Rapid digitalisation and inadequate cybersecurity planning leave startups open to cybersecurity threats. As the third largest startup innovation ecosystem, India hosts more than 77,000 DPIIT-recognised startups (1).
The startup ecosystem provides solutions in 56 diverse sectors: healthcare, finance and banking, IT services, life sciences, education, professional services, agriculture, etc. Most companies are also adopting digitalisation to grow their business base, especially since the pandemic.
India and Cybersecurity Threats
An IBM security index (4) placed India in the top three most targeted Asian countries in 2022.
A Google report cited that India witnessed 18 million cyberattacks and 2 lakh threats per day in the first quarter of 2022 (2). Out of these, 43 per cent of the cyberattacks targeted startups and SMEs, according to the Cyber Peace Foundation (3).
The prime reason for targeting startups is that they focus more on growing their customer base and operational activities in the early years rather than safeguarding the data. So, the lack of proper security infrastructure and the vast volume of data (likes and dislikes, credit card information, preferences, KYC, etc.) startups are amassing, making them easy targets.
Remote/Hybrid Work and Cybersecurity Threats
The remote and hybrid work environments also expose companies to cybersecurity threats. As the employees work from different networks and locations, it isn’t easy to safeguard the network if it is not under a single umbrella. Cybercriminals can target devices available in a remote setting to find their way into the corporate network. These devices could be:
- Routers
- Gaming and entertainment systems
- Tablets
- Digital cameras
- Smart appliances
According to Fortinet’s 2020 Remote Workforce Cybersecurity report (5) –
- Sixty per cent of the surveyed enterprises reported an increase in cybersecurity breach attempts.
- Thirty-four per cent experienced actual breaches following the transition to remote working.
However, despite the management difficulties, the cybersecurity threats are not being dismissed or pushed to the back burner, especially given the past breaches, leakages and data losses. Examples of records leaked or lost include Big Basket (20 million), Dunzo (3.4 million), Unacademy (20 million) and Juspay (35 million).
The startups are taking active measures to protect themselves against ransomware. It infiltrates the website and applications and often demands a ransom to regain control of the web applications.
Ransomware attacks increased by 92.7 per cent in 2021 compared to 2020 (6). Other common cyberattacks include:
- Phishing
- Social engineering
- SQL injections
- cross-site scripting (XXS)
- Distributed denial-of-service (DDoS)
- Botnets
- API threats
- Supply chain attacks
- Trojan horses
Consequences of Cyber Attacks
When cybercriminals steal data or demand a ransom, it has repercussions on the startup, which include hefty economic costs.
Cyberattacks open a startup to lawsuits and government fines for not being able to protect its customers’ data. The startup must bear the high legal costs that can lead to compensating for identity theft insurance or other services, leading to a financial burden.
Not just financially, cyberattacks damage the reputation of the startup. Customers lose faith and trust in the company when their entrusted data is stolen and sold on the dark web.
Therefore, new and existing customers would think twice before engaging with the startup’s services. The doubts could lead to slow sales and added expenditure to rebuild trust.
Solutions to Cybersecurity Threats
Startups constantly update their security measures and infrastructure to protect information services and operational technology. Business incubation centres are assisting startups in becoming safer by conducting frequent audits to evaluate threats and identify weak points.
Many startup accelerator programs are being offered by incubators such as T-Hub. These programs enable connections between startups and cybersecurity companies. Thus, I maintain the latest operating systems and implement top security software and patches.
In conclusion, startups are going cloud-friendly to prevent data breaches and hacks. Companies are investing in cloud-delivered security services and transitioning to hybrid or multi-cloud systems. Incorporating a zero-trust approach ensures verification for each access point. The automated preventive measures would monitor networks, detect threats, and trigger rapid responses.