How Startups Can Build A Robust & Resilient Cybersecurity System

How Startups Can Build A Robust & Resilient Cybersecurity System

SUMMARY

In a data science business, a loss of confidentiality, integrity, or availability (CIA) of client data could have a significant impact on the company’s ability to operate the business

Failure to sell new business, loss of current customers or the massive loss of reputation as a result of a major data breach are all realistic possibilities

Learn about the systematic step-by-step approach a customer data science or customer data-centric organisation should take to tackle the ever-growing IT security challenges

In a data science business, everything puts customer data at the heart, the majority of which is provided to a company by its clients. Loss of confidentiality, integrity, or availability (CIA) of that data could have a significant impact on the ability to operate the business. 

Failure to sell new business, loss of current customers or a refusal to be custodians of customer data are all realistic possibilities in such circumstances. The massive loss of reputation as a result of a major breach is also a significant loss. 

The risk is compounded by a general increase in cyber-attacks across the industry. The Federal Bureau of Investigation (FBI) continues to warn of exponential rises in ransomware affecting company operations. Furthermore, the Information Security Forum (ISF) warns that cyber criminals are evolving their attacks to target ‘trust’ between organisations, using a combination of techniques including ‘poisoning’ a company’s data.

Any customer data science or customer data-centric organisation should have a systematic step-by-step approach to tackle the ever-growing IT security challenges. 

Step 1: Assessment Of Current State & Target Security Maturity State

A good starting point would be to assess our security against a maturity model like NIST (National Institute of Standards and Technology). The following is an example of a Current vs. Target state at the end of an assessment:

Current State And Target Security Maturity State

This assessment, in conjunction with a progressive transformation programme, could help improve the overall maturity of the security system in order to better support the business.

Step 2: Understanding The Threats Landscape

There are six generic threat categories an organisation should be up against. These comprehensively cover the main areas that must be mitigated to reduce the risk of data and data-science-centric business. 

Understanding The Threat Landscape

Step 3: Current & Future Threat Profiling

Two levels of detailed threat profiling should be considered while preparing an organisation for a specific defence.

  • A Current & Detailed Threat Profile: Current, detailed, threats consider threat actors (types of individuals or groups that might seek to do harm to business) that may be relevant to data business.
  • Future Threat Profile: Threat profiling for the future is difficult to achieve with any certainty but the ISF does publish a 3-year threat horizon each year. This outlines key threats and themes, based on feedback from their membership base of over 10,000 global companies.  

Step 4: Creating Defences Through A Layered Defence Model

Once we’ve identified threat profiles, we can consider implementing IT controls defined within a layered defence model against each high-level threat. The following is a prioritised control list for a typical data science organisation (where we should be concentrating our efforts first). 

A Layered Defense Model

Step 5: Addressing IT Security Challenges

Implementing Access Filtering 

Key risks addressed in this category to limit internet access are as follows: 

  • Data Security Compliance: Data Science firms that are responsible for sensitive data such as personal health information (PHI) or other forms will use internet-blocking tools to prevent employees from maliciously or negligently leaking data 
  • Network & Endpoint Security: Will prevent users from accessing malicious websites that are known to contain malware. This acts as an internet filter that provides critical security controls for protecting sensitive data  
  • Productivity Management: Content filters are used to block access to distracting websites and computer applications such as social media sites, computer games, and video streaming services   

Implementing Email Security

Email is a primary weapon for spreading ransomware, an advanced threat that can affect multiple endpoints and steal sensitive data. Therefore, an email protection plan needs to include the following best practices to protect email traffic in real-time.

  • Spam Filter: Detect spam and keep it away from either hitting your inbox or filing it as junk mail
  • Email Encryption: Disguise corporate email by changing communications into a garbled arrangement of letters, numbers, and symbols that someone who intercepts cannot read
  • Antivirus Protection: Screen emails and attachments for viruses, providing the user with warnings if anything suspicious is detected
  • Secure Email Gateway (SEG): Filter out potentially dangerous emails according to the settings of an IT administrator
  • Employee Education: Educating employees to recognise social engineering, phishing, and other types of attacks

Implementing Vulnerability Management

An external vulnerability scan ensures that your external firewalls are impenetrable while an internal scan searches the interior network to ensure that the computers within your network are secured properly.

  • Regulatory Compliance: There are many requirements for businesses to keep their client data safe from external threats including GLBA, HIPPA and PCI, among others
  • Update Software Or Change Network: Every time you change the configuration of your network, install new software or hardware, your network is exposed to external risks without your awareness 

Implementing Data Governance

  • Classify Sensitive Data: To effectively manage access to your most sensitive data, you need to know where that data is stored and classify them based on the sensitivity
  • Assign Access Controls: Once you’ve completed your risk assessment, assign access controls to each user, based on their role within the company
  • Analyse User Behaviour: It’s important to monitor user behaviour and ensure that your policies are being followed. What are your most privileged users doing with the data they access? Are they copying, modifying, or deleting files containing sensitive information? 
  • Review Access and Compliance Requirements: Review your data access governance plan regularly to ensure that your policies are logical and effective

Implementing Multi-Factor Authentication (MFA)

The goal of MFA is to create a layered defence that makes it more difficult for an unauthorised person to access a target, such as a physical location, computing device, network, or database. If one factor is compromised or broken, the attacker still faces at least one or more barriers to breach.

MFA works by combining two or more factors from these categories:

  • Knowledge Factor: This requires the user to answer a personal security question
  • Possession Factor: Users must have something specific in their possession to log in, such as a badge, token, key fob, or phone subscriber identity module (SIM) card
  • Inherence Factor: Any biological traits, for example, biometric verification methods

 

Note: The views and opinions expressed are solely those of the author and does not necessarily reflect the views held by Inc42, its creators or employees. Inc42 is not responsible for the accuracy of any of the information supplied by guest bloggers.

You have reached your limit of free stories
Unlock The Ultimate Startup Intelligence With Inc42 Plus

Join 10,000+ Startup Founders & Leaders And Gain The Ultimate Startup Edge

Prices Increases In
countdownmail.com
2 YEAR PLAN
₹19999
₹5999
₹249/Month
UNLOCK 70% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹3499
₹291/Month
UNLOCK 65% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

How Startups Can Build A Robust & Resilient Cybersecurity System-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

How Startups Can Build A Robust & Resilient Cybersecurity System-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

How Startups Can Build A Robust & Resilient Cybersecurity System-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

How Startups Can Build A Robust & Resilient Cybersecurity System-Inc42 Media
How Startups Can Build A Robust & Resilient Cybersecurity System-Inc42 Media
You’re in Good company