Join our Waitlist for Expert Advice!

3 Reasons Why IT Security Must Be a Top Concern for Tech Startups Security must be at the center of all tech startup activities.

By Ralph Tkatchuk Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

gilaxiam | Getty Images

Web and mobile apps are now a dime a dozen as more ventures join the rush to roll out the next killer app. According to AppBrain, there are nearly 2.8 million apps on the Android market to date. Search for a particular interest or functionality and there is likely a dozen or so web and mobile apps that would pop up. The volume and pace of app creation lead to a sizable percentage of poorly developed apps that almost a quarter of users abandon them after first use.

What is worse, these bad apps can leave users exposed. A study by Codified Security found that 40 percent of published apps leave vulnerable backdoors that can be exploited by attackers. These vulnerabilities can leave user data exposed or allow malicious actors to gain access to computers and servers used in testing and development.

Related: How Do Google, Apple and Others Stack Up When It Comes to Protecting Your Privacy?

The competitive nature of the industry demands ventures to ship software quickly. However, shoddy coding and careless testing can leave the venture and its users exposed to cyberattack risks with potentially disastrous ends. The issue becomes even more pressing as new technology trends such as the wider adoption of financial technology and internet of things (IoT) devices is set to bring forth a new wave of apps and services.

Security must be at the center of all tech startup activities.

1. Threats are rampant.

2016 had no shortage of high profile cyberattacks that involved large tech companies, internet infrastructure providers, banks and government institutions. But, for every big name company, there were numerous other smaller organizations that also suffered attacks. Among the top threats that persist today are ransomware, distributed denial-of-service attacks (DDoS) and data breaches.

Ransomware are consistently identified by security firms such as Kaspersky as top threats to organizations. Ransomware are malware that encrypt a computer or network's files. Attackers then demand ransom from victims in exchange for a chance of getting their files back.

DDoS attacks seek to deny access to a website or service by overwhelming its server with traffic. The biggest DDoS attack on record happened last year when DNS provider Dyn was hit. The outage also affected popular sites and apps that were under Dyn's network such as Netflix, Spotify and The New York Times.

Among these attacks, data breaches pose the real threat to end users. Stolen confidential information are commonly shopped around to criminal entities in the dark web. Data containing personal, financial or proprietary information can return a profit when sold in the black market. Sites and apps that store customer information are prime targets for such attacks.

Related: We Scored High on This Cybersecurity Quiz. How About You?

2. Getting attacked is costly.

Any form of downtime or disruption is costly for any business. Network security solution Incapsula estimates the cost of downtime caused by DDoS attacks to an ecommerce site to average $40,000 per hour. Other attackers also perform DDoS attacks for ransom knowing that companies may be willing to pay in order to avoid the costs of downtime.

An IBM and Ponemon Institute study says that each stolen record costs the company $158 each in damages. Getting hit by a data breach can heavily impact a company's valuation as well. The sale price of Yahoo! has dwindled since its disclosure of past massive data breaches. Verizon asked for a $3$350 million discount after the data breaches were publicized.

As for ransomware, while attackers may only ask for $722 on average, getting locked out critical files can be catastrophic for organizations that do not have backup systems in place. There is no assurance access will be restored even if the ransom gets paid.

Beyond the outright financial impact, businesses also risk loss of customer trust and reputation when hit by cyberattacks. For a startup, such fallout can sink the whole venture before it even gets off the ground.

Related: The Worst Hacks of 2017 -- So Far

3. Tech startups should have higher standards.

Businesses get exposed due to a variety of reasons. Non-tech startups are especially vulnerable. Often without dedicated personnel to oversee the proper use of IT resources, it is common for computers and networks to be left unsecure. Lack of training on fundamental IT security practices also leave staff vulnerable to social engineering attacks such as phishing which in turn pave the way for more serious attacks.

Tech companies should know better. If they intend to market themselves as experts with superior products, they should be making security a critical part of their work. A good portion of tech startups effort is involved in product development so ensuring that their software is secure is vital.

Mirai, the malware responsible for a number of massive DDoS attacks last year, exploits unsecure IoT devices and use them to carry out attacks. Many of these devices, which include IP cameras and network devices, were poorly designed and lacked security features that could have prevented Mirai infections. Leaving out security in the product design and making product development shortcuts can have serious consequences.

The Codified Security also revealed that the app vulnerabilities are often due to careless coding. Developers may leave out information in their published code such as server credentials. As some apps use the same server instances when they go live, access to those servers can ultimately compromise all server data which, by that time, may already include customer information.

Related: 4 Easy Ways to Protect Your Company From a Cyberattack

Making security a priority

So how can tech startups mitigate these risks?

For developers, security should be a fundamental consideration in the software design. Code should be vigilantly reviewed in order to track vulnerabilities which can be exploited. It is critical to subject all software to intensive QA. Testing and should not be skipped in favor of accelerating shipping or launch dates.

Organizations should perform security audits to identify vulnerabilities in their operations. Educating staff regarding the best practices ensure that IT resources are used in a secure manner and that no company or customer data get compromised. Tech ventures should also be implementing security measures to cover other business activities especially those that involve customer data such as sales and marketing.

Customer information should be held in the strictest confidence. Startups owe it to their customers to safeguard the privacy and security of those who entrusted the company with their business.

Ralph Tkatchuk

Entrepreneur Leadership Network® Contributor

Data Security Consultant

Ralph Tkatchuk is a data security consultant and and an IT guy with 15 years of field experience working with clients of various sizes and verticals. He is all about helping companies and individuals safeguard their data against malicious online abuse and fraud. His current specialty is in ecommerce data protection and prevention.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

You Have One Month Left to Buy a House, According to Barbara Corcoran. Here's Why.

"If you are planning on waiting a year and seeing where interest rates go, you are out of your mind," Corcoran said.

Business News

These 3 Side Hustles Make the Most Money While Working Fewer Hours, According to a New Survey

The survey also found that having a side hustle doubled as a path to becoming more employable.

Data & Recovery

Train Your Company to Avoid Costly Data Breaches With This $30 Bundle

Train in the eight domains of CISSP and protect your business from growing cyber threats.

Side Hustle

I Made $14,000 in 1 Week With a Spontaneous Halloween Costume Side Hustle — Here's How

Sabba Keynejad was in art school when he started to refine his entrepreneurial skills.

Franchise

The McRib Is Back, But Only at Select McDonald's — Here's Where to Find It

This scarcity is nothing new. In 2022, McDonald's announced a "Farewell Tour" for the McRib, suggesting that it might be the last time customers could get their hands on it.

Business News

This New Restaurant Is Banking on One Dish — Because It's the Only Entrée on the Menu

The new hotspot is gaining buzz on social media for its innovative yet super simple concept.