By: Dominik Birgelen, CEO of oneclick AG
Startup companies face a series of issues when navigating the success of their new business. Not only are they faced with the challenge of expanding their institution, but they also face major security concerns in information theft, and hacking. They make a great target for cybercriminals, who may gain access to even the financial information of the company. The sheer amount of data that these organisations hold on each individual means that cyber criminals could not only obtain money but also identities. Ultimately, cyber crime has the ability to completely cripple businesses of all sizes but startups in particular are particularly vulnerable due to a lack of financial and operational resources.
What’s more, the past year has seen a multitude of industries navigate a global pandemic and working from home has caused additional challenges for the sector. When the UK went into its first lockdown back in March 2020, cybersecurity attacks increased by 630%, giving startup companies the need to improve the security of their networks. But cybercriminals also worked rapidly to take advantage of the now remote workforce that created a feeding ground for online criminal activity. As a result, credential and identity theft have skyrocketed in the past 12 months as cybercriminals looked to exploit vulnerabilities in personal firewalls and antiviruses; using malware attacks and ransomware to target users and obtain confidential information. While the global workforce looked to navigate the new remote working environment, cybercriminals have been trying to exploit it with a number of challenges currently facing the financial sector, and the startups who utilise them.
Credential theft on the rise
Credential theft, whereby a cybercriminal is able to obtain a victim’s proof of identity, is not a new threat to the startup companies. In fact, from the 2021 Verizon Data Breach Investigations Report, it is stated that credentials remain one of the most sought after data types and also the fastest data point to compromise. While the threat itself may not be something new, the environment we find ourselves currently navigating is, and cybercriminals are using this to their advantage.
As the workforce rapidly shifted from being siloed to remote, many organisations had to roll out additional services and solutions to remain operational. However, these devices or services also gave cybercriminals additional entry points within their networks. With many organisations operating via cloud-based solutions, having access to these networks means that hackers can gain access to a multitude of sensitive data within minutes.
Alarmingly, the majority of credential theft is the result of targeted phishing or malware attacks. As many people reuse their passwords for a number of services, once a single password has been compromised they can then try to connect with another service or network. It has been shown that 60% of small companies close within 6 months of being hacked. However, with people working remotely, educating staff on the importance of setting resilient passwords, isn’t on the agenda for many startup organisations and therefore leave them vulnerable due to this negligence.
Increased AI adoption
Artificial intelligence (AI) has been a technology that has been cementing itself within many sectors for a number of years. Due to its ability to carry out repetitive and arduous tasks, startup organisations are beginning to see the benefits from rolling out this technology with the financial sector also taking note. A report from Deloitte revealed that 30% of financial service organisations they describe as “frontrunners” are more adept when it comes to utilising AI; using the technology to enable them to increase revenue at a faster rate than their competitors.
What’s more, the report states that 45% of “frontrunners” invest $5million in AI initiatives with 70% planning to increase their spending within the next year. Yet, as AI continues to establish itself within the financial services sector, business leaders within new organisations need to ensure that they have robust and resilient infrastructures in place. With so much trust being placed on the AI to automatically manage, distribute and in some cases, duplicate data, startup companies need to ensure they have protocols in place if this technology is also targeted by hackers and cybercriminals.
A need for cloud-based security
Technology is helping to solve many of the financial sector’s challenges and protect various startups through advancements in the digital landscape. The evolution of cloud computing, which was traditionally valued for its cost saving capabilities, is now invested in its enablement for future innovation. Cloud-based technologies also allow startup businesses to implement critical cybersecurity measures that prove extremely difficult to penetrate including shielded logins, disconnecting the end user environment and Zero Trust Architecture (ZTA).
With many organisations still working remotely and as we seemingly emerge into a new era of hybrid working, startup companies are undoubtedly going to be providing additional solutions for their workforces to remain efficient. However, with credential theft on the rise, we can see the vulnerabilities that these expanded ecosystems present when it comes to phishing and malware attacks.
New businesses can look to easily implement the offerings of cloud-based solutions via shielded logins to external partners they’re dealing with. Using an authentication service whereby the user’s logins are transported via the browser as a client, all other authentication processes are performed by backend systems. This means an extra layer of protection is provided when coordinating third-party involvement. Additional processes in the cloud can be implemented for further security, such as dynamically generated, unique passwords and tokens that the service provider does not store, so that the login information to applications remains hidden for all other users.
More and more startups are also embracing Zero Trust Architectures aimed at protecting modern businesses from security threats by removing the “trust” from an organisation’s network. As a result, many are utilising identity and rights management systems powered by blockchain technology to bolster the level of security for these organisations. Using these systems, users gain self-determination over their data by means of digital authorization chains meaning it is always traceable who has accessed which data or systems when and with which authorisations and where these authorisations originate from. This prevents threats to the company’s intellectual property and stops hackers from stealing company ideas which they could market for themselves.
The past year has forced a number of sectors to rethink the way in which they operate, especially newer businesses with less funding than larger corporations. As remote working looks to remain on the agenda for many startups, it’s imperative that they consider the sensitive nature of the data that they hold. Additionally, with many cyber-attacks being the result of phishing or malware incidents, organisations need to first educate their staff on the importance of vigilance around protecting their credentials whilst also ensuring that they roll out the right technologies that can combat these kinds of phishing attacks. Innovative cloud-based solutions can offer a solution. Implementing end-to-end cloud security systems provide simple yet highly effective barriers for intrusion. Sensitive data cannot afford to wait therefore investing in secure cloud solutions now will ensure the safety of your organisation’s future.