Implementing cybersecurity projects shouldn’t only depend on return on investment or viewed as a cost. There’s a better way you could be evaluating it. Businesses should be thinking about how adding cybersecurity can add more business value and enable company growth. The landscape is changing and security is starting to be seen as a competitive advantage more often, and for some industries, it’s a reason customers want to do business with a brand. We discuss 5 ways cybersecurity can be a business enabler:
Gain a competitive edge with cybersecurity and acquire bigger accounts.
If your company is a supplier, having a good understanding of the security status of your applications is crucial. It’s 2019, and it’s imperative to be knowledgeable of your own security status as no one wants to be the weak link in the supply chain.
If you are using an automated web app scanner like Detectify, you can get detailed reports on the security status of your products and continuously monitor your web applications. This gives customers a piece of mind knowing that security is part of your company culture to keep the proverbial doors shut from your end of the supply chain. You may even gain a competitive edge as it could make your offering seem less risky for the buyer and expedite the procurement process, especially from enterprises that likely have infosecurity requirements.
Some companies require vendors to complete security questionnaires as part of the process. Knowing your answers in details will streamline the acquisition process. Here’s some insight from Paul Langley, Information Security Manager at Loopio, an RFP response software provider:
“If you are in the B2B space and you want to win big enterprise deals, you need to provide some sort of assurance of your security practises. Prospects and customers want to know that the data they are trusting you with will be secure, along with meeting specific legal, regulatory and compliance requirements they may have.
Your responses to security questionnaires should provide maximum value and answer questions in as much detail as possible, saving time from follow-up questions and further evidence requests. A simple ‘yes’ or ‘no’ will not always be sufficient. Having a standard approach to security questionnaires can also buy time before your company needs to perform a third party security audit or certification (SOC 2, ISO 27001, CSA, etc.).”
Know your third-party applications and their security status.
Adding third-party applications are commonly used to facilitate better understanding of customers, website interactions and automating some processes like customer service chatbots on a landing page. Doing so will help you understand customer behaviour better and scale up business activities, adding more customers into the figurative funnel, but can this backfire?
59% of respondents in the 2018 Ponenom Institute annual survey experienced a data breach from third-parties, while 22% of respondents admitted that they were not sure at all whether a data breach happened or not. These numbers start to make sense as headlines in 2018 included Magecart and malicious third-party javascript that compromised large company web applications including British Airways and Ticketmaster.
While your main application may be secure, cybercriminals are now gaining access into companies via third-party suppliers and finding the backdoors in. Third-party applications may be key to scale up operations, but be sure to do the due diligence on their security status and monitor the data that’s transferred to avoid being an embarrassing headline.
Develop faster. Stay Agile AND secure.
Historically, security is seen as a compliance unit, a cost center, but there’s a way to turn the dialogue around. Turning security into a business enabler is a hot topic now, and it begins with shifting paradigms to communicate what the added business value of cybersecurity is. For many B2C companies, this means connecting with intrinsic customer needs like personal security. Training developers to also consider the security needs of the customer could mean added value into applications, better user experience, and fewer fires to put out. Having cybersecurity shouldn’t stop a company from scaling, but rather scale together with development. This can be achieved by automating some of the security processes like code scanning, testing, while security teams work closely with developers to design with security in mind during the CI/CD development cycle.
Even if you don’t have a security manager, developers can still be equipped with automated tools like Detectify, use threat modeling and partake in internal training on common vulnerabilities like OWASP Top 10. While they can seem trivial to some, even a common vulnerability like XSS or misconfigured S3 buckets can lead to customer information or company user details to be leaked and misused in other ways. With the right checks in place, security can suddenly become a value-added for smooth customer experiences, fewer bug fixes and scaled up development.
Flaunt your cybersecurity as a USP to win end-users.
The banking sector has been using cybersecurity as a way to leverage their businesses and win customers over. Things like money sit close to personal privacy, and the marketplace has many other new products and companies entering this area such as IoT. There’s a concern that risk is being introduced into private homes, workplaces, and during commutes. This also opens up an opportunity for businesses in these sensitive markets to start leveraging product security as a competitive advantage.
Besides these personal possessions, the safety of children’s personal information in web or mobile apps is also vulnerable, which is something Pokemon GO recognized and turned into business value. They were able to leverage the security of the game to reassure parents that the game was safe for children to play, and still earned $795 million in 2018, which was a 35% growth in the last year.
Cybersecurity transparency for retention.
While GDPR compliance requires customer data is stored safely, and it requires companies to notify individuals whose information may be compromised within 72 hours. Without the right communication, customers may begin to think there’s more to the story and there’s something to hide. This could backfire and lose your valued customers and even land you a hefty fine, or a PR headache. Should a data breach occur, there’s an opportunity for businesses to respond with transparency, diligence, and urgency to show whether your brand is customer-centric and concerned for data protection.
How does Detectify help?
Start with securing all your web applications where there’s a possibility for user interaction. Automating this process with a web application scanner and domain monitoring service like Detectify can get you started on this path. Besides the common vulnerabilities like OWASP Top 10, you can also test for more creative exploitations submitted by the Detectify Crowdsource white hat hackers. Once you begin with a more fluid and structured way of working with web security and connecting it to business values, it can scale together with the business and enable faster and better growth.
Have you included an automated DAST-solution as part of your cybersecurity strategy today? If not, it’s easy to get started with Detectify automated web application scanner by signing up for a free 14-day trial. No credit card is required, and you’ll be up and scanning within minutes.