Modernizing an Old Industry, All While Prioritizing Cybersecurity
PeerStreet is the first two-sided marketplace for investing in real estate debt. Built to benefit the entire ecosystem of real estate investing, all participants are presented with new opportunities and better transparency in funding projects.
In part due to the 2008 financial crisis, co-founders Brew Johnson and Brett Crosby, re-imagined how to improve and simplify the loan process. In doing so, PeerStreet has transformed the relationship and expectations lenders, borrowers, investors, and local communities can anticipate.
However, in bringing this plan to life, prioritizing cybersecurity couldn’t be overlooked. PeerStreet’s team understood and was well aware of the volatility and threat dangers that accompany any digital business in today’s market. Being able to identify the need of adding cybersecurity expertise and consulting to their business operations quickly became priority number one. This attitude formed the relationship between us and PeerStreet still held today.
“I think small companies or companies at their beginning need someone who can bring cybersecurity expertise and an array of people. Everyone [at CDG] brings a variety of domain effects that together provide you the coverage that you need in today’s cybersecurity environment,” said Oren Ben Shaul, CTO of PeerStreet.
As a dual-facing platform that handles, transfers, and processes large financial transactions and sensitive personal information, PeerStreet knew that cybersecurity would be a top priority from the beginning. As a start-up, they were aware of how malicious actors and cybercriminals would see them as a vulnerable target with an underdeveloped security infrastructure. Being continuously conscious of the evolving digital threats that exist and the ones that are just around the corner, PeerStreet was proactively looking for ways to stay ahead of invading vectors and parties. In their mission to digitize the real estate investing industry, they knew this couldn’t be accomplished without a dedicated security approach.
The problem being that they didn’t know what they didn’t know. That’s where we came in.
Making PeerStreet’s business goals a reality called for a comprehensive and detailed security game plan. This began with an independent risk assessment to identify what current strengths, weaknesses, and opportunities existed both internally and externally from a cybersecurity perspective.
“What CDG has brought us is that they have taught us how to organize ourselves around security. They have shown us how to build the right processes and structures from within our organization so we can better manage ourselves and ask the right questions. They have provided us with the framework for security success,” said Ben Shaul.
From there, we worked closely with PeerStreet leadership to develop a one-year plan on what actionable steps should be taken to reduce their attack surface and prepare for unexpected security events. It was critically important for PeerStreet to be properly defended around-the-clock, and to gain better visibility into new tactics, techniques and procedures (TTPs) that could potentially challenge their networks.
With this overarching objective in mind, we worked with their team to help them understand what blindspots existed in their security program, and to execute the agreed-upon roadmap, with an eye towards our Outcomes-Based Security™ methodology. PeerStreet recognized that a strong security posture must be built and re-solidified day by day.
“As a startup and a new company, there are many things you don’t know… This is where I believe you can benefit from hiring a third-party company. They can come in and bring proficient knowledge and expertise to help you implement what needs to be done. I think this is one of the key advantages of CDG. They bring an array of great people that know what you need and are there for you… They help you to grow,” said Ben Shaul.
As we continue our partnership with PeerStreet, we share a common philosophy that threats will always be looming. A permanent solution to security doesn’t exist. Instead, it is a continuous life cycle of monitoring, assessing, and adjusting. Cybersecurity is about knowing how to best utilize tools and information to reach your goals.