Digitalization is prevailing and so are the modern devices. Smartphones are becoming smarter, companies are becoming creative, and people are evolving and undoubtedly, technology is at the peak. Needless to say, without any ado, we should talk about one of the most important ingredients, probably, the underestimated element, security, or, precisely, cyber security. Yes, it is one thing that is important and ignorant altogether.
Startups have found their destined way after the ‘Make in India’ campaign has successfully and cordially launched on September 25, 2014. The event was attended by 2500 international delegates from 68 countriesIt focuses on 25 sectors of the economy including : Automobile, Biotechnology, chemicals, constructions, defence manufacturing, media and entertainment, pharmaceuticals, etc. Under the initiative, brochures on the 25 sectors and a web portal were released. The ideas, concepts, and the creation of the entrepreneurs started to come into the limelight, the Indian market. The funding, the sequential array of the newly established venture gained the momentum because of the angel investors, venture capitalists and crowd funding.
The most wonderful and awestruck news was that it had received over 15.2 lakh crore worth of investment and investment inquiries worth 1.5 lakh crore.According to a Nasscom report, India ranks third globally in a number of startups. The more the merrier; same applies to the threats.
For starters, it must be accepted that the idea of a software being ‘unbreakable’, as has been utilized by many, is extremely impractical and hazardous. Theoretically, a piece of software can contain no flaws, since it is designed to work only when there exist no errors. However, every software requires hardware to function, which is vulnerable to attacks. A good example of this is the attack on Iranian nuclear facilities by an extremely dangerous virus called Stuxnet- which targeted the hardware instead of the software. Furthermore, such hardware and software are operated by individuals who are exposed to social-engineering attacks, otherwise referred as confidence tricks. Thus, in essence, selling software by advertising it as unbreakable arouses a false sense of security.
Smit Shah, CEO of eSecurify and Cyber Security Expert, has been observing this scenario since the boom of the digital India began. He analyzed pretty obvious and oblivious things about the startup culture.
Then, Startup India campaign was started on January 16, 2016, which aimed at promoting bank financing for start-up ventures to boost entrepreneurship and encourage startups with job creation. This is the reason why $3.5 B is poured into 815 deals in 9 months- an average of $13 M invested per day in Indian startups. This is breathtaking.
In this article, he will share the insights that should be taken care of, keeping in mind the perspective of investors, entrepreneurs and third party users. Turn by turn, we will go through the crucial attributes that hinder, scares and many times, breach the security barriers. In addition, Smit Shah will tell us what all things should be done in order to prevent and protect it completely.
# 1 The One
Who better than the aspiring entrepreneurs know what is going on in their startups? They are the one, really, who are aware of the know how of the fresh forest growing. While they are developing rapidly, they forget to look at the security facet which not only raises the questions about the surety but also stands at the position to responsibly do something about it. There are innumerable startups which rise and fall everyday, countless of which have not done patent, fewer would have skipped the legal process, and not to mention, many entrepreneurs have stopped worrying about anything after their launch of the mobile application.
Startups, Digital Startups that mainly deals with the online ordinance have disregarded the intermediate but significant factor, fear to be hacked. The Cyber Security is an essence to any online execution because it ensures the reliability, compatibility and the guarantee of the third party. They are busy upgrading and updating their products/services without leaving a tiny possibility of it to unveil.
They are busy gathering the funding for their forthcoming ‘Next Big Thing’ and become perfunctory. The cost effective revenue model, initial investment, and the focus to make the idea bigger bounces off, when the security patterns and concerns are to be noticed. Yes, the responsibility is really big and from his personal experience, Mr.Smit says, “Sometimes, with privilege and courtesy, when I’ve advised few dignified entrepreneurs to check out their portals as it might have serious security concerns, all they do is hire a new developer or change the whole website or application.” It’s funny and fathomable. Not finding the root cause, they become circumspect in their actions.
According to the recent statistics, NCR-Delhi region has seized $1.12 billion in funding, followed by Bengaluru’s $1.06 billion and Mumbai’s $1.04 billion.
Even when the ‘Make in India’ was launched, it had a clear mention that cybersecurity shouldn’t be parched. There are pros and cons for everything; similarly, there is always an underestimated factor that transforms into mammoth later. The simplest thing to do on the contrary is not to undervalue it and make each and every online entrance audited. This will certainly reduce the possibility for any startup to doom.
Point to be noted: Another frequent mistake done by most ethical hacking entities is in assuming that complex cryptography does a better job than simpler kinds of encryption. It is a well-accepted fact that encryption consisting of very large numbers will take longer to crack than shorter ones. However, beyond a certain level, the length of the key becomes irrelevant- as the attackers instead of resorting to conventional ways, will simply try to recourse to something else, like the ‘end-point vulnerability’ attacks- a method wherein hackers target the machine in order to steal whatever is typed into the keyboard or shown on the screen. Furthermore, it is also a misconception that short keys can be attacked easily by brute force, since a short key which is complex could take years to decrypt, depending upon the technology available. Hence, using long encryptions is akin to having a foot-long key to your house- it simply makes no sense.
#2 I am second
There are deals happening everywhere. Investors are putting money where the unit economics is strong and the growth isn’t being hampered. Investors are risking their money; they know about it. What they don’t know is that that money is being gambled upon the security and privacy factors of the startup itself and to those whom it will serve.
We have gone through the statistics and analytics about the fast growing startup industry and their financial statements. Isn’t it cautious enough to understand the simple logic that they should ask the entrepreneurs and startup leaders or urge and when necessary compel the same?
By now, you might be pretty convinced that we are living in a sci-fi world. A very good example is to look at your mobile phones, the sleek, tiny yet incredibly powerful machine that you carry close to your heart at all times.It would seem incredibly normal to connect to any person on any corner of the planet and interact with them, at the tap of the button. But there is a catch. Every morning while you carry your cell phones, you implicitly enter into an arrangement with the carrier wherein in exchange of making and receiving mobile calls, you allow the company to know where you are at all times.
It has become a huge business. They know it, we know it and startup giants know it.
Before we embark into the third party, let us understand more about cyber security. In the domain of cyber security, there exists following different types of cyber crimes-
- Ordinary forms such as forgery, e-market frauds.
- Illegal downloading of pirated content.
- Hacking and Denial of service attacks done through electronic networks.
- Cyberspace crimes affecting the physical systems such as transport grids, pipeline ruptures etc.
#3 The Third Party
We, the users, should be aware of what is secured and what is not. Only then, we will be able to self-protect against any of the vulnerabilities that comes digitally. We might be unaware about the investor-entrepreneur game but the point is very clear. Today’s technology provides government with capabilities for mass surveillance, which has been sufficiently clear after the revelation by Edward Snowden few years back. Such mass surveillance is critically alarming and threatening as it enables governments to discriminate on all criteria, including religion, race, caste, sex and so on. Our liberty is being curtailed every day, making us less safe, less free. We need to do something about it, before our lives are made completely public. Privacy is as essential to our existence as food and water, it controls our ability to relate to the world. We need to start renegotiating the bargains we have made with our privacy and assume control over our lives.