At first, thinking about the connection between information security and innovation may seem unnatural, since in theory these are different issues. After all, one is aimed at risk mitigation, while the other requires an appetite for risk-taking. But, in practice, they really need to be combined and the secret lies in a technique defined early on and refined throughout the product’s lifecycle. Read on to find what it is :-)_
Introduction
A recent survey by Fortinet pointed out that during the first half of 2021 Brazil had more than 16.2 billion cyberattack attempts, doubling the number the entire year of 2020 (8.4 billion). Thus, Brazil ranks 2nd on the list of biggest targets for cybercrime in Latin America, only behind Mexico – which has registered more than 60 billion attempted attacks this year alone.
Among the most common are Whatsapp cloning scams, fake banking URA, Pix bug and/or QR Code tampering. In corporate environments, users are more exposed to ransomware-type attacks, where data is hijacked or blocked and only released upon payment of ransoms. This modality has compromised the operation of several companies in the world, causing enormous financial damages.
Innovating with security
All of this created proportions and alerts so large that they impact even those who have not yet got their idea off the ground. It has become, more than ever, a subject for innovators.
Today’s challenge is how to create digital products and leverage digital transformation considering innovative technologies – such as Cloud, Internet of Things (IoT), Artificial Intelligence (AI), Big Data and Mobile Application Development – in a way that attest to the security of information and data protection. And this is not restricted to just a set of tools and equipment: information security goes beyond, using processes and people as fundamental pillars for a secure environment.
In recent years, the market has found ways to launch innovative services and products while incorporating controls and security mechanisms. By doing this, companies are opening the way to new experiences, opportunities; strengthening data and information security; and complying with increasingly stringent norms, standards and regulations.
From theory to practice
Threat Modeling is an essential practice to apply from the conception and design of a product or service. It helps in identifying, communicating and understanding potential threats that an application may be exposed to. Its advantage is that it can be used in different projects, whether they are related to software, networks, business processes and even equipment/appliances.
The models available from Microsoft and OWASP are a great way for anyone looking for a reference or wanting to implement Threat Modeling in their business. But to make it easier to practice everything that has been said so far, we’ve created a guide with the 4 key security steps to consider from day one of your idea:
- Have a clear business/technical view of the system;
- Map the services consumed and possible failures and threats;
- Fix threats and recommend security controls;
- Validate and ensure security requirements and controls are being met.
Knowing what’s behind the business, we know that organizations that ignore the cybersecurity/data privacy area and don’t invest in improvements and adjustments will be vulnerable to attacks and incidents that can compromise the entire operation, and even its recovery and continuity. These losses and impacts are incalculable, as they are related to regulatory fines, loss of operational efficiency, unavailability/interruption of services and loss of confidence in the market.
At Invillia we take security very seriously. We know it’s not just an infrastructure issue, it’s a development issue. Our Global Growth Framework brings together an advanced and rigorous set of tools, processes and know-how to ensure that any innovation is safe from the outset. In which the priority is prevention and not reaction. Data, People and Action increasing in performance, quality and security the creation and development of digital products and services.
Let’s develop your next super secure app together!
Fintech, Regtech, Govtech, Biotech, Healthtech, Agritech, Mediatec, Hometech, Edtech, Anytech_ count on us_
By Mario Akamine Junior, Cybersecurity Manager at Invillia