Earlier this year, we shared our philosophy behind data security. It’s obvious that data privacy and security are paramount to success in any industry, but we’re especially careful and “methodically paranoid” on behalf of our customers. We’ve continued that conversation here through our involvement in the community, helping others in the space understand our perspective on the topic.
Havoc Shield, a cyber attack preparedness and defense provider for startups, recently interviewed our CTO, Adam Kanouse, and our VP of Information Security, Joseph S. Zhou, on Evive’s security posture and what we’ve done to protect customer privacy in the face of a growing global threat landscape.
The current state of security threats
In the 2019 Verizon Data Breach Report, investigators found that 43% of all cyber attacks were directed at companies with less than 500 employees. Of those that are successfully attacked, many are forced out of business within months—due in part to a lacking response and the catastrophic impacts on finances and reputation.
Startups are more vulnerable to attacks than ever. They’re a soft target to penetrate, as they often use exploitable open source libraries and lack the skills to quickly detect or deal with attacks. Cybercriminals will obtain information to rob bank accounts, steal customers’ PII (personal identity information), file for fraudulent tax refunds, and release proprietary personal information resulting in increasing regulatory fines for the victimized business.
Getting attacked isn’t cheap either! According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000—and for middle market companies, it’s more than $1 million.
Most startups simply hope and pray they’re not next given how big and technical of a mountain cyber-attack preparedness often feels like. The ones that survive do something about it through informed leadership; iterative, additive preparation; and a proactive cyber security mindset within their organization.
What Evive is doing about it
It’s worthwhile highlighting a few items from our discussion with Havoc Shield CEO, Brian Fritton.
Brian found that Evive is clearly focused on leveraging best practices, such as:
- Secure coding reviews
- Least privilege access control
- A proactive company-wide commitment to cyber security from the get-go
The Evive Security team regularly launches disaster recovery and threat emulation campaigns in an effort to practice our response procedures and the tools involved. We’ve also implemented blue chip infrastructure providers, not only to mitigate our attack surface through proactive security scans and managed services, but also to have immediate support in the case of any incident.
Our customers and their employees benefit from these initiatives and many other wise decisions made by our DevOps, Security, and Engineering teams in the use of such services. These decisions allow us to focus on building best-in-class solutions while maintaining solid security hygiene—ultimately, to ensure our customers can feel safe working with us as their partner.
What does the future hold?
We’re prioritizing the growth of our security culture company-wide, with exercises built to put our defense to the test. We’re doing this in coordination with efforts in preventative defense so we can build our team’s muscle memory in responding to any possible attacks. Testing our defenses brings up areas of discussion on how we can do even better in ensuring our response capabilities—and it keeps security top of mind.
Be on the lookout for more about our efforts to keep your data safe, and how the lessons learned through this campaign are making our solutions the best they can be.