunity for digital startups and scale-ups to differentiate themselves by doing security right from the start. Studies have shown that it’s easier and a lot cheaper to build proper security if it’s done in the beginning.

Moreover, we’ve noticed that if companies treat security as a mere compliance check-in-the-box, or even as an afterthought, it is a guarantee that a data breach will occur sooner rather than later. When we look at the most prominent cases where data has been breached, all of those companies had certifications such as ISO27K or PCI DSS. Nevertheless, they were breached.

As Christian Moldes wrote in the Journal of Cyber Security and Information Systems: “Organizations can be compliant but not secure: why is it that PCI-Certified Companies Are Being Breached? Organizations must continue to focus on the goal of safeguarding customer data, not just pass the PCI DSS assessment. Consumers are counting on organizations to secure data in transit while providing appropriate level of vulnerability management and overall risk management.”

Security should be embedded in the DNA of every software company.

Approaches to innovations such as “design thinking” and “minimum viable product” shouldn’t be interpreted as “we can add security much later”.

It is great to build a Minimum Viable Product just to demonstrate a business idea and a valuable concept, but once that conceptual piece of software is taken to the next level, it should be redesigned from the ground up with proper business continuity and embedded cyber security measures. Too often, we see a demonstrator evolve to become a product that then needs a full “2.0” redesign in order to meet the minimum security and continuity requirements, which is very costly and time consuming.

Patrick Coomans is Cyberhive Programme Manager with B-Hive,a European collaborative innovation fintech platform 

You Might Also Read:

UK Banks Fall Behind In FinTech:

« Charities Falling Victim To Cybercrime
Robots And AI Will Create More Jobs Than They Replace »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Patchstack

Patchstack

Patchstack (formerly WebARX) is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

Cancom

Cancom

CANCOM group is one of the leading providers of IT infrastructure and IT services in Germany and Austria. Solution areas include network security.

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

Purple Security

Purple Security

Purple Security arises from the association of specialists in offensive security (ethical hackers, white hats) and experts in insurance, compliance and implementation of industry standards.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

Frenos

Frenos

The Frenos Platform helps enterprises understand their most probable attack paths while highlighting the most effective risk mitigations to deter and defend against today’s adversaries.