Why startups should invest in security as they scale
The demand for cyber security is growing at an exponential rate due to the continuous increase in the number of cyber attack cases worldwide. According to industry indicators, a cyber attack occurs every 11 seconds across the globe. The cybersecurity market was valued at USD 216.11 billion in 2021 and is forecast to reach USD 478.68 billion by 2030.
A panel discussion at TechSparks 2022 with Kumara RaghavanIndia Head, Startup Sales Segment at AWS (Amazon Internet Services); Rahul Sasico-founder, CEO, CloudSEK; Rahul Tyagi, Co-Founder, Safe Security; and Shraddha Sharmafounder and CEO of YourStory, shared insights on how businesses should ensure their security needs are never compromised.
Investment in security
Security is essential to help businesses earn the trust of their customers, regulators and auditors and protect themselves from malware. New and evolving threat vectors with increasing levels of sophistication mean that security is not a one-off task.
It is by no means an understatement that today, cyber security is a key component of any modern business. From maintaining governance and meeting compliance requirements, to protecting against cyber-attack threats, every business today needs a basic security protection, or a minimum standard of processes to keep operations secure.
Investing in security feels like investing in insurance, Shradha said opening the discussion. “We never think a breach is going to hit us, until one day it does,” she said, asking experts on the panel to share why it was important for startups and businesses to invest in security.
It’s important for startups to invest in security measures from the very beginning, so they can build on the right response to a security incident by cutting down on potential latency, AWS’s Kumara said. “At AWS, we’ve come up with a security baseline so founders don’t have to worry about building and being secured. For startups, it should be both to build quickly and be secure, Kumara said.
One of the things that AWS provides is a startup-based security baseline that has two components, one is from the account level to ensure that startups have the right prescriptive guidance around the access or permissions, while the other part is around the workload, where there are applications, data and related needs to help businesses get started with the right foundation and principles, he added.
Beware of cyber attacks
Rahul Sasi of CloudSEK recounted an incident where hackers within a startup ecosystem were able to siphon funds from investors during a fundraiser by creating a fake bank account. “We live in a system where a certain set of hackers are financially motivated and will act when necessary, and then there are those who will immediately try to make money from a security breach. So it is important that companies focus on security at every time, he added.
Security is a shared responsibility between an individual working in a company and what that company does to protect its infrastructure, said Rahul of Safe Security. “It’s very important how to engage with fake links or emails because cyber security is such an important factor today that any mishap can actually lead to an arrest by the government,” he said. He offered Safeme, a downloadable, free application that would help users understand if their device or email has been hacked.
The cybersecurity ecosystem for startups, according to him, faces the problem of having too many tools, each with its own dashboard. “To navigate this, we’ve integrated all the cyber security tools that will tell you the likelihood that your organization will be hacked in the next 6-12 months. So we’ve developed a predictive tool rather than a reactive one,” he added to.
Key metrics to monitor
For startups to focus on security, Kumara reiterated that the fundamental approach to security must be strong. The next thing he suggested was to stick to strong fundamentals when doing code development. “As they scale, startups should make sure they look at automation-based tools like Amazon Guard Duty, which constantly tracks threats and triggers alerts and helps with remediation, or the Security Hub, which is a consolidation of all alarms and remediation. When you start scaling, it’s important to involve experts who have in-depth experience in the segment, he added.
From a reactive perspective, it is also important to build muscle on a reactive basis. “Some of our larger customers as part of their enterprise support program undergo simulation events to help their teams build expertise around breach response,” Kumara added. For startups, it’s important to have a combination of proactive and reactive tools to tackle security, he said.
The discussion also highlighted other security aspects of securing data at scale, phishing, security points, fake versions of applications and rogue apps.
To increase security for businesses, Safe Security’s Rahul also talked about building communication with the organizational structure about how investments in cyber security enable business results from a financial perspective, so that budgets can be allocated to acquire cyber security products. He also added that it is important to highlight the financial losses for the organization in the event of a security breach.
Concluding the discussion, the panelists reiterated that for startups to focus on innovation and scale, security is one of the critical metrics to follow for compliance and customer trust. For startups that have a commitment to their investors and customers, it becomes important to focus on security as they build and scale in today’s data economy.
