Queue-it’s CTO on how we strengthened security in 2022
Queue-it customers run some of the most high-profile drops, sales, and registrations in the world. Malicious actors are always looking for ways to gain an unfair advantage, which means our cybersecurity is a top priority. Queue-it CTO Peter Jacobsen highlights 3 major initiatives we took in 2022 to strengthen systems against cyber risks.
Security has always been the key priority in Queue-it. And 2022 was no exception. Global cyberattacks increased by 38% in 2022, compared to 2021. From individuals to governments, universities, hospitals, and businesses–anyone can be a target of a cyberattack. With the rising number of security incidents across industries, we aim to stay extra vigilant.
I’m Peter Jacobsen, the CTO of Queue-it, and I’d like to illustrate how we make Queue-it a resilient partner of your business. We spent last year focusing on 3 major areas: cyber security awareness, open-source libraries, and our infrastructure security.
If you'd like to see me and Gábor, our Cloud Security Architect, talking about our approach towards security, check the video below.
Cybercriminals have become creative in exploiting human vulnerabilities and psychology. That’s why employees are called to be the weakest link in the security chain.
Surprisingly, only 60% of organizations provide formal cybersecurity education to their staff. We didn’t want to be part of that number.
Queue-it employees have gone through a mandatory cyber security training, comprising e-learning, and classroom training, and received frequent reminders in Townhalls.
To apply this knowledge, we’ve run in-house phishing simulations which helped us identify high-risk profile employees and offer them extra training. I even made it a hobby of mine to scout out unlocked laptops in the office.
I won’t sugarcoat it; it's long and difficult work.
But is it worth it?
With our employees being fully aware of potential risks and consequences, we ensure that the weakest link is strong enough to keep your and our data safe.
It’s standard practice for tech companies around the globe to rely on open-source resources. Instead of developing basic functionality from scratch and reinventing the wheel, companies use existing code from a community focused on developing and maintaining open-source libraries.
On this point, Queue-it is no exception. It gives us the freedom to spend our time on our primary software domain—online traffic management and virtual waiting rooms.
Most open-source software come for free—but free is not always the same as without cost. Security vulnerabilities in open-source libraries are exposed to all hackers on the internet.
At Queue-it, we’ve invested a lot of time in getting our processes and tools ready for tomorrow’s challenges. Last year, we developed a daily scan process to be immediately notified of new vulnerabilities. We’re then able to react much faster and ensure hackers don’t have a foot in the door.
In 2022, we processed over 65 million visitors every day through our virtual waiting room. To keep up with that load, we run approximately 500 servers daily. The pressure to keep the infrastructure safe is high. But infrastructure security is not something an infrastructure provider takes care of. So how do we manage that?
It’s about balancing efficiency and risks in an agile organization. Too many processes around launching a new product feature and adding new infrastructure would slow everything down, but would help avoid infrastructure vulnerabilities. No process in place would make things move fast, but extremely prone to risks.
To strike that sweet balance, we hired a highly experienced Cloud Security Architect, Gábor Sivók. He’s dedicated to finding and closing infrastructure issues in an environment that needs to be 100% reliable while maintaining our innovation momentum. It’s proven to be an effective solution. This, together with our biannual penetration tests, lets me sleep much better at night.
I’m happy to see that in 2022 we strengthened our system against cyber risks and became an even more secure partner for companies like yours. But good cyber hygiene is a continuous process. Security was a key priority for me and my team in 2022, and 2023 is no exception.