Why startup companies are targeted by cybercrime

Security experts say startup companies are most targeted by cybercriminals. A 2013 report by CNN said exploiters "can sniff out" new startup companies as quickly as two months after they are launched. Sometimes even immediately. The information came from a study, "2013 Internet Security Threat Report, Volume 18", put out by Symantec, a software security company.   

Image credit: Alexas_Fotos via Pixabay CC0 Public Domain

In general, statistics showed startups were targeted most of the time. Within five months, the companies were bombarded with spam and malware. These attacks only increased with time. Security experts said within the company's first 10 months of existence, the new companies are infected with malware that rapidly spreads throughout their networks.

Why are startup companies targeted, and so quickly, by cybercriminals?

Security costs money

Many startups are often strapped for cash and put most of their resources into processes that generate revenue. Security is a process that costs money, but does not generate it. As a result, many companies, put security behind other important expenditures, such as development, sales and marketing.

As a company becomes more established, its leadership generally puts more effort into securing the companies digital assets. However, it usually takes some time to get there.

Easier targets

Exploiters know that startups are likely to be more focused on processes that will bring in the revenue or gain visibility. With security as less of a priority, this makes startups are easy targets, so they'll go where the likely payoff will be.

The immediate financial payoff may be smaller, but cybercriminals see the startups as more of a sure thing, rather than a risking a possible or no potential payoff with a more established company. Also, the startups will have lots of data, which is also of value to cybercriminals.

Additionally, the report indicated that employees in sales or research and development are targeted more than the executives of the company.

This suggests that attackers are casting a wider net and targeting less senior positions below the executive level in order to gain access to companies," said Symantec (courtesy IT World/IDG News Service).

Complacency

Complacency may also play a role in some cases. Often small startups think they are not a target, because they are new and less visible. During the early stages, many startups are so focused on establishing themselves and becoming visible, they might figure no one is paying attention anyway.

"Startups are incredibly vulnerable to cyberattacks in their first 18 months," said Brian Burch, vice president with Symantec, a security software company, at the time of the report. "If a business thinks that it's too small to matter to cybercriminals, then it's fooling itself with a false sense of security."

Additionally, cybercriminals often carefully pick their victims. For instance, it may depend upon the industry the start-up is in, as was outlined in this incident reported in September 2015.

In today's digital-centric world, security is a business process that can no longer be ignored or shrugged off as something to worry about later. If companies want to protect their assets, it's important to include security strategies right from the get-go as they develop their business plans. Security is a bit like insurance. You hope you don't ever need to use it, but if something happens, you'll be glad it was in place.