Why Start-ups May Be More Vulnerable to Cyberthreats than Big Companies
Cybersecurity is not just an IT issue, it’s a business problem, too
PHOTO CREDIT: Getty Images
In the digital age, cyberattacks are a persistent and destructive threat that looms over businesses both big and small.
The Southeast Asian digital economy, which could contribute as much as $1 trillion to GDP in the next ten years, is a “prime target for cyberattacks” due to several factors, according to a report by A.T. Kearney.
The consequences of cyberattacks on businesses’ bottom lines is also quite significant. According to a report by Limelight Networks, more than 70% of consumers will view a brand negatively after a cyberattack, and over 40% will avoid transacting with websites that have been attacked previously.
Criminal elements, as well as state-sponsored groups, are becoming increasingly sophisticated, says Michael Francoise, program director at CyLon, the London-based cybersecurity accelerator that is running the ICE71 Cybersecurity Hub programs in Singapore together with Singtel Innov8 and NUS Enterprise.
Hacking is also easier than ever because it has “moved out of the domain of the technically astute [and] into a more commoditized product that can be purchased 'off-the-shelf,’” he says.
But there’s a tendency for start-ups to sometimes underestimate these threats, thinking that cybersecurity is more an issue for bigger companies. Francoise, however, believes they may, in fact, be more vulnerable.
“Smaller companies now have access to significantly more personal data than they did in the past, but don't have the budgets to spend on cyber defence that the larger companies do. This makes them increasingly vulnerable to attacks, and astute hackers know this and are increasingly attacking what they see as the more vulnerable.”
Ng Pan Yong, founder of The Cyber Assembly, a provider of active learning platforms for cyber skills and one of the start-ups under the ICE71 Scale program, agrees with Francoise.
He points out that bigger companies are more likely to have policies and cybersecurity teams in place, and cites several other reasons: “Time pressure to push their product out to market oftentimes means not spending time [testing] third party and in-house software for vulnerabilities. [They] also tend to leverage contractors and freelancers, which are [an] additional attack surface that they may not have good control of, [and] many also do not clearly segregate personal [and] company use of devices and services [which] again increases their risk.”
But Francoise points out that “Many of the most advanced attacks on the most complex infrastructures such as Wannacry could easily be prevented with simple cyber hygiene.”
Here’s how you can protect your company.
Be cyber-aware and set up defenses
Francoise stresses the basics: understand and beware of phishing, set strong passwords, and use antivirus and antispyware programs.
“If you are new to protection, educate yourself online, and you'll be able to mitigate the large majority of everyday cyber risks,” he says.
If you’re using cloud services, be sure to check your security configurations and establish access controls, says Ng.
Keep track of company assets
Says Ng, companies who develop their own technology should know what assets belong to the business, where these items are, and who and what are connected to these.
This could be especially important for teams working remotely.
Use trusted software, keep systems up-to-date
“[B]e mindful of the reputation of third party libraries one is incorporating,” says Ng. He also recommends using mature security mechanisms and frameworks, and advises against attempting to write your own encryption or security mechanism “unless you really know what you are doing.”
Francoise likewise points out the importance of being diligent with updating your systems and applications.
Invest in security assessment and testing services
Some companies may be reluctant to spend their limited resources on security assessment. But even if it may cost quite a bit upfront, Ng assures that it will be “investment well spent.”