Startups Can Differentiate By Doing Cybersecurity Right From Day One

Uploaded on 2018-12-18 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Financial

The speed of digital transformation forces large enterprises to increasingly make use of smaller software-based tech companies in order to keep up with the pace of their competition.

Meanwhile, data breaches continue to dominate the headlines. A worrying observation is that cyber criminals are targeting large enterprises more and more by targeting their suppliers, leading to a steep increase in third-party vendor data breaches.

As a result, large enterprises are increasing the time and energy they are spending on making sure their suppliers have implemented the highest security standards through recurring cybersecurity risk assessments and lengthy questionnaires. After all, there is a lot at stake; if consumer data is breached, the enterprises remain responsible. Most large enterprises have a rigid approach to procurement and third-party vendor risk management, and they try to transfer their risks to their suppliers as much as possible. In reality, however, most of the often-smaller suppliers don’t have the financial power to survive if their end customers’ data would be breached.

This is a more significant challenge for software companies who offer digital solutions in Financial Services; so-called FinTech and Tech-for-Fin companies. By opening the banking ecosystem through API’s (Application Programmable Interfaces), banks and financial institutions risk being compromised through integrations with the fintech company. Thus, some CISO’s even say their third-party vendors have become their biggest CyberSecurity risk.

This creates a tremendous opportunity for digital startups and scale-ups to differentiate themselves by doing security right from the start. Studies have shown that it’s easier and a lot cheaper to build proper security if it’s done in the beginning.

Moreover, we’ve noticed that if companies treat security as a mere compliance check-in-the-box, or even as an afterthought, it is a guarantee that a data breach will occur sooner rather than later. When we look at the most prominent cases where data has been breached, all of those companies had certifications such as ISO27K or PCI DSS. Nevertheless, they were breached.

As Christian Moldes wrote in the Journal of Cyber Security and Information Systems: “Organizations can be compliant but not secure: why is it that PCI-Certified Companies Are Being Breached? Organizations must continue to focus on the goal of safeguarding customer data, not just pass the PCI DSS assessment. Consumers are counting on organizations to secure data in transit while providing appropriate level of vulnerability management and overall risk management.”

Security should be embedded in the DNA of every software company.

Approaches to innovations such as “design thinking” and “minimum viable product” shouldn’t be interpreted as “we can add security much later”.

It is great to build a Minimum Viable Product just to demonstrate a business idea and a valuable concept, but once that conceptual piece of software is taken to the next level, it should be redesigned from the ground up with proper business continuity and embedded cyber security measures. Too often, we see a demonstrator evolve to become a product that then needs a full “2.0” redesign in order to meet the minimum security and continuity requirements, which is very costly and time consuming.

Patrick Coomans is Cyberhive Programme Manager with B-Hive,a European collaborative innovation fintech platform 

You Might Also Read:

UK Banks Fall Behind In FinTech:

« Charities Falling Victim To Cybercrime
Robots And AI Will Create More Jobs Than They Replace »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

Cydome

Cydome

Cydome offers full-spectrum cybersecurity solutions tailored for the maritime industry.

Evolve Secure Solutions

Evolve Secure Solutions

Evolve Secure Solutions is a security focused managed services provider serving private and public customers across the UK.

RIPS Technologies

RIPS Technologies

RIPS Technologies delivers automated security analysis for PHP applications as platform independent software or highly scalable cloud service.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

Kocho

Kocho

Kocho (formerly TiG) is a provider of identity and access, cyber security, cloud transformation, and managed IT services.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

NXM Labs

NXM Labs

NXM is a leader in a leader in advanced cybersecurity software for connected devices.

Lineaje

Lineaje

Lineaje solves critical Software Supply Chain security problems faced by every organization that builds, uses or sells software.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.