Friday, December 18, 2015
Apart from huge financial repercussions, a single data breach incident can severely damage the reputation of a company for years to come.
Most of the data breach incidents that we hear about involve large companies, with losses amounting to billions of dollars. But do these stories, or any other breach story for that matter, tell us about how startups and new-age cloud businesses suffer from information security lapses?
It is important to consider the fact that a much larger part of the problem is with smaller companies.Take this data for instance. According to the US Census Bureau, out of all the employers in the United States, 99.7 percent have less than 500 employees. If you break down that data a bit more, 89.8 percent of these businesses have less than 20 employees. The data resonates with most countries in the world including Australia, Brazil, India, France, Italy, and Japan. That’s the strength of startup businesses and that is why it’s a chunk of the security process.
Never too small for a hacker
Any business that believes it is too small to be of interest to a cybercriminal could be in for a rude shock. According to a security survey conducted by PwC, 87 percent of SMEs have had a security breach in the last year.
A global data breach analysis by the Ponemon Institute reveals:
• The average cost of a data breach is $3.79 million.
• There has been a 23 percent rise in data breach cost in the last two years.
• Every stolen record from the database costs $154 on an average.
• India stands second in average number of breached records by countries.
Although the financial repercussions are huge, startups and new-age cloud companies also need to be wary of reputation damage. Their battle for existence and preference over competition depend solely on what customers and prospects presume about the business. And a single data breach or website outage incident can damage that for years to come.
The rapidly evolving cyberspace is also witnessing a change in the nature of threats and vulnerabilities that affect every online business, big or small. With new age businesses increasingly using cloud and mobile infrastructure, the exposure to external threats is only increasing. Some of the common incidents like DDoS attacks specifically target smaller, more vulnerable businesses with weak security infrastructure.
Need for Effective Security Intelligence
It’s understandable that information security is not a priority for small businesses focused on raising capital, promoting products and managing people. However, it cannot be ignored either. Hackers continuously look for weak websites and database to hold them for ransom or breach sensitive information to be sold in the black market.
Studies have shown that average per capita cost (total cost of breach divided by number of stolen or lost records) for data breaches outweighs security expenses by huge numbers even when we have not calculated the loss of reputation and drop in traffic and business.
The big questions are: Can you afford security? Does the security model for startups need to be different from enterprise one?
Not necessarily. They should also get enterprise-grade security models that are comprehensive but not overly complex. What they need is a ‘Total Application Security’ Model that empowers websites or online businesses with continuous monitoring and security that does not need to be micromanaged.
Detect, Protect, Monitor Approach for Total Application Security
What are the key obstacles to website security? One, startups do not know if their website can be hacked or not. Even if they test it once, applications are updated frequently and there is no way to get vulnerability updates on that.
Three, bad people are just waiting to launch DDoS (distributed denial-of-services) attacks with these fancy bots and machines that send so much traffic to the website that the server crashes.
Read more: Click here
By Ashish Tandon, Chairman and CEO, Indusface.
"Indusface has proved to be a valuable security partner with its Total Application Security solution. Their 'detect-protect-monitor' package handles security worries so we can focus on improving services for our customers. Vulnerability detection, attack blocking and near real-time reports are some of the key differentiators that we enjoy with them. The web application scanning and web protection combination ..."
"As one of the leading banks in India, securing application infrastructure is critical for us. Indusface’s Total Application Security package allows us to scan vulnerabilities continuously and prevent attacks. Indusface also provides the unique benefits of expert handling and tuning on custom rules with round-the-clock traffic monitoring and protection through on-premise appliances ..."
"Our complete ecommerce infrastructure is hosted on the cloud and we are glad to have Indusface as partner for web security. Due to their association with cloud service providers and prompt deployment options, Indusface was the preferred security choice. The on-demand and scheduled scanning helps us keep track of vulnerabilities that may otherwise damage our website or put customers at risk ..."