6 min read
The opinions expressed by the entrepreneur's contributors are their own.
In the business world, revenue is king – and understandably so. A business can only grow if it generates revenue, and a business that operates without a clear path to revenue is not long in this world.
Obsession with short-term profits – and only profits – can lead entrepreneurs to ignore other essential parts of their business. If business owners just focus on making as much money as possible as quickly as possible, they are likely to neglect the safety and stickiness of trust – and pay for them in the long run.
What if security is an afterthought?
Cyber security needs to be at the forefront of any business, especially large companies, but too often it is not. Some entrepreneurs believe that an emphasis on safety can stifle innovation. Others believe that it costs too much in terms of both manpower and money. There are also those who just didn't prioritize it.
The unfortunate fact is that if you don't pay attention to your company's data security, the bad guys will do it. Take a look at just a few of the recent incidents that have occurred because companies have retrospectively viewed security as an afterthought.
Security claims by Zoom
As reported in TechCrunch, Zoom recently reached an agreement with the FTC on the company's claims regarding the use of end-to-end encryption. Apparently the company wasn't. The FTC called the company out and forced Zoom to change its practices so as not to misrepresent its security measures. In Zoom's case, the promised security was an afterthought.
Twitter hacked by Slack
In July, several large accounts were hacked on Twitter to advertise a Bitcoin fraud. According to Mashable, the hacker gained access to Twitter's systems through unprotected credentials on the company's Slack account. In this case, security on Twitter's Slack account was an afterthought.
In April, Microsoft Teams identified a vulnerability that could have allowed attackers to use a malicious GIF image to steal data from the company's accounts. According to Threatpost, CyberArk researchers identified the threat and Microsoft subsequently patched it. No data was stolen, but it could have been, all because Microsoft viewed Teams' security as an afterthought.
Since these companies are all household names, it is clear that they survived their violations. Remember, however, that these are billions of dollars worth of big corporations that have run the gauntlet to get too big to fail. What does a data breach mean for a small business entering this battle right now?
Research shows that 60% of small businesses have to close their doors within 6 months of a cyber attack. Rather than focusing on how these companies recovered, smaller companies should view these incidents as a major warning sign – they are unlikely to be so lucky to survive an attack like this, so they should learn and set from the mistakes of these larger companies sure that security is a priority from the start.
Related Topics: Cybersecurity Practices That Will Protect Your Small Business
How to do security right
It's not difficult to do the right thing when it comes to safety. It's easy to take security seriously – and know that malicious actors are deliberate, persistent, and patient. You intentionally plan events that could exploit gaps in your security. They persistently pursue different avenues of attack, are patient, and can wait for the right opportunity to pounce.
In return, your cybersecurity efforts should also be deliberate, persistent, and patient. Conscious in your efforts to protect your data and systems, continuously improve your security and patient in building a long-term secure environment.
You can differentiate your business by considering these points and emphasizing security throughout your business and software development cycle. As important as corporate security is, it comes at a cost. All of the malicious actors out there want to test your security claims. Of course, they would test you, too, if you didn't strengthen your security. Better to be ready for them than unprepared.
Related Topics: Implementing Cybersecurity and Future Strategies for Businesses
Cost vs. security
Some executives question the cost of corporate security. It's fair to evaluate costs versus benefits to a business, but in the case of cybersecurity, you'll find the investment is necessary. Good corporate security may require more work and higher up-front costs. However, this is nothing compared to the cost of ignoring security and the potential victim of a breach, ransomware attack, or releasing a vulnerable product.
All you have to do is compare the cost of cyberattacks with the cost of cybersecurity. Gartner predicts that global information security spending will be nearly $ 124 billion this year. You might think this sounds like a lot, but once you realize that the global cost of cyberattacks will hit $ 6 trillion a year by the end of 2021, it doesn't seem that drastic anymore, according to Cybersecurity Ventures. The damage from cyberattacks still outweighs the cost of cybersecurity and will continue to do so.
The importance of transparency
Despite the benefits of strengthening your company's cybersecurity, the cost of that security can be insurmountable if you don't apply transparency. Through transparency, you can help make cybersecurity more affordable and effective for you and others.
Security transparency means opening your code, hiring the best security experts to test your product, and opening your results. It is also important to support bug bounty hunting by incorporating it into your safety QA processes. The more eyes on the process, the better. Internal transparency is also key. Building a culture of unit testing and security-based CI / CD is an important way to ensure your team is working together to create better, safer products. The important advantage here is that these processes create better, more powerful products that are simply safer.
Related: 6 Cybersecurity Must-Haves For Your Business
Features of security done right
What if security is done right? There are key features:
For products that make cryptographic promises, the use of an open protocol / source code is mandatory for greater transparency.
Security is built into your systems and processes and not tied to them. If you are a non-unit testing development organization, you are not committed to security.
Zero trust security principles are adopted and extended by end users. Don't just automatically trust your end users. This philosophy should be expanded inside or outside your perimeter – including your security team and your service providers!
If your company can use these approaches, you will reduce your risk factors and better protect your company and your customers' data. In the short term, this may not always be an easy way to go, but in the long run you will have more loyal customers and avoid the immensely expensive process of scrambling to patch and react.