Volkswagen of America Selects CI&T as Digital Agency of Record Jul 20, 2025 CI&T is a global technology transformation specialist, has been named the Digital Agency of Record (DAOR) for Volkswagen of America, Inc. Learn more
Increasing DEV Power with Augmented Coding Oct 28, 2022 Technological approaches and resources accelerate tasks associated with software development and maintain the quality of actions. This is Augmented Coding. Learn more
Insights from our first Global Pride Month Panel 2023 Jun 28, 2023 CI&T’S Global Pride Month theme is "We must continue." It's a phrase to reaffirm our commitments to the LGBTQIAP+ community and keep moving forward! Last week we did our first Global webinar internally, but we picked up the best insights for you! Learn more
5 practices for an efficient Cybersecurity strategy May 15, 2023 The number of cyber attacks continues to grow. Worldwide, according to researchers at Check Point Research, there was an increase of 28% in the third quarter of 2022 compared to the same period in 2021. Companies are obvious targets – the average number of attacks is now more than one per week. Learn more
5 practices for an efficient Cybersecurity strategy May 15, 2023 | min read Data SecurityCybersecurity By Gustavo Concon The number of cyber attacks continues to grow. Worldwide, according to researchers at Check Point Research, there was an increase of 28% in the third quarter of 2022 compared to the same period in 2021. Companies are obvious targets – the average number of attacks is now more than one per week.These criminal activities on companies have many negative impacts. A report by cybersecurity firm Sophos revealed that 77% of surveyed IT leaders from the retail industry admitted that their organisations were hit by ransomware attacks in 2021 (up 75% from 2020). Cyber security culture throughout the technology chain The IBM Cost of Data Breach Report 2022 shows that cloud migration is the second most significant factor impacting data leakage costs. Still, on the other hand, DevSecOps - an agile development process with security practices embedded throughout the development chain - is the second factor that most contributes to reducing this cost.The need to implement robust security measures in all companies' digital processes is becoming more evident every day. Considering that the cloud is now a fundamental part of business, paying particular attention is necessary when doing migrations.In addition to the direct impact on reducing vulnerabilities and organisational risk, we have seen other factors that significantly impact development efficiency, cost, and even the wellbeing of employees who work directly in defending companies against malicious attackers.A CI&T survey indicated that the use of DevSecOps makes the time needed to remediate security incidents 10 times faster, a reduction of up to 80% in the efforts of security teams, and burnout rates up to 1.4X lower compared to teams where the company is not yet mature in this type of practice. Direct evidence on how to do more for less, directing teams to expand their scope of work with a greater focus on innovation in security.Still, for a DevSecOps strategy to reach its full potential, knowing how to implement it is part of the game. The transformation in the culture of Cybersecurity The 3 essential perspectives to consider when adopting cybersecurity practices are:Technology — It’s not possible to implement a good DevSecOps strategy without the proper tools;Processes — ensure that each phase of the development cycle addresses the security issue, and not just at the end of the cycle, improving risk prevention and remediation; People — training professionals, building a culture of performance, and ensuring that they can speak without fear about the subject and the possible vulnerabilities of the product, are of paramount importance. Every employee is responsible for safety, regardless of his workplace area, not just the safety team. The 5 practices to bring efficiency in information security: Continuous Testing: Software engineering and its development process need to include automation of security tests. There are numerous tools on the market to ensure that the code, at development time, has good practices or is not creating known vulnerabilities, in addition to verifying that the entire chain of dependencies (third-party libraries) also does not have any exposure that could impact the software indirectly.Security Design: The design of a software architecture can, no matter how well its code is implemented, generate attack vectors and expose information of significant impact to an attacker. Practices such as threat modeling and tools that help in this process bring much more security at the beginning of the development cycle, even considering business requirements such as LGPD, GDPR, PCI, SOX, among others. Threat modeling is a constant process with each new software evolution.Cloud & Infra Security: Monitor and prioritise risks and vulnerabilities identified by infrastructure security scan tools. Combined with threat modeling, it ensures high coverage of risks associated with exposures in the solution's logical and physical architectures.Risk & Compliance: Security goes beyond digital. Market frameworks such as ISO2700X assess, for example, whether employees' physical environment is safe, whether work environment and contracts are secure, and whether access permissions are effectively managed.Treinamentos: A good employee training and education platform is vital for everyone to be safety guardians. Where to start? The adoption of this maturity in the company is complex. Culture cannot be changed with motivational phrases or corporate decrees. It is necessary to create references and relevant cases that, in addition to generating motivation in other employees, demonstrate value clearly and effectively.Talk to us and learn how we can accelerate the adoption of these practices at scale in your organization.*Originally published in Época Negócios Gustavo Concon Chief Technology Officer, CI&T 0