TimesTech Buzz: Why startups should be more worried about cybersecurity attacks in 2021 and ways to prevent them?
Shikhil Sharma: When it comes to startups, I’ve seen two clear patterns when it comes to security. The first category of startups are the ones trying to go zero to one and second category of startups are the ones that are in hyper growth phase, usually post funding. Sadly, in both the cases cyber security takes a back seat. For the first category the entire focus is on getting first few customers and security is completely ignored. For the second category where startups have enough resources to invest in security, somehow end up spending all on growth and marketing without investing in security. Hackers are very intelligent in identifying both these categories and hitting when it hurts the most. For small startups they usually find vulnerabilities in the application and exploit them. For big startups, they end up going after their data by finding misconfigured repositories or cloud configuration – leading to millions of records being stolen as we read in the news.
In 2021, the challenges have only increased because teams are distributed and so is infrastructure of the startup. We cannot stress enough on the importance of regular security audits. One of the key characteristics of startups is high growth, and when in high growth phase startups tend to be developing their solution really fast. Not every time most security conscious solutions are developed, hence a security audit where a security company uncovers all possible vulnerabilities becomes important. Further, ensuring that apps have firewalls and employees are trained on the basics of cyber security also becomes super important.
TimesTech Buzz: What is Astra Security’s take on the rise in cybersecurity attacks in 2021 and how to curb them?
Shikhil Sharma: We’ve been tracking a rise in number of attacks in our network of websites and apps that Astra’s firewall protects. Also, there has been a rise in more and more startups wanting security scans of their applications. This is a good sign, because if attacks are increasing we can safely say that startup owners are becoming more conscious too.
There’s a very easily implementable 3 points strategy which should be followed to minimize the possibility of data breach from cyber attacks:
- Prevent: Hack yourself before hackers do! If the first ever test for security is being done by hackers on your business, then your business is bound to get hacked. Make secure a vulnerability assessment & penetration test (VAPT) is done to uncover all possible vulnerabilities on your business. This way, when hackers come trying to find vulnerabilities – it’ll be quite difficult for them to find something you haven’t.
We’ve seen that whenever a company gets a VAPT or security audit done from us for the first time, the results usually break a few myths about their own security posture.
- Protect: Hackers are always probing for vulnerabilities in your infrastructure and applications. This requires a real time protection in the form of a firewall which ensures that hackers are stopped right at the bay. From, 6 million+ attacks that we stop on various businesses’s website through our firewall every month – we’ve seen more than 50% of them are automated bots made by hackers trying to probe for vulnerabilities which can be easily exploited.
- Engage: Not all hackers are bad. If you can make hackers your friend, it’ll be an excellent outcome. This can be done by running a bug bounty program for your business. This means every time someone finds a security vulnerability on your infrastructure, instead of tweeting about it or exploiting the bug they’ll report it to you in exchange of a reward! An excellent way for startups to change potential bad publicity into a good one!
TimesTech Buzz: How to mitigate the constant rise in the cyber-attacks in the banking industry, SMEs and the health industry?
Shikhil Sharma: I think hackers know where it hurts the most, and they hit exactly there. This is so true for banking, fin-tech and health industry. The data they handle is one of the most sensitive information about individuals.
The above three step methodology of Prevent, Protect & Engage can come super handy for these industries. Security is best done in layers. There is no silver bullet which takes care of it all, these industries should need to understand that and should always be taking proactive measures to improve their security. Further, in almost every security system humans are the weakest links. There should be a considerable effort to train the non-technology savvy work force too. Every one should have a basic knowledge about cyber security side of things so that whenever they see a phishing email, they’re able to identify or next time they receive an ’emergency’ call they know how to identify a social engineering attack which leverages human emotions.
TimesTech Buzz: How does Astra Security keep the cyberspaces safe while providing go-to solutions for the companies and a way forward?
Shikhil Sharma: Astra Security makes cyber security super simple for businesses. It is like the first security employee of every business. Astra’s suite comes with a security scan to uncover vulnerabilities in your apps, a firewall to protect your websites in real time and ability to make hackers your friends by running a bug bounty program. As you would imagine, this covers a lot of basis for a business when it comes to cyber security.
The best part about Astra Security is that it takes minutes to setup and not hours or days which is the case with traditional cyber security solutions. Going forward, we’re planning on launching a vulnerability management system and scanners for businesses. We believe that every business should hack themselves before hackers do, and for that we will soon be launching in-depth website security scanner, API scanner and even cloud scanners.
Astra Security’s firewall stopes 6 million+ attacks, uncovers 2000+ vulnerabilities in apps and detects 80,000+ malware every month. We’re aiming to 10x that number by end of this year.
TimesTech Buzz: Why is it important for the companies to get their security audits done timely?
Shikhil Sharma: I cannot describe how bad I feel when I see that ‘This bug would have takes me 2 hours to fix’ look on developer’s face when they discover how a hacker hacked them. It’s not a good place to be in. But the good news is that such situations can easily be avoided by getting regular security audits done on your application and infrastructure. If you are integrating the security scanner in your CI/CD pipeline, that’ll be even better.
To sum that up, regular security audits save your life when it matters the most! And you can always brag about them in-front of your customers as these days potential customers prefer security conscious businesses over the not-so-security conscious ones!