service provider in various situations such as incident handling and virus infection, writes Vidya Phalke, CTO of MetricStream. “Who manages such situations, should they arise, depends on the chosen service model. And this needs to be completely clear and transparent – there is nothing more valuable to a business than its data; its protection can’t only be half understood. Governance around all aspects is essential,” emphasizes Phalke.
Embed Security into Product Development Right from the Start
Rather than treating security as an afterthought, startups would do well to bake it into their products, right from the conceptual stage, through the design, development, testing, and release phases. That means recruiting teams of not just product engineers and UX/UI designers, but also data security experts. In addition, it means incorporating security standards into products early on in their lifecycle. Often, businesses face a lot of pressure to deliver their products faster and cheaper – but that does not always mean better, observes Phalke. One needs to find that balance where enough time can be spent on implementing the right security testing processes, and doing things more thoughtfully.
Develop Effective Cybersecurity Processes, Policies, and Tools
A clearly defined cybersecurity risk and control assessment, as well as an incident response strategy, go a long way towards ensuring that the business is well-prepared to deal with threats and disruptions. The key is to focus less on cost, and more on evaluating the risks, implementing sound security controls, and establishing consistent taxonomies that are linked to critical data assets. Having clear, written policies and robust training processes is also important, as it helps employees understand what constitutes sensitive data, and how to protect it. At a broader level, an individual or team should be appointed to maintain oversight of how the entire organization is handling, storing, and sharing data. Finally, automation and big data mining tools can help by accelerating security risk assessments, and directing resources to the risks that really matter. Cyber insurance is another useful solution. Today, multiple insurers offer coverage to fit the needs, risks, and budget limitations of small businesses.
Look Ahead, Not Behind
As cybersecurity threats become more sophisticated, startups will need to start thinking one step ahead of a potential attack. That will involve looking less in the rear-view mirror, and more ahead at the security risks that could occur. It will require that businesses leverage analytics, artificial intelligence, machine learning, automation, and other such tools to bring together information from various internal and external sources, filter through this data to identify emerging security threats, and report this intelligence to the right decision-makers at the right time. Many businesses are also investing in a scalable governance, risk, and compliance framework that allows them to manage and track in an integrated manner the full gamut of security requirements, ranging from controls monitoring and penetration testing, to incident response management, business continuity, audits, and reporting.
According to the Verizon 2016 Data Breach Investigations Report, which analyzed 2,260 breaches across 82 countries, it took attackers just minutes or less to compromise systems in 93 percent of cases. Against this backdrop, startups have a choice — either ignore the risks, and face the eventuality of a serious cyber attack; or take informed steps to protect the business, brand, and customers. By understanding the full range of risks, and developing a clear strategy on how to deal with them, startups have the chance to fully realize the value of cybersecurity as a growth enabler and competitive advantage. The time to act is now.
