Cisco Start-up Hub experts say security pressures are ever-present
When it comes to data security and customer trust it’s a case of “one gaffe and you lose it”, according to one Cisco Start-up Hub entrepreneur. The Cisco Annual Security Report has been published, and while the findings will be pored over by chief security officers at large enterprises around the country, it’s just as relevant to tech start-ups.
As my colleague Terry Greer-King pointed out, security threats are on the rise, thanks to cybercrime effectively becoming industrialised. Worryingly, only 48% of small and medium sized business (SMBs) surveyed said they used web security in 2015, down from 59% in 2014. And 29% said they used patching and configuration tools in 2015, compared with 39% in 2014.
But the report does highlight a number of cyber threats that start-up bosses may like to consider.
Take WordPress, the start-up’s favourite web content management system. Our research highlights that the number of WordPress domains used by criminals increased 221% between February and October 2015. These domains are used to support growing ransomware, bank fraud and malware threats.
Another issue is an ageing infrastructure. We analysed 115,000 devices and found that 92% of devices in the sample were running software with known vulnerabilities. In addition, 8% of these devices are deemed “end of life”. As a start-up, you might not always be able to invest in the latest kit, so this could be a real concern for your business.
The full report is well worth a read, especially if you want a detailed breakdown on which exploits are on the rise and where your business may most be at risk. Later in the week we’ll be publishing a start-up security guide, with tips and tricks related to the report’s findings.
We’ve also spoken to a number of Cisco Start-up Hub experts and industry insiders to get their views on how threats are impacting tech start-ups, and how seriously they take data security.
Bryony Hurst, associate in the Dispute Resolution Group at Bird and Bird, our legal experts for the Start-up Hub, argues that security needs to be on entrepreneurs’ agendas. “Limited resources within start-ups of course mean that security measures need to be more focussed and cannot guarantee the same levels of protection as their larger peers.
“However, the advantage of smaller companies is their ability to know their data better and to be more nimble in their response to a breach. A plan for swift and effective response in the event of a crisis is not a large investment, but may prove a valuable one and is worth considering.
“Changes in European legislation soon to come into force are likely to intensify the pressure as larger organisations will be exposed to very heavy penalties if breaches are found to have been caused by any vulnerability in relation to which liability could be tracked back to them. Even without penalties, organisations will want to minimise any reputational damage which is more likely as a result of new obligations upon them to report breaches earlier on.”
Dorian Selz, co-Founder at insights company Squirro says that complex systems inevitably lead to more security vulnerabilities. “Our experience from running a number of SaaS platforms points to a proportional to the square increase – for every additional system or service you add to your setup, the vulnerabilities increase to the square.
“Ensuring your platform withstands a thorough corporate security audit by encrypting traffic, setup failover scenarios, have audit logs for any changes and so on, is already a key focus area of our engineering effort. It front-loads efforts but pays out in terms of customer trust.
“We will spend more time on internet and platform security in 2016. Customer trust is our most important KPI and you need to earn it. One gaffe and you lose it.”
Jeff Kofman, CEO at automating transcribing service Trint, argues the security of the data supply chain is essential: “At Trint, we handle the content of interviews, speeches, lectures and more for companies and individuals. Much of this is proprietary, sensitive and competitive,” he says.
“They need to know the content they are entrusting to us will remain secure. This is a huge challenge for a small start-up. It is compounded by the conflicting laws and regulations between the US and Europe. Our business depends on security. If people don’t trust their content is secure they won’t work with us.”
Phil Woodward, CEO at Steer73 and access control company Ingress One, says: “We run an access control platform, so security is something we’ve had to think about and bake into the product from day one. And we have certainly found that our larger clients are very security aware, and expect us to be able to answer and cope with detailed scrutiny on the security front.
“That said, we’ll be spending more on IT security in 2016. Even though we are a small business, in our sector it is simply a pre-requisite that we follow best practices, and that we can satisfy the security demands of corporate clients.”
Let us know what you think? Do you think start-ups need to be worried about these burgeoning threats? And what tips do you have for handling them?
If you’d like to get involved with the Start-up Hub just leave a comment below or drop us a line at firstname.lastname@example.org. Do you know someone who would benefit from this content? Feel free to share with your social networks and help us spread the word.