Cybercriminals are incredibly good at breaking into business networks. A recent study by global IT solutions provider Positive Technologies found that attackers can successfully breach an organization’s external network perimeter in 93% of cases.
If your network perimeter is breached, bad actors have free access to the sensitive systems and data within. They can cause real problems with customer interactions or other business functions.
As an entrepreneur, no matter how many tasks and projects you're juggling, cybersecurity innovation should be one of your top priorities. This is especially true in startup environments that typically lack the robust network infrastructure of larger enterprises.
Why Cybersecurity Innovation Is Important
Cybersecurity, loosely defined, involves any action, or process you take to prevent business disruptions caused by unauthorized access to — and misuse of — your computer systems. Innovation in cybersecurity could help prevent breaches and keep your systems secure.
Here are some key reasons why cybersecurity innovation is important for businesses of all sizes:
1. A Rise in Recent Breaches
In the past few years, recent breaches have underscored the importance of cybersecurity. The first six months of 2022 saw some of the most astonishing hacks and breaches in history. They include the hacking of Okta's database by LAPSUS$, a group of cybercriminals purported to be teenagers. Okta is an identity and access management platform, so the breach was damaging not only to their reputation, but also for some high-profile Okta customers like Nordstrom, JetBlue, and GrubHub.
In the Okta breach, LAPSUS$ gained access to a support engineer's computer for about a week, through a remote desktop protocol (RDP) access. From there, LAPSUS$ was able to breach thousands of Okta's Slack channels, getting access to sensitive information like AWS security keys.
2. Social Engineering Scams
Social engineering scams use psychological manipulation to trick people into giving up sensitive information or performing an action. An example of this tactic is the phishing scam, in which hackers use a seemingly legitimate email that contains a malicious link or attachment.
Phishing and other scams designed to steal a computer user's credentials aren't just a consumer problem. A quarter of social engineering scams are aimed at business targets, with employees, contractors, and partners posing the highest risks. Receiving a spoofed email from an official company source (e.g., the HR department) is one example of how hackers can gain access to a system when an employee lets their guard down.
3. DDoS Attacks and Corporate Extortion
A distributed denial-of-service (DDoS) attack causes a company's server to crash by flooding it with requests from infected computers (known as botnets), or by taking advantage of security vulnerabilities.
Cybercriminals also use DDoS attacks as a form of corporate extortion. An attacker might threaten to launch a DDoS attack unless the company pays them a ransom, usually in cryptocurrency. That’s what happened to Voipfone UK in October 2021, halting phone service to frustrated customers for about two days. The hackers issued a “collossal ransom demand” in Bitcoins, in exchange for haltin the DDoS attack.
4. Growth of the Remote Workforce
Security Magazine lists “remote work cybersecurity” as one of the top three cybersecurity trends for 2022. As COVID-19 forced businesses to re-evaluate their workplace policies, many companies adopted or expanded remote work arrangements, which present new cybersecurity risks.
When employees are working from home, they may be using personal devices that are not as well-protected as company computers. They may also be working on unsecured broadband networks. Security vulnerabilities at home include the lack of a firewall, weak passwords, and unencrypted file sharing.
Additionally, while companies may have strict security policies for on-site workers, they may not have updated these policies for remote workers, or they may not be enforcing them as strictly.
5. Supply Chain Vulnerabilities
If one of your vendors or suppliers has poor cybersecurity, it can put your company at risk. That’s what happened to Toyota in February 2022, when one of its main plastic suppliers had a data breach.
The vendor had third-party access to Toyota's manufacturing plants. Toyota ended up shutting down operations while the issue was sorted, hindering production (and Toyota's revenue) in the process.
A study by the Poneman Institute, a research center focused on studying privacy, data protection and information security policy, found that nearly 70% of companies didn't know how many third-party relationships they had or how these relationships were managed.
To protect your business, it's critical to own this information. You must know what your vendors' and suppliers' cybersecurity policies and practices are. You should also have a contract in place that requires them to meet certain security standards and compensates you for damage that occurs due to a partner data breach.
Cybersecurity Trends to Consider for 2022
For startups, entrepreneurs, and businesses of all sizes, having a cybersecurity strategy is critical to remaining competitive. It also helps keep your customer data safe while avoiding costly fines and business disruptions.
In addition to the above reasons that cybersecurity is important, some additional trends to keep in mind include:
- Industrial cyberattacks are on the rise, impacting production processes, utilities, and IT networks/infrastructure. This kind of attack can knock power grids and other essential systems offline for days, weeks, or longer.
- Cybercrime is an international industry, thus hackers may be operating in countries with lax cybersecurity laws. This makes cybercriminals incredibly elusive and difficult to locate and prosecute.
- There aren't enough cybersecurity experts to counter the number of attacks, making it easy for businesses to miss vulnerabilities and/or delay putting the right systems in place to prevent breaches.
- Data-sharing across businesses, systems, and devices is becoming more common, creating new opportunities for cybercriminals to access sensitive data.
- Zero-trust security, which eliminates implicit trust in favor of continuously validating every digital interaction from employees, vendors, and business partners, will be the new normal. Zero-trust focuses on securing hybrid cloud environments and enabling modern digital transformation initiatives with the goal of reducing — or eliminating — breaches.
From a vulnerability perspective, you don't know what you don't know. As new technologies emerge, so do new ways for cybercriminals to exploit them. That’s why baking cybersecurity into your business strategy is critical to maintaining a strong cybersecurity posture. By understanding the risks and taking steps to protect your data, you can help protect your business from attack.
Let MassChallenge Support Your Solution
MassChallenge connects entrepreneurs, startups, experts, corporations, and communities with the resources they need to succeed. We're a global network for the world's innovators.
We provide startups with guidance for everything from research to funding to cybersecurity. Our team of experts can provide the resources and support you need to create meaningful global change, plus we stay with you every step of the way, from idea to launch. We invite you to learn more about how we can support your business.