Why startups should invest in security as they scale

Demand for cybersecurity is growing at an exponential rate due to the continuous increase in the number of cyberattack cases worldwide. As per industry indicators, cyberattacks occur every 11 seconds across the globe. The cybersecurity market worth was USD 216.11 billion in 2021 and is forecasted to reach USD 478.68 billion by 2030.

A panel discussion at TechSparks 2022 featuring Kumara Raghavan, India Head, Startup Sales Segment at AWS (Amazon Internet Services); Rahul Sasi, Co-founder, CEO, CloudSEK; Rahul Tyagi, Co-founder, Safe Security; and Shradha Sharma, Founder and CEO of YourStory, shared insights on how businesses should ensure that their security needs are never compromised.

Investing in security

Security is essential to help businesses earn the trust of their customers, regulators, and auditors and protect themselves from malware. New and evolving threat vectors with growing levels of sophistication mean that security is not a one-time task.

It is by no means an understatement that cybersecurity is today a key component of any modern business. From maintaining governance and adhering to compliance requirements, to safeguarding from the threats of cyberattacks, every business today needs a baseline security protection, or a minimum standard of processes for keeping their operations safe.

Investing in security feels like investing in insurance, said Shradha when opening the discussion. “We never think a breach is going to hit us, till one day it does,” she said, asking experts on the panel to share why it was important for startups and businesses to invest in security.

It is important for startups to invest in security measures right from the beginning so that they can build on the right response to a security incident by cutting down on any latency, said Kumara of AWS. “At AWS we have come up with a security baseline, so that founders don’t have to worry about building and being secured. For startups, it should be both, to build fast and be secured,” Kumara said.

One of the things that AWS offers is a startup-based security baseline which has two components, one is from an account level to make sure that startups have the right prescriptive guidance around the access or permissions, while the second part is around the workload, where it is applications, data, and related needs to help businesses get started with the right foundation and principles, he added.

Beware of cyberattacks

Rahul Sasi of CloudSEK narrated an incident where hackers within a startup ecosystem were able to siphon off funds from investors during a fund raise by setting up a fake bank account. “We live in a system where a certain set of hackers are financially motivated and will act when needed and then there are those who will immediately try and make money out of a security breach. So, it is important that companies focus on security at all times,” he added.

Security is a shared responsibility between an individual who is working in a company and what that company is doing to protect their infrastructure, said Rahul of Safe Security. “It is very important how one engages with any spurious links or emails, because cybersecurity is such an important factor today that any misadventure can actually lead to an arrest by the government,” he said. He offered Safeme, a downloadable, free of cost application that would help users understand if their device or email has been hacked.

The Cybersecurity ecosystem for startups, according to him, faces the problem of having too many tools, each with its own dashboard. “To navigate this, we have integrated all cybersecurity tools that will tell you what the probability of your organisation is to be hacked in the coming 6-12 months. So, we have developed a predictive tool rather than a reactive one,” he added.

Key metrics to monitor

For startups to focus on security, Kumara reiterated that the foundational approach towards security has to be strong. The next thing he suggested was to stick to strong fundamentals when doing code development. “When scaling, startups should ensure that they look at automation-based tools like Amazon Guard Duty, which constantly tracks threats and triggers alerts and helps with remediation, or the security hub which is a consolidation of all the alarms and remediations. As you start scaling, it is important to involve experts who have in-depth experience in the segment,” he added.

From a reactive perspective, it is also important to build muscle on a reactive basis. “Some of our larger customers as part of their enterprise support program undergo simulation incidents to help their teams build expertise around responsive action to breaches,” Kumara added. For startups it is important to have a combination of proactive and reactive tools to tackle security, he said.

The discussion also highlighted other security aspects of securing large-scale data, phishing, security scores, fake versions of applications, and rogue apps.

To ramp up security for businesses, Rahul of Safe Security also spoke about building communication with the organisational structure on how investments in cybersecurity is enabling business outcomes from a financial perspective, so that budgets can be allocated to procure cybersecurity products. He also added that it is important to highlight the financial losses to the organisation, in case of a security breach.

Closing the discussion, the panellists reiterated that for startups to focus on innovation and scale, security is one the critical metrics to adhere to for compliance and customer trust. For startups who have a commitment to their investors and customers, it becomes imperative to focus on security as they build and scale in today’s data economy.