Page 47 - Cyber Warnings
P. 47
Startups with Information Security in Mind at Startup
What s this all about and does it really matter?
There are some very talented people starting company’s solving very complex problems that
can save organizations millions of dollars.
From providing security services, IoT, GIS solutions, auditing of systems, and SaaS platforms
which provide elastic environments allowing companies to use a service that can surge when
the demand is there and shrink when demand is low saving more money.
My recent research of startups early stage companies, I found one key commonality that should
NOT be there – a lack of forethought and planning of information security; in particular an
INFOSEC program that would protect the environment, the startup ‘crown jewels’ so to speak,
from current cybercrime and malware threats.
When I asked C level executives at many of these companies about this deficiency, the
common answer I received is it was too expensive or there is no time to implement security.
Lets take a step back and look at that statement a bit, what is at risk? The information is startup
proprietary information, potential patent information, potential personal identifiable information
and customer information.
On an average of the startups and established company that I have interactions there was very
little or any commitment to information security within the products or services that were
provided.
My key discovery was that there is a threshold of when the companies would start to think of
security. The time was when a potential customer would require the necessary steps to require
the security of their information that has been provided.
This is an afterthought – where, for example, has the information been stored, processed or
shared. In the CISO arena, it boggles the mind to think most startups are not even thinking they
will be victimized – hence many SME’s (small to medium size enterprises) face their demise
now, more from a cyber attack, than lack of early stage revenues.
In fact, most SME’s cannot suffer a single breach without going out of business, due to the very
high costs of remediation, regulatory compliance related issues, fines, brand damage and loss
of customer confidence.
If you look at US law and UK data protection of personal information there are a number
similarities as there are specific requirements to protect personal information.
Specifically the US requires an “opt out” while an “opt in” for the UK for all marketing events.
47 Cyber Warnings E-Magazine January 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
