Businesses changed their ways of functioning when the pandemic hit by implementing stay-at-home policies. Employees started using Microsoft Office 365 and other cloud-based software while accessing more resources through company VPNs. There was suddenly an urgent need to step into the cloud without proper cybersecurity preparedness. People logged in through unsecured networks and home computers, exponentially increasing the risk of cyberattack toward sensitive data that became open for all.
The pandemic even changed India’s technology ecosystem with numerous home-grown startups going global, thanks to the Atmanirbhar Bharat initiative of the government of India which focuses on creating a self-reliant nation. Unfortunately, a large percentage of startups had to shut shop during this phase. Startups and small businesses have been the worst affected by major financial resource crunch, the rising threat of cyber frauds, and data breaches.
Cybercriminals have been on the top of their game, developing new techniques and increasing the risk of cyberattacks since the start of the pandemic. They saw an immense opportunity when everyone had to work out of their homes where securities are usually compromised. Large corporations, government offices, corporate hubs built strong infrastructure to combat cyberthreats, but small businesses and startups were the ones that came under the bus.
In the past year, the interest levels of hackers in Indian consumer data increased, leading to multiple data breaches. These incidents left both — the consumers and industries, shocked. Now there is always a looming fear around cybersecurity. The app ecosystem and businesses have accepted the need to tighten their security levels because almost 74% of organizations, in India suffered a ransomware attack in 2020.
Numerous startups were cyberattacked, shaking the startup industry in the last year, including:
- A leading Indian ed-tech startup, was left shocked when their data of over 2.8 lakh students became available for public viewing online.
- One of India’s popular e-grocery startups faced a security breach when their data of almost 20 million users was compromised.
- A hyperlocal delivery startup became a victim of cyber-threat with the exposé of almost 3.4million users’ data.
- Not a startup, but an established Indian sweets shop witnessed a ransomware attack. Hackers demanded a ransom of $7,50,000.
- Another ed-tech startup suffered a data breach in September 2020, compromising data of at least 2 million users.
- A payment processing company breached over 35 million records. That was one of the biggest cyberattacks that happened in the year.
These are just a few examples. Not only startups, but well-established organizations also fell prey to cyberattacks throughout 2020.
Multiple systems connected and working for one site, out of an insecure zone, has given cybercriminals a chance to find loopholes and launch attacks.
Small Startup. Limited Budget.
It has been noticed that most startups, given their business magnitude and people strength, do not think that they can be a target for cyberattacks. It is this perception that holds them from investing big in cybersecurity. However, every startup needs to protect its IP. They may not have big budgets, but a great idea that can be stolen through cyber theft. Although, from the above list of cyberattacked startups, not all are small companies. That makes both small and big startups vulnerable.
Insider threat is another factor to consider for cyberattacks. Old passwords that never change, becoming a victim of phishing activities, clicking on malicious websites, and falling prey to ransomware attacks are just some of the ways humans end up inviting cyberattacks. Cybint states that 95% of cybersecurity breaches are due to human error.
How To Secure Yourself?
The cyberattack fact sheet released by Cybint solutions says that 43% of cyber-attacks target small businesses. That reinstates the fact that no one is secure unless every organization starts accounting for cybersecurity in their annual budgets, irrespective of their business size. Globally the rise in cyberattacks has increased by 80% (2020-2021) and India ranks as the second-most targeted country after the US. An estimated figure of around $20 billion has been paid as ransom pay-outs till now.
These are disturbing numbers, yet the fact remains that small organizations (those with fewer than 500 employees) spend an average of $7.68 million per incident such as web-based attacks, phishing, malicious code, botnets, etc.
There is a need to make a fundamental change towards cybersecurity. Organizations must account for malicious activities and educate their staff about the magnitude of loss that a simple attack can result in. Companies must make cybersecurity awareness, prevention, and security best practices a part of their culture along with building robust strategies to mitigate risks. Hackers often keep an eye on growing businesses because they know the organization might not have focused on securing its data.
Global cybersecurity spending is estimated to increase up to $1 trillion by the end of 2021. Better investments will help startups secure their data, saving from getting hacked.