Even though information security has advanced in regulated sectors such as finance, there is still room for improvement in less regulated sectors, according to the company’s specialist.
The topic of information security has gained greater prominence in companies’ strategies, especially in highly regulated sectors such as finance. Despite this trend, in the area of digital product development, the topic is still challenging and, in many cases, not proactively addressed by companies. To understand the importance of continuously addressing this issue in the process of building technology and innovation solutions, Saulo Esteves, Director of Digital Workplace Technology at Invillia, explains the main paths to be considered in this journey.
For example, a KPMG survey this year shows that 65% of corporate leaders adopt information security requirements to meet compliance needs and not as a long-term strategic initiative. In addition, only 30% of the 1.8 thousand respondents believe that increased trust in the topic increases profitability, according to the institution. The data shows that companies’ perception of the benefits of cybersecurity for the success of a project still needs to evolve.
“In most cases, companies’ approach to cybersecurity in digital product development is almost like an insurance policy. Not all companies are willing to invest in an area that does not bring immediate profit or that is a factor that ‘may happen’ and, therefore, cannot quantify the when and how,” explains Esteves. He says that this perception ends up bringing vulnerabilities and, as a consequence, significant financial losses in the long term.
The earlier you start, the lower the cost
Even companies whose business vector is technology have experienced cases of data breaches – exposing different information. Since 2018, major brands in the communication and social media, ride-sharing, and marketplace sectors have reported problems in this regard. These events have led to a series of adjustments in technological processes and, in some cases, the payment of fines.
“We can cite several examples of cases that could have been easily detected and resolved – involving much lower costs – if security had been considered from the beginning of a digital project,” clarifies Esteves. He emphasizes that the later security becomes a concern, the larger the investments needed to adapt an ongoing project. When the situation is to remedy a problem that has already occurred, such as a data breach, for example, the costs become even more exorbitant, according to the specialist – in addition to the damage to brand image when a security incident occurs.
This is because, in these cases, investments must involve technological re-adjustment, new tests, gaining customer trust, and training. Unlike when investment in the topic is made from the beginning, where there is time for studies, evaluations, and strengthening of actions.
Secure development lifecycle
According to the specialist, considering cybersecurity as one of the main pillars from the beginning makes the digital product (whether it’s a website, service, or application) more robust and prepared for different situations, which is known as the Secure Development Lifecycle (SDLC) method. For context, the concept represents the adoption of different processes that, together, provide secure software that is better prepared for any adaptation. These processes include architecture analysis, testing, and reviews – all of which are done before launch.
“Without adopting this concept, even if the company has good professionals and the best tools in the market, security is still a problem. These phases need to be well-defined, and security needs to be embedded in every development process.”
Esteves points out that, although there is still a long way to go, expectations for companies to proactively invest in cybersecurity are positive. In 2022, this issue began to show more progress. According to a survey by Canalys, released in March, cybersecurity spending remained strong in the fourth quarter, totaling $19.6 billion. In 2022 as a whole, it reached $71.1 billion, a growth of over 15% compared to the previous year.
In the financial sector, many regulations are already in place, which guides and strengthens the issue of security in every new project. Now, for sectors where regulations are not as precise (such as social media, for example), this proactivity needs to be developed. In this scenario, the Invillia’s CTO affirms that this is the role of digital partners.
“Choosing a committed digital partner is essential for the success of a project. They can bring ideas to strengthen the security issue, help with training, and point out the long-term benefits that can be obtained,” he says. According to him, strengthening awareness and bringing balance to each stage are also essential aspects in the relationship with partners.
Therefore, the scenario should move towards a more advanced direction. The expert highlights that the issue of security has had three major factors in recent years that have increased its importance in the corporate world. The first one was the increase in ransomware cases, followed by the implementation of the General Data Protection Law (LGPD), and then the pandemic – which brought new attack channels, such as through WhatsApp.
“These factors have brought the topic closer to the radar of companies. In this sense, the trend now is that the subject and related methodologies will continue to evolve, always ensuring the best experience for the user and, for companies, the trust of the public and investors.”
Security is an extremely important topic here at Invillia. And to combat fraudsters, we are constantly developing innovations that are fast and effective. Learn about our way of developing everything you can imagine: invillia.com/global-growth-framework/