Why cyber-criminals target start-ups & what proactive measures can you take?

Why cyber-criminals target start-ups & what proactive measures can you take?

 Along with the massive effect of the pandemic, for the last couple of years, cyber-criminals have made a ruckus sum of money out of start-ups. We can easily call it a data epidemic.  

In this brief guide, let's investigate how cyber-criminals target start-ups and small businesses and what you can do to take proactive measures.  

Let's start with the critical reasons for a data breach at start-ups.  

Critical Reasons for Data Breach at Start-Ups  

No alt text provided for this image

Source

As per the Accenture Cost of Cybercrime Study, 43% of cyberattacks are targeted at small businesses, but only 14% of small businesses are ready to defend them.  

There are two critical reasons for which data breach happens -  

  • They become overly confident about the idea that they’ve nothing to lose  
  • The start-ups don’t have enough funds to invest in cybersecurity initiatives  

Here’s why these two factors are critical.  

First of all, when they become overconfident that they’ve little or nothing to lose, they tend to lose in a sudden attack.  That’s why the cybersecurity initiative becomes an afterthought. And that leads to losing everything they’ve put their effort to build over the last few years.  

The second critical reason is not having enough funds. When a start-up is built, its usual focus remains on the production and marketing of the product. They rarely think about facing a data breach.  

According to Ponemon Institute’s State of Cybersecurity Report, there are three specific reasons for which the cyber-criminals are targeting small & start-up businesses -   

  • Insufficient security measures: Since 45% of small businesses and start-ups are not adhering to basic security hygiene, they are not able to mitigate the attacks if they happen.  
  • Background of attacks: 69% of small organizations remarked that cyber-criminals are conducting targeted attacks. That means you need to have more than basic security hygiene that will help you mitigate even targeted attacks (hint – think about going beyond security hygiene).  
  • Frequency of attacks: 66% of small businesses said that they have been attacked at least once in the last 12 months.   

Now the biggest question is -  

Can you perceive that you could be the next target?

No alt text provided for this image

Source

There are a thousand reasons for which a start-up can close shop and 60% of all start-ups close their shop within six months of inception (due to various reasons).   

But what if as a start-up, you’re doing everything right, you have funds in hand, you have built it to an extent where scaling has become easier, and then suddenly out of nowhere you face a data breach!  

Would you be able to bear the huge loss (to an extent of closing the shop) and how would you respond to that?  

A couple of recent studies state -   

  • The average cost of a data breach of global companies has increased from $3.86 million to $4.24 million.  
  • What’s most shocking for a startup or a small business that has less than 500 employees been when the average cost of a data breach is $7.68 million. This is almost double the average cost of a data breach of global companies in 2021.  

Can you perceive that the threat is real and you could be the next target?  

Why start-up? Why do cyber-criminals target start-ups?  

There’s only one reason – start-ups are easy targets for cyber-criminals. Since there’s no basic security hygiene in place, there’s no guard against cyberattacks.  

Plus, when cybercriminals attack the start-ups, they do it in a bunch. As a result, they use the same hacking mechanism and capture millions of dollars in one go.   

Let’s have a look at a few real-life examples and see what happened, why it happened, and what Sumeru recommends.  

Real examples of Start-Ups Data Breach  

Let’s have a look at some real examples.  

Big Basket  

According to Atlanta-based cyber intelligence firm Cyble, a huge database of personal information of 20 million customers of Big Basket was available for a sale of $40,000 or INR 3 million on 7th November 2020.  

The database included email ids, password hashes, PINs, mobile numbers, addresses, locations, dates of births, and IP addresses.   

We need to remember that the Big Basket is well funded and that means they have basic security hygiene.  

Still, the cyber-criminals could hack their data and they couldn’t do much before the hack.  

Unacademy  

Even after being funded by Facebook, Sequoia India, and Blume Ventures, Unacademy faced a data breach in May 2020.  

This data breach compromised 22 million users' data. The email ids, usernames, passwords were put on the dark web for sale.  

The start-up is just 5 years old and most of their effort got compromised due to a single data breach. This can happen to you too.  

Juspay  

In January 2021, Juspay, a start-up lost its 35 million users' data and they were taken from a server using an unencrypted key.  

Juspay lost masked card data and card fingerprints. And they were for sale on the dark web for $5000.   

$5000 for a start-up is not a small amount (you know, don’t you?) plus you lose your reputation and trust in the market.  

The truth is the future isn’t bright for those that don’t take into account the critical importance of cybersecurity.  

These start-ups faced cyber-attacks because -  

  1. They didn’t think that taking at least the basic security hygiene is of utter importance  
  2. And even if some of them took care of the basic security hygiene, they never go beyond that and as a result, face tremendous data breach  

If you connect with Sumeru’s cybersecurity team for their guidance and action plan, we would recommend the first (MVCSP) and second jewel (Passwords, Password Managers, MFA, EDR, etc.) of ‘Secure Your Start-Up' series (you can read all the articles we posted by clicking #sumerusecureyourstartup) that we have run for the last couple of months. 

The first jewel stands for the following -  

When you're unable to focus on the security challenges since you're taking care of the vital business functions, Sumeru's Minimum Viable Cyber Security Plan (MVCSP) could be the ideal option for solving your start-up security challenges.   

You can read the whole article about the jewel here.  

The second jewel depicts the following -  

When we start with security, one of the primary and crucial factors to consider is your credentials. How securely you create, store, share, etc., is critical because it is the gateway to your entire organization.    

You can read the whole article about the jewel here.  

We also recently launched an eBook containing all 9 jewels implementing which will help you hold your fort like a boss.  

You can download the eBook here


Written by:

Chidhanandham Arunachalam, Chief Program Officer at Sumeru Solutions. A passionate entrepreneurial leader & unshakable optimist dedicated to helping companies achieve remarkable results with great technology solutions.

This article is the last article of our series on 'Secure Your Start-ups'. To read all the articles of the series in a go, please follow #sumerusecureyourstartup

To view or add a comment, sign in

More articles by Dr. Chidhanandham Arunachalam

Insights from the community

Others also viewed

Explore topics