Keeping startups safe from cyber threats

There is no doubt that cyberattacks are on the rise, and they are as much, if not more, threatening for startups as they are for large corporations. Now, India is considered a startup hub, with the third largest number of unicorns after the US and China, and over $42 billion was raised in 2021 by Indian startups. In addition to the increasing number of startups and unicorns, cyberattacks on the startup ecosystem have also increased. In the last couple of years, news about several attacks, with millions of stolen data records, is in the public domain. And there is a high probability that several attacks remain unreported.

In addition to the fact that most startups acquire customers rapidly, using mostly online means, there are several reasons why hackers prefer startups. Startups are typically more concerned with acquiring customers and growing their business than protecting it, which means they have a treasure trove of customer data online.

As a consequence, smaller enterprises are less equipped to protect themselves against cyberattacks, especially as attackers continue to become more sophisticated. They are also likely to have fewer resources dedicated to fighting cyberattacks. Due to the fact that these startups are born on the cloud, they are also reliant on their cloud service providers for their security needs. The question they need to ask themselves is: Is this enough?

According to IBM Security X-Force Threat Intelligence Index 2022, India is among the top-three most targeted countries in Asia, and Ransomware was the dominant attack type against organisations in India. In today’s ever-changing cyber threat landscape, where startups and entrepreneurs are lucrative targets for cybercriminals, it is imperative for startups to remain vigilant, even after implementing security best practices.

Here are 10 tips for startups to protect themselves from cyber threats.

1. Educate your users: The first step to endpoint security is educating the users of the endpoints on your network and data. Provide security and compliance training to your users and confirm that they complete it successfully on a regular basis. This is a critical but partial solution. The IT or security staff should also send out alerts to users whenever a questionable email is circulated, along with instructions on how to delete or quarantine it properly.

2. Asset discovery - Find and track all devices that connect to your network: IT teams should start by conducting an inventory audit of all devices connected to their network resources. BYOD (bring your own device) is becoming increasingly common as more employees work remotely or on the go. Before doing anything else, it is important to have complete visibility of all endpoint devices that are connected to corporate applications and data. After all, you cannot secure what you don’t know exists.

3. End-user device security: IT teams need to understand how existing security products can be used to protect endpoints once they have identified and profiled them. Antivirus software that uses signature comparison to detect known threats and artificial intelligence and machine learning to detect novel threats is still widely deployed. The technology has evolved into endpoint detection and response, which provides console alerting, reporting, security incident response and expanded coverage, as well as third-party integration. Managing end-user devices requires this defence mechanism.

4. Install and maintain the latest operating systems, security software and patches: In order to block and remove malware from your endpoints, you need to install the most current security software on all your devices. Besides security software, operating systems, and apps your company uses, regularly invest a pretty penny to patch vulnerabilities in their software. However, those updates and patches work only if your endpoints are updated regularly.

5.   Enable identity as the new perimeter:  Identity has become the new perimeter; hence the zero-trust principle of ‘never trust, always verify’ is critical to control the risk surface and ensure the right users under the right condition have the right access to the right data. By controlling policies centrally, these aspects are constantly assessed against standard device configurations, access requests, temporary privilege escalations, and revocation of privileges and access rights. With a well-designed identity and access management framework in place, most of these tasks can be accomplished in an automated fashion, and precious human intervention can be reserved for the anomalous cases that demand it.

6.  Implement strong multi-factor authentication controls: To prevent unauthorised users from accessing corporate data, multi-factor authentication is an effective solution. By deploying it in silos, you are locking your front door but leaving your back door open. The implementation of multi-factor authentication for end users and privileged users, cloud and on-premise applications, VPN, endpoints, server login, and privilege elevation helps prevent unauthorised access, data breaches, and password-based cyberattacks.

7. Leverage mix of application whitelisting and blacklisting controls: While application blacklisting is obviously needed to keep out the known bad, which increases with each passing day, it can only protect from known threats. Application whitelisting, on the other hand, is designed to protect against both known and unknown threats, but it can be restrictive when deployed and operationally challenging to maintain. 

8. Make sure you encrypt the data at rest, in use, and in motion:

• Data at rest: On a hard drive, data is at rest. Firewalls and anti-virus programs are the primary defences in this relatively secure state. In the event that the network is compromised, organisations will need additional layers of defence to protect sensitive data from intruders. Encrypting hard drives is one of the most effective means of protecting data at rest. The storage of individual data elements in separate locations can also help reduce the likelihood of criminals gaining enough information to commit fraud or other crimes.

• Data in use: Due to its necessity to be accessible to those who need it, data in use is more vulnerable than data at rest. Obviously, the more people and devices that have access to the data, the greater is the chance that it will fall into the wrong hands in the future. Keeping data secure requires controlling access as tightly as possible and incorporating some type of authentication so that users cannot hide behind stolen identities.  

• Data in motion: When data is in motion, it is most vulnerable, and it requires specialised capabilities to secure it. An encryption platform that integrates seamlessly with your existing systems and workflows is the best way to ensure that messages and attachments remain confidential.

9.  Build a next-gen SOC that can do continuous monitoring, accurate detection, and rapid orchestrated response: Continuous monitoring plays a crucial role in rapidly detecting and blocking threats that are able to slip past proactive controls. In an ‘assume breach’ mindset, it’s critical that you proactively monitor and hunt for threats while also leveraging intelligent analytics that can automatically detect threat activity, triage alerts, run root cause analysis, and orchestrate response processes so that you can contain, remediate, and recover from incidents before material damage occurs.

10. Protect hybrid cloud: Protect the hybrid cloud by gaining visibility over your applications and data, no matter where they live. Hybrid cloud and multi cloud can help your business grow, compete effectively, and transform operations. But all of the advantages of hybrid cloud require a modernised, reimagined focus on enterprise security, with an emphasis on a zero-trust approach. Zero-trust technologies and controls bring together context, collaboration, and visibility. And those are just what you need to protect your growth and organisational transformation.

The zero-trust approach will provide startup organisations with adaptive and continuous protection for users, data and assets, as well as the ability to proactively manage threats. This outcome-based approach to zero trust can give startups the freedom and flexibility to take the risks that fuel business growth and build resilience without risking security. While it is not possible to overhaul the security setup overnight, startups can start by investing in low-hanging fruits and gradually fortify their set-up against cyberattacks with data encryption, strong multi factor authentication controls, and end-user device security like an endpoint detection and response solution.