If one has been keeping abreast of the news agenda, one would have seen organisations being plagued with numerous data breaches. Almost every industry has been hit with an incident of some sort from aviation, telecoms companies to furniture retailers – no one has been spared.
As a result, the question facing many startups and companies today is: Will I be next?
As companies big and small pivoted digitally in 2020, work from home has become the norm. While this practice afforded workers with the flexibility of remote working and maintain business continuity, it has also introduced a new set of cybersecurity challenges.
For example, Kaspersky’s telemetry revealed that the total number of remote desktop protocol attacks jumped from 93.1 million worldwide in February 2020 to 277.4 million in March 2020, a 197 per cent increase as countries around the region began to implement lockdown procedures.
This is just the tip of the iceberg – the shift to remote working, as well as other trends as to how five in 10 organisations in the region are reportedly still using outdated and unpatched software – all paint a picture of the vulnerabilities companies and startups face in today’s digital age.
To remedy this, a shift from a reactive “will it happen” to a proactive “when will it happen” approach is crucial, with hybrid work environments and home offices here to stay. Businesses, particularly startups and their preference for nomadic life, need to be on alert as data breaches will become more commonplace.
The challenging climate of data breaches
While every startup or company is frantically pushing to be the next big thing in tech, so too, should they accelerate their efforts at enhancing their cybersecurity posture.
Also Read: How can privacy-focussed apps step up amid a world of data breaches?
In most cases, a data breach exposes confidential, sensitive, or protected information to an unauthorised person. It can occur in various forms, with the most common ones include phishing, brute force attacks and malware.
In our view, these are just some of the trends we have observed when it comes to the challenges businesses and start-ups face when it comes to guarding against data breaches in the region:
- Lack of knowledge on personal data storage and processing laws: Many governments try to safeguard the security of their citizens, whilst Asia is still playing catch up with their Western counterparts on this front, all these laws still apply regardless of whether one has read them.
- Unpreparedness in the face of DDoS attacks: Distributed Denial of Service is an efficient way to down an internet resource. On the darknet, this service goes for cheap and therefore is quite affordable for competitors and cybercriminals who need them as cover for more sophisticated attempts.
- Poor employee awareness: Humans are usually the weak link in businesses. Attackers know full well to exploit this link and often use social engineering tricks to penetrate the corporate network or fish out confidential info.
How then, should businesses and start-ups go about developing a sensible cybersecurity posture and more importantly, how can a data breach affect them?
Why should businesses care about cybersecurity?
In today’s highly digitised societies, a business’s digital reputation counts for everything. According to our Digital Economy Reputation report, 49 per cent of social media users in the region have admitted that they will check the social media accounts of a brand before purchasing their goods and services. An additional 38 per cent also stopped using a company’s or brand’s products once they were embroiled in a crisis.
Clearly, an organisation’s reputation matters to consumers and the damage caused by a data breach goes beyond the depletion of public goodwill, but also financial as well. As of 2020, a breach costs an enterprise US$1.09m and a small to medium-sized business (SMB) US$101k, compared to US$1.41 million and US$108k respectively in 2019.
However, the risk can be managed by taking proactive action. Acting now will allow your organisation to be in a stronger position to recover should a breach happen.
Planning a tailor-made cybersecurity approach for your business
Today, one of the most important ingredients for any business looking to grow is flexibility. One can always opt for the most comprehensive cybersecurity solution, but this could lead to overkill and waste whatever precious resources one could have dedicated to powering business growth.
Also Read: 5 cybersecurity strategies every startup must know
On the other hand, not investing in a cybersecurity solution is a big no-no if you’re genuinely interested in growing your business sustainably. As a starting point, it is worth establishing a few good habits that are easy and free:
- Update software regularly, including router and other network device firmware;
- Keep an eye on the expiration date of security certificates and security software licenses;
- Make backup copies of data, and if your company automates the process, periodically check that it is being done correctly;
- Revoke access permissions from employees as soon as they are no longer required;
- Use security solutions to help monitor the health and status of your corporate infrastructure.
Having established your foundation, a business should look at which areas to prioritise by adopting a cybersecurity service model that can flex and accommodate the increased needs and capacity of the business.
It may be tempting in the short term to enjoy small cost savings in buying your own infrastructure. However, don’t forget to factor in maintenance cost, replacement, scalability and fault tolerance requirements.
Finally, when the business has entered a phase of aggressive expansion, one can consider implementing threat intelligence detection (proactive threat hunting) to their cybersecurity arsenal. Driven by continuous machine learning, it can save IT security teams resources for threat analysis, investigation and response.
An example would be Kaspersky’s Managed Detection and Response (MDR) which contains an outsourced security operations centre that does not require specialised threat hunting and incident analysis skills from internal teams.
Cyber security now part and parcel of a business’s growth strategy however, it doesn’t have to be daunting – one should not face it alone. The cybersecurity community is here to help and offer advice and assistance whenever you are ready.
–
Editor’s note: e27 aims to foster thought leadership by publishing contributions from the community. This season we are seeking op-eds, analysis and articles on food tech and sustainability. Share your opinion and earn a byline by submitting a post.
Join our e27 Telegram group, FB community or like the e27 Facebook page
Image credit: Andri from Pexels
The post Data breaches are inevitable. This is how you can protect your startup appeared first on e27.