Startups Can Differentiate By Doing Cybersecurity Right From Day One

Uploaded on 2018-12-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The speed of digital transformation forces large enterprises to increasingly make use of smaller software-based tech companies in order to keep up with the pace of their competition.

Meanwhile, data breaches continue to dominate the headlines. A worrying observation is that cyber criminals are targeting large enterprises more and more by targeting their suppliers, leading to a steep increase in third-party vendor data breaches.

As a result, large enterprises are increasing the time and energy they are spending on making sure their suppliers have implemented the highest security standards through recurring cybersecurity risk assessments and lengthy questionnaires. After all, there is a lot at stake; if consumer data is breached, the enterprises remain responsible. Most large enterprises have a rigid approach to procurement and third-party vendor risk management, and they try to transfer their risks to their suppliers as much as possible. In reality, however, most of the often-smaller suppliers don’t have the financial power to survive if their end customers’ data would be breached.

This is a more significant challenge for software companies who offer digital solutions in Financial Services; so-called FinTech and Tech-for-Fin companies. By opening the banking ecosystem through API’s (Application Programmable Interfaces), banks and financial institutions risk being compromised through integrations with the fintech company. Thus, some CISO’s even say their third-party vendors have become their biggest CyberSecurity risk.

This creates a tremendous opportunity for digital startups and scale-ups to differentiate themselves by doing security right from the start. Studies have shown that it’s easier and a lot cheaper to build proper security if it’s done in the beginning.

Moreover, we’ve noticed that if companies treat security as a mere compliance check-in-the-box, or even as an afterthought, it is a guarantee that a data breach will occur sooner rather than later. When we look at the most prominent cases where data has been breached, all of those companies had certifications such as ISO27K or PCI DSS. Nevertheless, they were breached.

As Christian Moldes wrote in the Journal of Cyber Security and Information Systems: “Organizations can be compliant but not secure: why is it that PCI-Certified Companies Are Being Breached? Organizations must continue to focus on the goal of safeguarding customer data, not just pass the PCI DSS assessment. Consumers are counting on organizations to secure data in transit while providing appropriate level of vulnerability management and overall risk management.”

Security should be embedded in the DNA of every software company.

Approaches to innovations such as “design thinking” and “minimum viable product” shouldn’t be interpreted as “we can add security much later”.

It is great to build a Minimum Viable Product just to demonstrate a business idea and a valuable concept, but once that conceptual piece of software is taken to the next level, it should be redesigned from the ground up with proper business continuity and embedded cyber security measures. Too often, we see a demonstrator evolve to become a product that then needs a full “2.0” redesign in order to meet the minimum security and continuity requirements, which is very costly and time consuming.

Patrick Coomans is Cyberhive Programme Manager with B-Hive,a European collaborative innovation fintech platform 

You Might Also Read:

UK Banks Fall Behind In FinTech:

« Charities Falling Victim To Cybercrime
Robots And AI Will Create More Jobs Than They Replace »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

TrustArc

TrustArc

TrustArc provide privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

Data Protection People

Data Protection People

Data Protection People are specialists in Data Privacy, Governance, and Information Security.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

Bitbone

Bitbone

Bitbone develop IT infrastructure and IT security solutions that create long-term value.

Open Quantum Safe (OQS)

Open Quantum Safe (OQS)

The Open Quantum Safe (OQS) project is an open-source project that aims to support the development and prototyping of quantum-resistant cryptography.

Praxis Security Labs

Praxis Security Labs

Praxis Security Labs is a research driven cybersecurity company that helps our customers to reduce risk and improve security.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.

Security4Media

Security4Media

Security4Media is a non-profit association set up to reduce risks and support trust in media, in the face of increasing cybersecurity threat levels.