When it comes to emerging technology, few topics are grabbing more headlines of late than cybersecurity. Thanks to a sharp rise in cyberattacks over the last two years, companies across the globe are implementing measures to shore up vulnerabilities and fend off a wide and expanding variety of threats. Not only did ransomware attacks surge nearly 150% last year, but a plethora of new cyberattacks have emerged in the meantime, including supply chain attacks, and deep-fake-based social engineering.
While such developments are creating a huge headache for established, legacy system-reliant enterprise companies lumbering toward digital transformation, newcomers to the tech scene have something of an advantage. The upside for them is that, with all the focus on cybersecurity, there are more tools than ever for building cyber resilience from the start. Being a cybersecurity-first organization has advantages beyond just battening down the hatches – it’s a great way to build credibility early, especially with clients who can relax knowing their data is secure.
At Vation Ventures, our technology ecosystem is full of thought leaders. We sat down with Taylor Hersom, CEO, and Founder of Eden Data, for insights into how securing your startup from the beginning can push your company ahead of the competition. Eden Data is a cybersecurity firm that focuses on the next generation of businesses ready to build security and privacy into their DNA. Read on to hear advice, insights, and trends Taylor is seeing in the cybersecurity world for startups.
Where should startups start to secure their company?
According to Taylor, making cybersecurity a priority at the early stages of a company’s development is not rocket science, despite some of the preconceptions that are out there.
“Let's first start with a not-so-obvious fact: Security is not as hard as you might think,” he says. “I think folks get intimidated by the thought of cybersecurity, as they think that the subject as a whole is incredibly complex. In reality, fundamental security practices are not even remotely difficult, and most folks have likely heard these tips again and again - implement MFA, don’t share your password with random people or websites, DON’T CLICK THAT LINK, etc.”
And it’s just fine to start out small.
“Just like everything else in life, cybersecurity conforms to the 80/20 rule, meaning that a small amount of changes that you make in your IT environment have a huge impact on your reduction in risk,” he says. “While adopting some crazy new AI-driven network scanning tool that predicts human behavior and thwarts hackers is cool, it’s not as effective as simply turning on MFA on your most critical applications across the entire company.”
Taylor advises that any modern organization just now embracing security should first take a look at the Center for Internet Security's (CIS) Top 18 Security Controls. Taylor notes,
“These are outlined meticulously and can largely be adopted with the tools you already have today, with only a few exceptions! Once you've taken a stab at these, you've already increased your security posture tremendously and can then decide if you'd like to bring in help in order to take it to the next level.”
While keeping things simple is vital for a new venture looking to secure itself from the outset, Taylor still loves to geek out about all things cybersecurity. When asked about what excites him most about the cybersecurity industry, he singles out “technology progression” right out the bat.
“It’s pretty self-explanatory, but as frustrating as it can be at times undergoing vendor evaluations, it’s actually really cool that there are ten technology solutions for every one business problem.” He says. “Companies can grow faster than ever in history, and that feedback loop results in more access for consumers. It creates this amazing opportunity where we can streamline a lot of our workflow, whether it's in security or another department entirely, with a SaaS solution that can be implemented in minutes. However, this, of course, has a dark side, in that it makes it easier than ever for employees to adopt technologies that their employers never have insight into, and then spread data across the web in an uncontrollable snowball-like fashion.”
But that’s not the only thing that psyches him up about the industry. Consumers controlling their data is another big one for Taylor.
“Thanks to compromised data alerts from breaches and creepy social media advertisements, consumers are becoming more educated on data privacy and demanding more control of their data,” he says. “In this case, control=empowerment, and security can be used as an even more valuable competitive differentiator for companies that choose to invest in it. It's so vitally important that every individual understand data is just as important as that $20 bill in their wallet (or in their Venmo wallet, since no one carries cash), and they need to treat their data with the same level of importance. We don't get to just change our driver's license number or our social security number whenever we want, so we must treat it like a valuable asset that can be stolen and cost us dearly.”
Lastly, Taylor cites the use of security as a sales advantage as a fascinating facet of the current state of cybersecurity.
“In business school, we learned about common differentiators companies choose when they decide their competitive market (ex: price, quality, etc.), and we’ve seen them all get hyper-saturated in the globalized markets. But there’s a new differentiator in town, and it’s a game-changer, particularly for startups entering the market. Good luck signing a Fortune 500 company without a solid security program in place: companies are starting to understand that every vendor they adopt puts another proverbial window in their proverbial house that a malicious intender can break through. Vendors equate to exposure, and companies are getting serious about vetting their vendors!”