Investor Presentaiton slide image

Investor Presentaiton

RISK PREVENTION In addition to adopting the most advanced protection measures and constantly testing our defenses to have a resilient app, we need to be prepared for any kind of incident. An advanced and constantly updated monitoring system triggers alerts to flag any suspicious signs. For these cases, we have a cyber incident response plan that considers the residual risks related to the topic. We also conduct simulation exercises, applying the plan's guidelines, to train the bank's teams in the event of security incidents that impact C6 Bank's data. In 2021, we trained 74 employees divided among the legal and security, technology, and risk areas, in addition to the Executive Board. In 2021, we expanded the Security Operation Center (SOC), a team dedicated to the prevention, identification, analysis, and response to cybersecurity-related incidents and now also fraud prevention. The SOC works in three shifts without interruption, 24 hours a day, every day of the week. The group relies on a combination of specific technological solutions for monitoring and a set of controls and procedures that define the actions and measures that must be adopted in each situation. Bug Bounty: the good hackers C6 Bank was the first Brazilian bank to partner with HackerOne, the world's largest platform for ethical hackers and security researchers. They have more than 400,000 people dedicated to finding vulnerabilities in enterprise applications worldwide. In return, the researcher receives a financial reward (or bug bounty). The program has two important advantages: the critical mass and the diversity of knowledge of the thousands of researchers on the HackerOne platform around the world. The more researchers that test an application, the greater the chances of finding bugs that can be fixed more quickly. 33
View entire presentation