Investor Presentaiton
RISK PREVENTION
In addition to adopting the most advanced
protection measures and constantly testing
our defenses to have a resilient app, we
need to be prepared for any kind of incident.
An advanced and constantly updated
monitoring system triggers alerts to flag any
suspicious signs. For these cases, we have a
cyber incident response plan that considers
the residual risks related to the topic. We
also conduct simulation exercises, applying
the plan's guidelines, to train the bank's
teams in the event of security incidents that
impact C6 Bank's data. In 2021, we trained
74 employees divided among the legal
and security, technology, and risk areas, in
addition to the Executive Board.
In 2021, we expanded the Security Operation
Center (SOC), a team dedicated to the
prevention, identification, analysis, and
response to cybersecurity-related incidents
and now also fraud prevention. The SOC
works in three shifts without interruption,
24 hours a day, every day of the week. The
group relies on a combination of specific
technological solutions for monitoring and
a set of controls and procedures that define
the actions and measures that must be
adopted in each situation.
Bug Bounty: the good hackers
C6 Bank was the first Brazilian bank to
partner with HackerOne, the world's largest
platform for ethical hackers and security
researchers. They have more than 400,000
people dedicated to finding vulnerabilities in
enterprise applications worldwide. In return,
the researcher receives a financial reward (or
bug bounty). The program has two important
advantages: the critical mass and the diversity
of knowledge of the thousands of researchers
on the HackerOne platform around the world.
The more researchers that test an application,
the greater the chances of finding bugs that
can be fixed more quickly.
33View entire presentation