The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. It is currently observed in the US, Canada, Israel, UK and European Union members.
Looking at this issue, Ashish Gupta, CEO and president of Bugcrowd, considers why this approach to cybersecurity is important and how the coronavirus situation has provided additional challenges.
Gupta explains why change is necessary: “The pandemic has made transformation nothing less than an existential imperative, and most developers and engineers are in a rush to get their products to market as quickly as possible to gain a competitive advantage. Yet, most fail to realize that speed is the natural enemy of security, and this process can put consumer data in peril. As such, engineers and developers must have a system of checks and balances in place as they seek to digitally transform to ensure that any vulnerabilities are proactively identified and secured before attackers can exploit them.”
With the specific event, Data Privacy Day, Gupta outlines how this “serves as a crucial reminder for businesses to ensure they are implementing data protection best practices to protect their customers’ privacy . It is a great time for companies to consider merging the software development lifecycle (SDLC) with the security lifecycle to ensure consumer data privacy is secured at every level of innovation. This is where a crowdsourced approach to cybersecurity can help.”
He adds that: “Not only will the collective intelligence of technology and human ingenuity allow engineers and developers to continue to innovate at their own pace, but it will also allow outside researchers to uncover and report any vulnerabilities in a product’s code. The theme for Data Privacy Day 2021 is “Own Your Privacy,” and having insight into critical issues before they become breaches gives companies the security awareness needed to maintain data privacy. ”
With the concept of crowdsourced cybersecurity, Gupta explains that this “Is a security approach that uses ethical hackers – or simply, security researchers – to uncover vulnerabilities in business applications, devices, and networks. Crowdsourced cybersecurity can also help fill gaps within an organization’s internal security team, as many companies still struggle with the lack of available security talent. This approach eliminates the imbalance between the creativity and motivations of attackers with those of enterprise security teams. ”
For example, Gupta looks at his company’s own services. He states: “Bugcrowd matches customers with a global network of highly-skilled and fully vetted researchers that specialize in all industries, technology stacks, and targets. These researchers can be leveraged, on-demand, to probe targets, including mobile applications, internet-connected cars, corporate networks, and more to detect potential vulnerabilities. By enlisting a crowd of ethical hackers, organizations can augment their existing team and security tools to uncover previously unknown vulnerabilities or blind spots.”
Gupta concludes: “This approach offers customers measurable confidence that investing in a crowdsourced vulnerability disclosure program (VDP), bug bounty, or pen testing program will yield a positive return – helping to protect companies from constantly evolving cybersecurity threats.”