Start-ups: a lucrative target for hackers
A security researcher recently explained to me that any hacker "would've loved to have hacked in to Twitter five years ago", because, if he had, then he would have potentially had a lifeline directly in to its key systems and information.
Start-ups tend to focus their energy on getting a product to market or releasing a new feature; however, they could be making a fatal mistake by not considering their security practices.
I spoke with the security researcher after a briefing by consultancy firm Securus Global, where the researcher explained that common, low-level vulnerabilities can be collectively exploited to hack in to a business. He explained a previous scenario where a start-up was vulnerable because of password sharing and poor storage of servers and web logs. These were chained together and exploited to gain access to the main systems, including the corporate wiki, which contained credit card information for online work purchases and the company's account details for Amazon Web Services.
It is true that hackers would prefer to attack large corporate organisations that have a huge number of customer details and massive revenues, but that's a short-term view. Time is on the hackers' side; once they have penetrated the systems of a start-up, they can afford to wait for it to grow into a much more lucrative victim, even if only one out of 100 does so.
For the start-up, the resulting damage could potentially be fatal. Beyond losing simple customer data and information, it could be game over, if, for example, the start-up's intellectual property fell into the hands of a competitor.
Securus Global managing director and CEO Drazen Drazic agreed.
"Start-ups have greater business risks in the event of a major security incident early on," Drazic said. "They're trying to establish a business base and confidence in their new venture, and a hack of the system can do some credibility damage that could be difficult to recover from.
"Facts are that many large companies survive high-profile hacks into their organisation, and it's almost [business as usual] very quickly.
"A small start-up would struggle much more."
Would Google be the same today if a hacker had stolen its search algorithm early in the company's lifecycle and sold this information to another company?
By definition, start-ups must prioritise their time and resources, and often this is dedicated to improving the application's user experience and developing new features. Yet, while this is important for the short term, they should also consider that without the proper security practices in place, their hard work could all be for naught.