Why it is important to build robust and scale-friendly cybersecurity systems in your company

In July 2022, Check Point Research (CPR) reported that global cyberattacks increased by 32% in the second quarter of 2022 compared to Q2 2021. Startups are especially at risk because they have fewer people and resources to tackle a cyber attack.

Thus, they need to identify potential internal and external threats they may face and arm themselves with a robust cybersecurity system to prevent attacks, bounce back from breaches, and ensure efficiency and performance are not compromised.

A few leaders from the tech and cybersecurity space came together in a roundtable discussion by YourStory and Dell Technologies to discuss the impact of data breaches, the different tools to circumvent the setback caused, and the techniques to build resilient cybersecurity systems. Here are key takeaways from their discussion:

Impact of a data breach

“There is a huge and immediate loss of trust with customers and that company,” says Sudiip K Goswami, Director and GM, South India & Startups, Dell Technologies, adding that this leads to loss of revenue and reputation, which may take months or years to build back. To put that into perspective, he says that the cyber ransom industry was reportedly worth 6 trillion USD last year, compared to India’s projected growth to a 5 trillion USD economy in the next seven years.

Vikas Jethnani, Head of Engineering, Betterplace Safety Solutions, says that such incidents derail companies from their existing and pre-determined plan. Ravisankar Velidi, Chief Culture Officer & VP of Engineering, Increff, adds that a data breach is much harder for startups to handle compared to big companies because they have fewer employees to deal with it. A data breach can also throw off big companies, thus making it harder for startups to grow as their growth is derailed.

Besides the obvious impact of a data breach, Vivek Kumar Singh, Founder and CEO, Tonetag highlights the legal implications, especially if companies have signed up with partners. He adds that once an attack occurs, it gets difficult to identify what went wrong, recover lost data and protect new data.

Measures to protect data

“We are quite strict about how our data and our personally identifiable information (PII) is handled. We encrypt our transmission and data, make sure we are compliant with all the important guidelines, and keep enhancing them,” says Krithika Muthukrishnan, Chief Data Science Officer, Scripbox.

The company also does a vulnerability assessment – both internal and third-party – every time the company has a release. Krithika adds that they focus a lot on their data governance model - who should have access to what data - and says that this is a big focus of their cybersecurity efforts where most challenges arise.

Bofin Babu, Co-founder of CloudSEK, says that as a firm that specialises in detecting and dealing with cyberthreats themselves, they apply everything they offer to clients in their organisation, which includes cyber intelligence data, brand monitoring, attack surface monitoring, infrastructure monitoring to prevent attacks.

Protecting software systems is similar to protecting one’s home, the needs for which differ from one place to another. Sandeep Shrivastava, Vice President & Head of Engineering, Bitlasoft, says that everything in their company has authorisation and encryption. They also use observation tools to monitor systems and do database backup and replication to protect their customers’ data.

“Cybersecurity, to me, is more about allowing the organisation to seamlessly and securely conduct their business,” says Manoj Kuruvanthody, Chief Information Security Officer (CISO), Tredence Analytics Solutions. Organisations aim to grow quickly and reach higher levels of financial viability, but they must securely conduct business, he says, adding that striking that balance is a big challenge.

“Organisations need to always look at combinations of controls at all layers of people processes and technology,” Manoj says. In his opinion, companies need to build a roadmap based on their cybersecurity maturity, risk appetite, management support for required employees, and the budget they are willing to allocate for a cybersecurity program. Having an architecture blueprint as a baseline will help you identify the data security system you want to implement in your organisation, he adds.

He also emphasised that all employees and stakeholders working with the organisation must understand its security approach and support the CISO to protect the organisation.

Protecting customer data

Krithika says that since data protection and security have become a priority for most users, companies need to adopt a simplified method of communicating with their customers about what information is collected and how it is used.

Company efforts aside, the biggest risk to data security comes from unauthorised access from the user’s device, she adds. “Making sure their passwords are updated and have two-factor authentication — whatever can be done — becomes quite important in helping customers secure their data,” she says.

“Being data-driven is one of the core values at BetterPlace,” says Vikas, adding that they are cultivating a culture of encouraging everyone to become critical thinkers. They have a simple framework for all their functions which require unambiguous problem statements, forcing customers to think in a data-driven manner.

They conduct periodic analyses to identify any bottlenecks in the process, quantify their quality among different sections, and have identified 20-25 markers with set benchmarks associated with every feature roll-out, to make data accessible to everyone. Maintaining employee data is paramount for the company, so they adopt a multi-layered approach which includes using end-to-end encryption and internal and external channels with multi-factor authentication.

Assuring customers of data security

Ravisankar believes that the best approach to assure customers of data security is to ensure compliances are met, according to the measures that apply to them. “We need to do it with the intention to improve systems," he says, adding that he recommends companies do this with reputed auditors. Another method is to mention security measures in every document shared with customers. The strategy needs to be developed with cloud deployment in mind, he says.

He says that all products need to go through VAPT testing at least once a year and share the reports with customers. At Increff, they ensure all their data goes through load balancers and they are open for auditing by companies, which gives their customers confidence about their security posture.

Vivek highlights that people try to find shortcuts in the process of securing their data and systems, which is where the problem begins. Tonetag follows the prescribed expert guidelines as best they can, he says, adding that ensuring data security at source, in transit, in server, and at rest is important to ensure data security.

Lessons to note

One of the challenges Sandeep sees in feature-driven or business-driven organisations is to build a culture of security. He emphasises that companies must ensure they have obtained the necessary certification and compliances according to prescribed standards. Something Bitlasoft considers when designing a microservice or system is how quickly they can migrate data or backup data.

Companies can use SWG (secure web gateway) products and observability tools to identify the customers interacting with their systems to tackle cyber threats.

Bofin emphasises the importance of securing data outside of companies’ perimeters: ensuring data security with vendors. Teams need to be equipped with the right tools to prevent data leaks, he says.

“No CISO can ever guarantee an organisation that you will never have an attack, an incident or a breach,” says Manoj, adding that companies can look at protecting their data by using backup technology and incorporating behaviour analytics to prevent threats.

Dell Technologies’ solutions

Sudiip highlights that Dell Technologies complies with the NIST framework and has cybersecurity solutions that look into its 5 aspects: identify, protect, detect, respond, and recover. They employ machine learning and AI to detect threats, prioritise data integrity and recovery, and create air-gapped copies of the network to protect data from unauthorised access and attacks.

If you are looking to scale up, make the most of what Dell for Startups has to offer.