Software and SaaS

Use of software-as-a-service, or SaaS, applications is exploding, but so are the security risks of SaaS clouds.

ACKNOWLEDGING THE RISKS

While tech companies vary in their field of business, what they all have in common is the creation of technological products, comprised of massive lines of code, which can  create cyber security risks by themselves if not designed correctly. The risks involved with this activity stretches beyond configuration of systems, which of course is crucial, towards opening large holes in its products, allowing adversaries to enter the production environment and act as they wish. Thanks to the following characteristics:

NEW TECHNOLOGIES

New technologies, by nature, are an easy prey for the smart attackers, as they are still maturing, constantly changing and do not have ready made security protection solution available for them.

TECH INDUSTRYS' NATURE

Tech companies, their leaders and their employees are usually more risk loving and innovation driven. They rely on fast pace development with short product cycles, to keep competitive in their respective markets. From a cybersecurity perspective, this results with inherent cybersecurity risks as it is more likely that cybersecurity analysis was not included in the initial process.

VALUABLE DATA

The data held by tech companies is attractive for attackers in more than one aspects. First, the assets of tech companies are their intellectual property – a target which may be accessed directly by attacker with no further need to act – whether it is their source code or the intellectual property they provide to users. Second, Tech companies many times process personal data on a very large scale, which can be a great source for a variety of adverse operations by attackers.

Media and Communications

Cybersecurity solutions for tech companies should be comprehensive and tailored to the specific market and characteristics of the company. As with other fields, these solutions should be based on a risk survey of existing systems, but moreover they should be well embedded into the product cycle, without creating a burden on the short development cycles. Code review by cyber security experts with coding experience will assist with mitigating risks within existing products.

Online Gaming

  • Protection of players accounts’ PII
  • Protect the funds (company/ players)
  • Internal resources protection (Biz-dev, HR, Finance, brand)
  • Security accountability towards third parties
  • Regulatory compliance objectives (gaming/ privacy)
  • Security in M&A
  • Products and services availability
  • Distributed business operation with little awareness for cybersecurity