Why cyber-criminals target start-ups & what proactive measures can you take?
Along with the massive effect of the pandemic, for the last couple of years, cyber-criminals have made a ruckus sum of money out of start-ups. We can easily call it a data epidemic.
In this brief guide, let's investigate how cyber-criminals target start-ups and small businesses and what you can do to take proactive measures.
Let's start with the critical reasons for a data breach at start-ups.
Critical Reasons for Data Breach at Start-Ups
As per the Accenture Cost of Cybercrime Study, 43% of cyberattacks are targeted at small businesses, but only 14% of small businesses are ready to defend them.
There are two critical reasons for which data breach happens -
Here’s why these two factors are critical.
First of all, when they become overconfident that they’ve little or nothing to lose, they tend to lose in a sudden attack. That’s why the cybersecurity initiative becomes an afterthought. And that leads to losing everything they’ve put their effort to build over the last few years.
The second critical reason is not having enough funds. When a start-up is built, its usual focus remains on the production and marketing of the product. They rarely think about facing a data breach.
According to Ponemon Institute’s State of Cybersecurity Report, there are three specific reasons for which the cyber-criminals are targeting small & start-up businesses -
Now the biggest question is -
Can you perceive that you could be the next target?
There are a thousand reasons for which a start-up can close shop and 60% of all start-ups close their shop within six months of inception (due to various reasons).
But what if as a start-up, you’re doing everything right, you have funds in hand, you have built it to an extent where scaling has become easier, and then suddenly out of nowhere you face a data breach!
Would you be able to bear the huge loss (to an extent of closing the shop) and how would you respond to that?
A couple of recent studies state -
Can you perceive that the threat is real and you could be the next target?
Why start-up? Why do cyber-criminals target start-ups?
There’s only one reason – start-ups are easy targets for cyber-criminals. Since there’s no basic security hygiene in place, there’s no guard against cyberattacks.
Plus, when cybercriminals attack the start-ups, they do it in a bunch. As a result, they use the same hacking mechanism and capture millions of dollars in one go.
Let’s have a look at a few real-life examples and see what happened, why it happened, and what Sumeru recommends.
Real examples of Start-Ups Data Breach
Let’s have a look at some real examples.
Recommended by LinkedIn
Big Basket
According to Atlanta-based cyber intelligence firm Cyble, a huge database of personal information of 20 million customers of Big Basket was available for a sale of $40,000 or INR 3 million on 7th November 2020.
The database included email ids, password hashes, PINs, mobile numbers, addresses, locations, dates of births, and IP addresses.
We need to remember that the Big Basket is well funded and that means they have basic security hygiene.
Still, the cyber-criminals could hack their data and they couldn’t do much before the hack.
Unacademy
Even after being funded by Facebook, Sequoia India, and Blume Ventures, Unacademy faced a data breach in May 2020.
This data breach compromised 22 million users' data. The email ids, usernames, passwords were put on the dark web for sale.
The start-up is just 5 years old and most of their effort got compromised due to a single data breach. This can happen to you too.
Juspay
In January 2021, Juspay, a start-up lost its 35 million users' data and they were taken from a server using an unencrypted key.
Juspay lost masked card data and card fingerprints. And they were for sale on the dark web for $5000.
$5000 for a start-up is not a small amount (you know, don’t you?) plus you lose your reputation and trust in the market.
The truth is the future isn’t bright for those that don’t take into account the critical importance of cybersecurity.
These start-ups faced cyber-attacks because -
If you connect with Sumeru’s cybersecurity team for their guidance and action plan, we would recommend the first (MVCSP) and second jewel (Passwords, Password Managers, MFA, EDR, etc.) of ‘Secure Your Start-Up' series (you can read all the articles we posted by clicking #sumerusecureyourstartup) that we have run for the last couple of months.
The first jewel stands for the following -
When you're unable to focus on the security challenges since you're taking care of the vital business functions, Sumeru's Minimum Viable Cyber Security Plan (MVCSP) could be the ideal option for solving your start-up security challenges.
You can read the whole article about the jewel here.
The second jewel depicts the following -
When we start with security, one of the primary and crucial factors to consider is your credentials. How securely you create, store, share, etc., is critical because it is the gateway to your entire organization.
You can read the whole article about the jewel here.
We also recently launched an eBook containing all 9 jewels implementing which will help you hold your fort like a boss.
You can download the eBook here.
Written by:
Chidhanandham Arunachalam, Chief Program Officer at Sumeru Solutions. A passionate entrepreneurial leader & unshakable optimist dedicated to helping companies achieve remarkable results with great technology solutions.
This article is the last article of our series on 'Secure Your Start-ups'. To read all the articles of the series in a go, please follow #sumerusecureyourstartup