?
PAUL
FARRINGTON,
EMEA CTO AT
VERACODE
R
eputation is an
immeasurable
asset to any
company. A
survey by
Gemalto of 10,000
individuals found
70% would stop doing business with a
company that had experienced a data
breach. Not only does it increase sales
and aid with employee retention, it also
impacts a company’s valuation and plays
a vital role in the level of customer trust
created through a brand’s identity.
A data breach can represent a critical
failure of trust among investors,
employees, partners and customers.
With approximately 30% of all breaches
occurring as a result of a vulnerability
at the application layer, software
purchasers are demanding more insight
into the security of the software they
are buying.
As cyberattacks increase, there remains
a lack of training on secure coding that
www.intelligentciso.com
|
Issue 19
can help companies mitigate against
vulnerabilities that can lead to breaches.
We also need to educate companies on
how they can reduce their security debt
and that they are within their rights to
demand the security of software they
are interested in purchasing. After all,
the software supply chain in use at any
company represents significant risk.
Although cybersecurity incidents make
headlines daily, companies still aren’t
doing enough to act on vulnerabilities
that could be detrimental to their
reputation. Only 58% of businesses have
taken action towards implementing five
or more of the government’s 10 Steps to
Cyber Security.
In a GDPR world in which the average
business is aware of data security
best practices and look to partner with
businesses they trust to help them
prevent attacks, it is vital companies
have the ability to demonstrate
verifiable processes they take to secure
their software.
editor’s question
As cyberattacks
increase, there
remains a lack of
training on secure
coding that can
help companies
mitigate against
vulnerabilities
that can lead
to breaches.
No matter how sophisticated your
security posture is, every day
cybercriminals find new ways to launch
attacks. Companies need to be prepared
to act when a breach does occur by
following best practices, including
taking steps to make their code as
secure as possible. The way a business
proactively prepares to prevent a data
breach directly impacts the reputation
of a company, not only in the eyes of
the customer, but also prospective
customers and even employees.
Take the recent Capital One breach
– many initially compared it to the
infamous Equifax breach, yet there is
a key reason as to why Capital One’s
reputation hasn’t been impacted to the
same extent. Capital One has a working
responsible disclosure process. Once
the organisation was aware of the breach
through its disclosure process, Capital
One alerted the FBI, fixed the vulnerability
and the suspect was arrested. All of this
happened within 12 days.
Cybersecurity risks are rising, but
organisations that have a swift,
organised risk management approach
after an incident will definitely help
mitigate the extensive reputational
damage we so often see.
29