Why is Security Critical for New Age Businesses By Ashish Tandon, Chairman and CEO, Indusface

Why is Security Critical for New Age Businesses

Ashish Tandon, Chairman and CEO, Indusface | Wednesday, 09 March 2016, 09:23 IST

  •  No Image

Apart from huge financial repercussions, a single data breach incident can severely damage the reputation of a company for years to come.

Most of the data breach incidents that we hear about involve large companies, with losses amounting to billions of dollars. But do these stories, or any other breach story for that matter, tell us about how startups and new-age cloud businesses suffer from information security lapses?

It is important to consider the fact that a much larger part of the problem is with smaller companies.Take this data for instance. According to the US Census Bureau, out of all the employers in the United States, 99.7 percent have less than 500 employees. If you break down that data a bit more, 89.8 percent of these businesses have less than 20 employees. The data resonates with most countries in the world including Australia, Brazil, India, France, Italy, and Japan. That’s the strength of startup businesses and that is why it’s a chunk of the security process.

Never too small for a hacker
Any business that believes it is too small to be of interest to a cybercriminal could be in for a rude shock. According to a security survey conducted by PwC, 87 percent of SMEs have had a security breach in the last year.

A global data breach analysis by the Ponemon Institute reveals:
• The average cost of a data breach is $3.79 million.
• There has been a 23 percent rise in data breach cost in the last two years.
• Every stolen record from the database costs $154 on an average.
• India stands second in average number of breached records by countries.

Although the financial repercussions are huge, startups and new-age cloud companies also need to be wary of reputation damage. Their battle for existence and preference over competition depend solely on what customers and prospects presume about the business. And a single data breach or website outage incident can damage that for years to come.

The rapidly evolving cyberspace is also witnessing a change in the nature of threats and vulnerabilities that affect every online business, big or small. With new age businesses increasingly using cloud and mobile infrastructure, the exposure to external threats is only increasing. Some of the common incidents like DDoS attacks specifically target smaller, more vulnerable businesses with weak security infrastructure.

Need for Effective Security Intelligence
It’s understandable that information security is not a priority for small businesses focused on raising capital, promoting products and managing people. However, it cannot be ignored either. Hackers continuously look for weak websites and database to hold them for ransom or breach sensitive information to be sold in the black market. 

Studies have shown that average per capita cost (total cost of breach divided by number of stolen or lost records) for data breaches outweighs security expenses by huge numbers even when we have not calculated the loss of reputation and drop in traffic and business.

The big questions are: Can you afford security? Does the security model for startups need to be different from enterprise one?
Not necessarily. They should also get enterprise-grade security models that are comprehensive but not overly complex. What they need is a ‘Total Application Security’ Model that empowers websites or online businesses with continuous monitoring and security that does not need to be micromanaged.

Detect, Protect, Monitor Approach for Total Application Security 
What are the key obstacles to website security? One, startups do not know if their website can be hacked or not. Even if they test it once, applications are updated frequently and there is no way to get vulnerability updates on that.

Three, bad people are just waiting to launch DDoS (distributed denial-of-services) attacks with these fancy bots and machines that send so much traffic to the website that the server crashes.

Four, hiring and maintaining a separate security team is a huge responsibility. The ‘Total Application Security’ approach overcomes all these obstacles, at once. It packs web application scanning that looks for website vulnerabilities continuously. It doesn’t matter if you make application code level changes or update the website frequently, once scanning finds an OWASP weakness or malware injection it will report it immediately.

Total Application Security also provides web application firewall that blocks exploitations. In simpler words, it prevents attacks from hackers that use OWASP vulnerabilities or malware on your website with the help of dedicated security expert team that monitors and analyzes traffic and attack vectors continuously to improve your security model accordingly.

CIO Viewpoint

Digital Transformation an Age of Disruption

By Anand Sinha, Vice President -Technology Operations, Barc India

Transformation in M&E Industry Landscape by...

By In conversation with Sabah Carter, Director- Technology Business Operations, News UK

Is ROSI Important for Reseller to Sell Security?

By Upkar Singh, Director- IT, FIS

CXO Insights

It's Time CISO's Use AI to Strength Information...

By Sanil Nadkarni, CISO & Vice President, Global Enterprise Security & Risk Governance, SLK Global

Networking: Essential Component in an...

By Sanket Lamichhane, Member Experience Director, Entrepreneurs' Organization - South Asia

IT Security Landscape - Then and Now

By Shrikant Shitole, Senior Director & Country Head - India, FireEye

Facebook