So you have an idea – one that may quite possibly change the world. You build the idea up into a tangible, marketable
solution, and your business takes off, attracting tens and thousands of users, not to mention a slew of angel investors and venture capitalists that are ready to provide you with the funds to push your idea into the mainstream… but you suddenly get hit by a cyber-attack. Your user database gets leaked online, and everything crumbles leaving you with a broken reputation to mend, lawsuits and despite your best efforts, not a clue as to how your idea could have fallen apart so quickly.
This scenario happens more often than you think, especially with start-ups. According to a 2013 Symantec annual report, cyber-attacks increase in frequency exponentially after a start-up’s launch, with malware attacks peaking at either the fifth or 10th month, and spam messages at the fourth or 14th month. Start-ups are gaining popularity as hacking targets because start-up owners don’t have enough resources to allocate to cybersecurity measures, making them low-hanging fruit for infiltration and exploitation.
Why start-ups manage resources the way they do
Start-ups are typically expected to achieve their goals faster than their predicted milestones as investors expect huge growth in the shortest amount of time in their investment of choice. Thus, start-ups allocate most of their resources in building and growing their ideas, including hiring the right talents and expanding their reach through marketing activities. By the time they’re done tying up the business end of things, there really isn’t much left for fortifying themselves against cyber attacks.
But a single data breach can cost a company with a user base (typically established through the same above-mentioned marketing activities) anywhere between] USD$100,000 to USD$23 million (Ponemon Institute), depending on the number of records lost in a breach, whereas an average Series A start-up funding round can raise between USD$2 million to USD$10 million from venture capital investors.
Such attacks can hugely impact start-ups; not only do they have to spend precious funds and resources to clean up these breaches, such as compensation and possible lawsuits, their reputations are affected even before they’ve established themselves. Furthermore, the aftermath of such attacks tend to rip across potential business plans as well, as negative media coverage not only affect their brand and competitive positions, but investor sentiments as well, causing problems in future funding rounds, and even business cessation.
The usual tricks up the hackers’ sleeves
The most common method used to steal data is through phishing; hackers may obtain valuable information through unverified login websites that look very similar to the real thing, tricking unsuspecting users into submitting usernames and passwords, then selling their consolidated user data to unethical businesses, or even to commit fraud for personal gain. Emails containing malicious software may also be sent to users and employees, compromising their personal information.
Protecting users to protect the business
To ultimately avoid any fallout from cyber-attacks, start-ups need to implement protection measures from the moment they start up in the first place. Internally, start-ups will need to set up more stringent IT security policies that educate employees in proper online communications usage and prevent the network from being compromised, whereas Secure Socket Layer (SSL) certification may be applied as well, to authenticate communications between users and business owners, thus robbing hackers of any attempt to phish for user data.
While a start-up’s beginnings are an exciting time, all its efforts in building that great idea may just get flushed down the drain in a matter of minutes if the start-up owner thinks the business isn’t at risk to cyber attacks. The balance between growth and security should be achieved, and perhaps it’s about time to shut out hackers aiming to exploit the people that really can change the world for the better.
About Shigeto Miyamoto
Shigeto Miyamoto is the Managing Director of Cyber Secure Asia. He is a business strategist and evangelist for cyber security and is a key player in the DigiCert-Cybertrust Japan partnership.