Image taken from The Fintech Times

What is a start-up?

A start-up is a young company that is still in its phase of developing. Start-ups are usually small and have little or no funding. Such companies try to offer a product or service that is not currently available on the market and even if it exists, they provide it in a much better way.

The Myth

Most start-ups founders are under the impression that they are too small to get noticed by any hacker. Today, most start-ups are proud because of the advanced technology they use to make their product of service better. However, even they tend to make mistakes.

According to the National Cyber Security Alliance, 77% of smaller companies believe they are safe from cyber-threats.

The illusion that hackers would go after the Big Fish and not the Small Fish gives the founders a certain sense of false hope which leads to them not treating Cyber Security as a business issue. The European Commission has estimated that there are around 23 million SMEs in Europe, accounting for 99% of businesses. This is a very large pool for hackers to go after.

Consequences of getting hacked

As a start-up, your entire business depends on your reputation. Getting hacked damages that which directly affects the business. Gaining your clients trust back can take a long time, something that most start-ups do not have. The National Cyber Security Alliance reported that 60% of smaller companies go out of business within six months of a breach. Since the start-ups fail rate is already at a 90%, this puts more pressure on such companies.

What should be done?

Start-ups should consider security early on in their product cycle. Though a great deal of their focus goes on UI/UX, streamlining their customer relations and provide the best support, they should not forget that if somehow their reputation is damaged, even if they have a great product, they will need customers to use it.

In recent times, people are becoming more aware and have started to realize the importance of their information as a user. Any news of their data being compromised by a fresh company makes them hesitant for future.

Once the founders start believing the fact that they too can be victims of a hack and that hackers not only target the Big Fishes, they would start taking the right steps to safeguard themselves from future attacks.

Running a start-up, most of the decisions are based according to the company’s financial health. Having clear, written policies and periodic training would enable any company to dedicate an army of security experts but minimal resources towards their security and still be secure.

Security risk at a regular start-up?

In the heat of getting new clients and making the deadlines, they tend to neglect/forget about:

  • Updating 3rd party software/services
  • Keeping strong passwords
  • Training their employees against basic phishing attacks
  • Neglecting certain loopholes within their own software’s
  • Scanning their networks/systems regularly
  • Taking regular backups of their data
  • Misconfigured web servers

What they tend to forget is that since a hacker is aware of these problems in a start-up too, he/she knows that they are more vulnerable than a company spending millions of dollars just on their security. After all, data is data. By ignoring the risks, they put their client’s data at risk as well.

Since start-ups these days prefer going cloud as since far cheaper than having their own data centers, Rackspace reported that 52% of start-ups surveyed said that they could not afford on-premise IT resource. Since security within Cloud computing requires specialized skills and proper knowledge, they put their data a far greater risk than they are aware of.

The biggest problem is faced by founders who do not come from a tech background. Even if they are aware of such problem, they are completely clueless as to how they can avoid that by putting various measures in place.

New Technology, New Risks

Start-ups entering the field of IoT (Internet of Things) have been emerging over the past few years. With more IoT devices, the risk of security increases. People have already proven that Cars, digital medical devices, TV’s, etc. can already be hacked apart from our regular phones, tablets, laptops and desktops. With more IoT devices, our networks have never been more vulnerable which gives any hacker a playground and a vast pool of devices to exploit. As every coin has two sides, this comes with a bit of good news as well.

Few start-ups have also been known to work on technology that uses a combination of Artificial Intelligence, Natural Language Processing, and Machine Learning to come up with new solutions to make our cyberspace more secure.

Investors’ reaction to Cyber Security start-ups

Cyber security has become a really hot area which has been attracting investors from all over the world. Here are a few stats according to CBInsights for investments in cyber security from 2012 – Present (2017):

Most well-funded start-ups in Cyber Security (as of 2/7/2017)

Rank

Company

Disclosed Funding ($M)

1

Tenable Network Security

$302

2

Tanium

$295

3

Lookout

$281

4

Open Peak

$233

5

Okta

$229

Most highly valued start-ups in Cyber Security (as of 2/7/2017)

Rank

Company

Valuation ($B)

1

Tanium

$3.5

2

Look Out

$1.2

3

Okta

$1.1

4

Avast Software

$1

4

Cloud Flare

$1

4

Illumio

$1

4

Cylance

$1

4

Zscaler

$1

Most Active Angel Investors in Cyber Security (early stage investors)

Rank

Investor

1

Andreessen Horowitz

2

New Enterprise Associates

3

Accel Partners

4

Norwest Venture Partners

5

Google Ventures

6

CIT Gap Funds

6

Kleiner Perkins Caufield & Byers

7

.406 Ventures

7

Data Collective

8

YL Ventures

Most active VC (Venture Capitalists) in Cyber Security (late stage investors)

Rank

Investor

1

New Enterprise Associates

2

Accel Partners

3

Intel Capital

4

Andreessen Horowitz

5

Norwest Venture Partners

6

Sequoia Capital

7

Kleiner Perkins Caufield & Byers

8

Bessemer Venture Partners

9

Trident Capital

Conclusion

Start-ups should focus more on this problem than they normally do and start considering it as a potential business risk. They should dedicate at least one person within their organization who would be responsible for security, doing periodic checks, etc. They should also train their employees to be cautious of harmful phishing emails since that put them at a greater risk and as they say, Human stupidity is the greatest vulnerability. They should also help their employees to make a habit of update all their software on a regular basis including their servers.