Startups Can Differentiate By Doing Cybersecurity Right From Day One

Uploaded on 2018-12-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The speed of digital transformation forces large enterprises to increasingly make use of smaller software-based tech companies in order to keep up with the pace of their competition.

Meanwhile, data breaches continue to dominate the headlines. A worrying observation is that cyber criminals are targeting large enterprises more and more by targeting their suppliers, leading to a steep increase in third-party vendor data breaches.

As a result, large enterprises are increasing the time and energy they are spending on making sure their suppliers have implemented the highest security standards through recurring cybersecurity risk assessments and lengthy questionnaires. After all, there is a lot at stake; if consumer data is breached, the enterprises remain responsible. Most large enterprises have a rigid approach to procurement and third-party vendor risk management, and they try to transfer their risks to their suppliers as much as possible. In reality, however, most of the often-smaller suppliers don’t have the financial power to survive if their end customers’ data would be breached.

This is a more significant challenge for software companies who offer digital solutions in Financial Services; so-called FinTech and Tech-for-Fin companies. By opening the banking ecosystem through API’s (Application Programmable Interfaces), banks and financial institutions risk being compromised through integrations with the fintech company. Thus, some CISO’s even say their third-party vendors have become their biggest CyberSecurity risk.

This creates a tremendous opportunity for digital startups and scale-ups to differentiate themselves by doing security right from the start. Studies have shown that it’s easier and a lot cheaper to build proper security if it’s done in the beginning.

Moreover, we’ve noticed that if companies treat security as a mere compliance check-in-the-box, or even as an afterthought, it is a guarantee that a data breach will occur sooner rather than later. When we look at the most prominent cases where data has been breached, all of those companies had certifications such as ISO27K or PCI DSS. Nevertheless, they were breached.

As Christian Moldes wrote in the Journal of Cyber Security and Information Systems: “Organizations can be compliant but not secure: why is it that PCI-Certified Companies Are Being Breached? Organizations must continue to focus on the goal of safeguarding customer data, not just pass the PCI DSS assessment. Consumers are counting on organizations to secure data in transit while providing appropriate level of vulnerability management and overall risk management.”

Security should be embedded in the DNA of every software company.

Approaches to innovations such as “design thinking” and “minimum viable product” shouldn’t be interpreted as “we can add security much later”.

It is great to build a Minimum Viable Product just to demonstrate a business idea and a valuable concept, but once that conceptual piece of software is taken to the next level, it should be redesigned from the ground up with proper business continuity and embedded cyber security measures. Too often, we see a demonstrator evolve to become a product that then needs a full “2.0” redesign in order to meet the minimum security and continuity requirements, which is very costly and time consuming.

Patrick Coomans is Cyberhive Programme Manager with B-Hive,a European collaborative innovation fintech platform 

You Might Also Read:

UK Banks Fall Behind In FinTech:

« Charities Falling Victim To Cybercrime
Robots And AI Will Create More Jobs Than They Replace »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Okta

Okta

Okta is an enterprise-grade identity management service, built from the ground up in the cloud to address the challenges of a cloud-mobile-interconnected world.

Hillstone Networks

Hillstone Networks

Hillstone Networks offers a broad range of security solutions for enterprises and data center networks – whether physical, virtual, or in the cloud.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

Sandia National Laboratories

Sandia National Laboratories

Sandia National Laboratories is a premier science and engineering lab for national security and technology innovation.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

Red Goat Cyber Security

Red Goat Cyber Security

Red Goat Cyber Security have created excellent, informative and interactive Social Engineering Awareness training which is suitable for all levels of staff.

Persona Identities

Persona Identities

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

Hummingbird International

Hummingbird International

Hummingbird International, LLC offers services for the collection, audit, computer recycling and safe disposal of laptops, monitor/LCD, hard drives, and IT disposal.

Evolve Business Group

Evolve Business Group

Evolve is an independently-owned managed network solutions provider, creating bespoke packages for customers globally since 2005.

Straiker

Straiker

Straiker's AI-native security platform is designed to protect enterprise AI applications and autonomous agents from evolving threats through automated assessment and runtime guardrails.

Sailo Technologies

Sailo Technologies

Sailo.Technologies is a revolutionary company in Blockchain security, integrating advanced cryptographic technologies to defend transactions and digital assets.