Why Cyber security is essential for startups | Sunday Observer

Why Cyber security is essential for startups

We are living at a time where cyber security holds the ‘top spot’ in corporate agendas. The recent WannaCry ransomware attack forced Honda, one of the largest automobile manufacturers, to power down production at its Sayama plant in Japan, about a month ago.

Implications arising from suspected Russian involvement in the recent US elections continues to unfold, baffling even the most talented cyber security experts.

The implications of data breaches on the bottom line have been clearly seen from incidents which occurred during the recent past. The data breach which occurred at Yahoo had a major financial impact, so much so, that Verizon acquired the company for USD 350 million less than the previously agreed price.

Hackers also blackmailed Qnect, a Sydney based social ticketing platform, threatening to release confidential customer data to the public domain unless a ‘ransom’ was paid via Bitcoin. This incident too occurred during May/June 2017. Thus, it is not surprising that cyber security has become the priority for everyone, including policy makers.

Compared to established businesses, young companies, or ‘start-ups’ have much more at stake. This is due to the fact that they are still in their infancy, attempting to sell a unique product or service to a new market of consumers, where reputation, reliability and trust are key factors for success.

A data breach at the early stages could not only result in major financial losses, but also reputational damage, amplified by social media, which could severely hinder the progress of the company or even bring their operations to a halt; permanently.

Keeping this in mind, it is crucial to adopt the correct cyber security measures at the very early stages, to ensure the continuity of the startup. After all, cyber security is not something you can add-on later, but should ideally be built into the genetics of the company.

Listed below are a few simple steps you can take as an entrepreneur, to minimize breaches and increase the survival of your startup.

Security assessment

It is better have a fresh look from an outside perspective, whether you have a competent set of information security professionals attached to your business or not. This will help you identify the threats you are up against and the risks that you may have to live-with.

By all means, conducting a security assessment is not an easy task. It is a complex undertaking, where you need to clearly identify the scope of the engagement, making sure to cover all critical aspects without burning a hole in your bank account.

Establish priorities

After you identify the threats and the uncertainties that you are up against, you need to decide the order in which you will handle them.

You will definitely have too many things on your plate, and you would need to decide which ones you will deal with first. It is also important to lead by example. Many times, security initiatives fail due to lack of senior management commitment and support. Awareness is also a very important factor. There is no point in having detailed policies, unless your staff, contractors and consumers know what they are up against, what they need to do and how to handle a critical situation.

Plan for the worst

After applying risk remediation/mitigation measures, you need to be in constant vigilance. Irrespective of how many controls you put, hackers will always find a way-in.

Remember, good guys need to get things right all the time, and the bad guys only need to get it right only once. This makes cyber security initiatives an uphill task. Hence, if attackers, want to get at you, they probably will, sooner or later. You need to be prepared to face such incidents with two key points in mind:

How soon can you detect the breach?

How soon can you thwart the attack and get back on your feet?

Taking proactive measures to address the above would greatly help you minimize the impact of a cyber-security attack. Thus, having cyber-security insurance and a specialized incident response team on speed-dial could also be of importance depending on the nature of the business you are in.

Parakum Pathirana

Assistant Treasurer, Computer Society of Sri Lanka