Snapp Group’s Efforts to Protect User Data and Enhance Cybersecurity
Forbes Report: Cybersecurity Threats on the Rise
According to a Forbes report in 2023, personal data of over 353 million people worldwide was exposed, with cyberattacks increasing by 72% compared to 2021. This alarming trend underscores the growing global crisis of cyber threats and personal data breaches. Both individuals and organizations must be proactive: individuals should learn how to protect their personal information, while organizations must implement robust security measures and protocols to safeguard user and customer data from potential cyberattacks.
Snapp Group’s Response to Cybersecurity Threats
Following a data breach at SnappFood in winter 2023, Snapp Group initiated extensive cybersecurity enhancements, as detailed in their 2023 performance report. Here are the key measures taken:
1. Strengthening Cybersecurity Team
Snapp Group has employed 25 cybersecurity experts dedicated to protecting user data. Their main responsibilities include maintaining the confidentiality, availability, and integrity of information systems, services, and data across all subsidiaries. The team has also increased bug bounty program rewards and hosted the first Capture the Flag (CTF) competition in 2023.
2. Data Encryption and Protection
The cybersecurity report highlights that Snapp encrypts and protects sensitive user data, including Personally Identifiable Information (PII), using advanced security methods and standards. Sensitive data is meticulously identified, segregated, and stored with high-security measures. Continuous monitoring and special access protocols ensure data is protected from unauthorized use and breaches.
3. Employee Training on Cyber Threats
In 2023, Snapp intensified employee training on cyber threats, social engineering, and phishing. By creating relevant content, they have raised awareness among employees about these dangers.
4. Account Deletion Feature
Snapp has implemented an account deletion feature across SnappCar, SnappDoctor, SnappShop, and SnappBox, with SnappDoctor also committing to delete medical data within 24 hours. This feature will soon be available across all Snapp subsidiaries.
5. Advanced Data Security Techniques
In 2023, Snapp enhanced data security using advanced encryption, masking, and hashing techniques. These methods ensure the confidentiality of user information and prevent unauthorized access to sensitive data.
6. Data Retention Policies
Snapp has established strict data retention policies, specifying the duration for storing user data and secure deletion practices once the retention period ends. This reduces risks associated with long-term data storage and protects user privacy.
7. IT Infrastructure Security
Securing IT infrastructure is a top priority for Snapp. In 2023, they implemented advanced intrusion detection systems, regularly updated security software and hardware, and provided continuous security training for employees.
8. Secure Data Storage in Software Development
Snapp adopted application-level and database-level encryption policies to ensure data security throughout the software development lifecycle. This includes encrypting data at entry and secure storage to prevent unauthorized access.
9. RADAR Framework Implementation
The cybersecurity team utilized the RADAR framework to effectively implement software security. By the end of 2023, 151 products and 36 teams were covered under RADAR, using tools like SAST, SCA, SBOM, password detection, and infrastructure scanning to identify and mitigate security weaknesses.
10. Increased Bug Bounty Rewards
Launched in late 2019, Snapp’s bug bounty program saw a significant reward increase in 2023, with up to 150 million tomans for critical vulnerabilities. The program, categorized from medium to critical levels, has helped identify and fix numerous security issues, enhancing Snapp’s overall security posture.
Snapp Group’s comprehensive approach to cybersecurity in 2023 highlights their commitment to protecting user data and enhancing security measures across their platforms. With continuous improvements and proactive measures, Snapp aims to stay ahead of cyber threats and safeguard user privacy effectively.
Capture the Flag Competition: A Test of Cybersecurity Skills
Alongside its bug bounty program, Snapp Group hosted its first Capture the Flag (CTF) competition on February 21, 2024. This event aimed to challenge the skills of cybersecurity enthusiasts and discover innovative approaches to solving security issues. A total of 680 participants formed 400 teams and competed over 24 hours. The competition featured 35 challenges across various domains, including web security, reverse engineering, advanced cryptography, forensics, and application penetration. Out of the 35 designed challenges, 26 were successfully solved, and the total prize pool amounted to 200 million tomans. This event not only helped identify and strengthen cybersecurity skills but also facilitated networking and knowledge exchange among participants.
Enhancing Security Infrastructure and Promoting Cybersecurity Culture
Snapp Group’s initiatives in 2023 demonstrate their proactive approach to improving and evolving cybersecurity methods and identifying vulnerabilities. The bug bounty program and the CTF competition have not only enhanced the security of the Snapp super app but also contributed to raising awareness and emphasizing the importance of cybersecurity. These efforts reflect Snapp’s commitment to building a culture of cybersecurity, creating opportunities for skilled individuals, and fostering collaboration within the cybersecurity community. Such initiatives are poised to have a significant impact on the startup ecosystem in Iran.
No Comment! Be the first one.