Startups and SMEs need to be more vigilant about cyber-attacks in 2021

India has been eyeing to fulfill its dream of becoming a leading startup destination of the world. While the government has been supporting the sector ambitiously through policies inclined towards growth, impressive investments from all across the world have further catapulted the dreams of many Indian startups to grow manifolds in the past couple of years. But the success of any startup and small business or SMEs can’t be only defined by the business growth or numbers they achieve in a year.

A decade ago, a company’s technology strategy was not given as much importance as was given to the business strategy, however, that notion is becoming more and more obsolete as businesses begin to incorporate technology and security strategy into their overall business strategies.

With India focusing on going completely digital in 2021, the rise of cyber-attacks, including credit card hacks, phishing, data theft, etc. will be a challenge to be dealt with. 

And startups and SMEs are more vulnerable to these attacks since they can be easily disguised even by normal business emails. Due to lack of a much-strengthened cyber security system in place, most of the small businesses are generally less secured and easy spots for the hackers to target.

The recent data breach at the leading online grocery startup, BigBasket grabbed headlines across the world and reiterated India’s need to have a much secure and viable cyber security system in place. It is also important to revisit the complexity of understanding data breaches and cyber-attacks and introduce a more simplified set-up that is easier for even a layman to understand. Since, startups and SMEs don’t have a really strong IT backup like a big corporate firm, having a more simplified system in place will result in a seamless channel of ensuring security of data between the firm’s workers and the company providing services for a secure online environment.

In a nutshell, here's what needs focus: 

SMEs are particularly vulnerable

Every company whether it’s a small business or a tech giant has weaknesses that programmers could exploit. While hackers can attack any business irrespective of its size, new companies and SMEs are more helpless against security attacks than their established counterparts. 

Costs of a data breach are massive

According to the 2019 Cost of Data Breach Report by IBM Security, the average cost of a data breach in the US stands at $3.92 million, the vast majority of which (67%) is realised within the first year of the breach. As for businesses in the Asia Pacific, Microsoft reports that cyber-crimes could cost businesses $1.75 trillion, which have resulted in job losses in 67% of firms. For most businesses across all industry sectors, the biggest cost results from the loss of customers after a data breach. It’s estimated that loss of business accounts for 36% of the total breach cost.

Legal ramifications of a data breach are strangling

One should not only be worried about the financial implications of a data breach, but also the legal consequences that may follow such as the government penalties, fines, and in extreme circumstances, jail time, are some of the legal ramifications of not protecting Personally Identifiable Information (PII).

Hacks to prevent cyber attacks

Keeping in mind the limitations attached to a startup or a small business, the most effective way a startup or SME can ward off hackers is by investing in a viable security solution. Getting into the habit of standardised security protocols and maintenance routines help them stay protected even further.

While security can get extremely nuanced, one can always start off with broader and common security measures like adding a CAPTCHA test to their login pages, restricting access to their backends, setting user roles, filtering requests with a firewall, scanning websites and applications with a malware scanner, and so on.

Get a security audit done

You hacking your business before hackers do is the need of the hour. This is possible through a security audit of your website, app and infrastructure. Security audits reveal hidden vulnerabilities and security loopholes in your system (often at the code-level) that are potential risks to your organisation’s data and security. For accuracy and have a clean unbiased view of your security posture, it is advised that an organisation outsource the vulnerability testing to security companies or professionals.

This article has been written by Ujwal Ratra, Chief Operating Officer, Astra Security.