It’s a proven statistic that 90% of startups fail. There are a variety of reasons for failing to get your business off the ground, from poor marketing, not understanding the market and being in bad location to compliance problems, security issues and more. One thing that every startup can do, though, is learn one major thing from Big Business: Proper cybersecurity and code quality implementation.
On July 15th, Twitter was hacked by a 17-year old amateur. On July 23rd, fitness brand Garmin was the victim of a ransomware attack. Two days ago, on August 5th, Bank of America experienced a glitch where customer account balances incorrectly showed as $0. The BoA issue isn’t necessarily a cybersecurity issue, but it is likely a coding quality issue and the two go hand in hand.
Twitter got lucky that more damage wasn’t done, that it was a 17-year old who masterminded the operation because someone more experienced would have definitely extorted the company for millions. Which is exactly what happened to Garmin.
Garmin is believed to have been hit with WastedLocker ransomware. According to The Verge, “The attack itself began on July 23rd, and put Garmin’s wearables, apps, website, and even its call centers offline for several days. Garmin confirmed that it had been the victim of a cyberattack on July 27th, as many of its services were starting to come back online. Its statement did not say whether it had paid a ransom in response to the attack, but noted that no customer data was accessed, lost, or stolen.”
The reason that no customer information was compromised is because Garmin paid the ransom. As we’ve discussed in the past, sometimes the ransom is cheaper than not paying the ransom. Garmin could not figure out how to decrypt the virus implanted on their servers, so after a few days they determined it was in their best interest to pay the ransom. The attackers demanded $10 million, although the actual amount paid is unknown.
Bank of America’s glitch, while the origin of the problem is not known, is a coding problem. Coding and cybersecurity should always go hand in hand. Coders who code securely ensure the safety of their company’s information. Insecure coding results in weaknesses that hackers can exploit. So even if the glitch turns out to be a typo somewhere in the code, it must be addressed. Customers are not happy with BoA right now, but they’ll be even more upset should a hacker get into their accounts.
So what can startups learn from these three companies? Don’t skimp on cybersecurity. And don’t skimp on technology and coding. Many execs in business tend to push it off until “later” or want to wait until they’ve grown. Look for the quick, cheap and sometime dirty options. Startups especially think they won’t be targeted because they are an unknown business. Or that consumers will be forgiving – they won’t.
Hacker’s tactics have changed. They now hack indiscriminately. They don’t care who you are, how big you are or what information you have. Information is their currency, so whatever information they get is money in their pockets.
It can be difficult for startups to want to implement strict cybersecurity measures because it’s an added expense. But we live in the Wild West of the internet age where laws and regulations have not yet caught up to criminals. We’re making headway, but we aren’t there yet. So even though it’s an added cost, especially if you need to hire an expert to help you, it’s a must for every business, no matter how new or how small. If you want to be in that 10% of businesses that succeed, you have to protect yourself and your customers. And this extends beyond just cybersec, if you are writing a line of code for your business and you probably are – make sure someone who is an expert is, at minimum, reviewing that code.
Twitter, Garmin and Bank of America are all big businesses with millions of dollars available. As a startup, you have to consider this question: Could your business survive a cyber-attack, or misplacing everyone’s shipment for a few days, or worse going off line for a few days, showing users the wrong account information? Most likely, the answer is no. Be proactive. Protect yourself, your business, your partners, your clients and customers. Ensuring the security of sensitive and proprietary information is essential to success.