Impact of Cyber Security on Start-ups
Image taken from The Fintech Times
What should you learn next?
What is a start-up?
A start-up is a young company that is still in its phase of developing. Start-ups are usually small and have little or no funding. Such companies try to offer a product or service that is not currently available on the market and even if it exists, they provide it in a much better way.
The Myth
Most start-ups founders are under the impression that they are too small to get noticed by any hacker. Today, most start-ups are proud because of the advanced technology they use to make their product of service better. However, even they tend to make mistakes.
According to the National Cyber Security Alliance, 77% of smaller companies believe they are safe from cyber-threats.
The illusion that hackers would go after the Big Fish and not the Small Fish gives the founders a certain sense of false hope which leads to them not treating Cyber Security as a business issue. The European Commission has estimated that there are around 23 million SMEs in Europe, accounting for 99% of businesses. This is a very large pool for hackers to go after.
Consequences of getting hacked
As a start-up, your entire business depends on your reputation. Getting hacked damages that which directly affects the business. Gaining your clients trust back can take a long time, something that most start-ups do not have. The National Cyber Security Alliance reported that 60% of smaller companies go out of business within six months of a breach. Since the start-ups fail rate is already at a 90%, this puts more pressure on such companies.
What should be done?
Start-ups should consider security early on in their product cycle. Though a great deal of their focus goes on UI/UX, streamlining their customer relations and provide the best support, they should not forget that if somehow their reputation is damaged, even if they have a great product, they will need customers to use it.
In recent times, people are becoming more aware and have started to realize the importance of their information as a user. Any news of their data being compromised by a fresh company makes them hesitant for future.
Once the founders start believing the fact that they too can be victims of a hack and that hackers not only target the Big Fishes, they would start taking the right steps to safeguard themselves from future attacks.
Running a start-up, most of the decisions are based according to the company's financial health. Having clear, written policies and periodic training would enable any company to dedicate an army of security experts but minimal resources towards their security and still be secure.
Security risk at a regular start-up?
In the heat of getting new clients and making the deadlines, they tend to neglect/forget about:
- Updating 3rd party software/services
- Keeping strong passwords
- Training their employees against basic phishing attacks
- Neglecting certain loopholes within their own software's
- Scanning their networks/systems regularly
- Taking regular backups of their data
- Misconfigured web servers
What they tend to forget is that since a hacker is aware of these problems in a start-up too, he/she knows that they are more vulnerable than a company spending millions of dollars just on their security. After all, data is data. By ignoring the risks, they put their client's data at risk as well.
Since start-ups these days prefer going cloud as since far cheaper than having their own data centers, Rackspace reported that 52% of start-ups surveyed said that they could not afford on-premise IT resource. Since security within Cloud computing requires specialized skills and proper knowledge, they put their data a far greater risk than they are aware of.
The biggest problem is faced by founders who do not come from a tech background. Even if they are aware of such problem, they are completely clueless as to how they can avoid that by putting various measures in place.
New Technology, New Risks
Start-ups entering the field of IoT (Internet of Things) have been emerging over the past few years. With more IoT devices, the risk of security increases. People have already proven that Cars, digital medical devices, TV's, etc. can already be hacked apart from our regular phones, tablets, laptops and desktops. With more IoT devices, our networks have never been more vulnerable which gives any hacker a playground and a vast pool of devices to exploit. As every coin has two sides, this comes with a bit of good news as well.
Few start-ups have also been known to work on technology that uses a combination of Artificial Intelligence, Natural Language Processing, and Machine Learning to come up with new solutions to make our cyberspace more secure.
Investors' reaction to Cyber Security start-ups
Cyber security has become a really hot area which has been attracting investors from all over the world. Here are a few stats according to CBInsights for investments in cyber security from 2012 - Present (2017):
[download]Download the BEST PRACTICES FOR DEVELOPING AN ENGAGING SECURITY AWARENESS PROGRAM whitepaper[/download]
Most well-funded start-ups in Cyber Security (as of 2/7/2017)
Rank
Company
Disclosed Funding ($M)
1
Tenable Network Security
$302
2
Tanium
$295
3
Lookout
$281
4
Open Peak
$233
5
Okta
$229
Most highly valued start-ups in Cyber Security (as of 2/7/2017)
Company
Valuation ($B)
Tanium
$3.5
Look Out
$1.2
Okta
$1.1
Avast Software
$1
Cloud Flare
$1
Illumio
$1
Cylance
$1
Zscaler
$1
Most Active Angel Investors in Cyber Security (early stage investors)
Investor
Andreessen Horowitz
New Enterprise Associates
Accel Partners
Norwest Venture Partners
Google Ventures
CIT Gap Funds
Kleiner Perkins Caufield & Byers
.406 Ventures
Data Collective
YL Ventures
Most active VC (Venture Capitalists) in Cyber Security (late stage investors)
Investor
New Enterprise Associates
Accel Partners
Intel Capital
Andreessen Horowitz
Norwest Venture Partners
Sequoia Capital
Kleiner Perkins Caufield & Byers
Bessemer Venture Partners
Trident Capital
Conclusion
Start-ups should focus more on this problem than they normally do and start considering it as a potential business risk. They should dedicate at least one person within their organization who would be responsible for security, doing periodic checks, etc. They should also train their employees to be cautious of harmful phishing emails since that put them at a greater risk and as they say, Human stupidity is the greatest vulnerability. They should also help their employees to make a habit of update all their software on a regular basis including their servers.
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- Impact of Cyber Security on Start-ups
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security