What Should Every Startup Founder Know About Cybersecurity? Two Industry Experts Weigh In
When you hear the word “cybersecurity”, most likely you think of large corporations or government entities investing tens of millions of dollars in firewalls, DNS filtering systems, antivirus software, and other security protocols to protect their networks from potential malicious attacks or data leaks. You think of large in-house cybersecurity teams with extensive knowledge of how to deploy the latest technology to foil hackers and keep corporate information safe. But the reality is, cybersecurity impacts every company—from the smallest mom-and-pop online storefronts to emerging startups to the largest multinationals. At GGV’s recent fifth-annual Evolving Enterprise event, I recently had the pleasure of speaking with two cybersecurity powerhouse experts, Michelle Zatlyn, co-founder and COO of Cloudflare, and Rinki Sethi, VP and CISO at Twitter, about the practical ways startup founders can tackle tough security issues. Here are some tips they gave to entrepreneurs during our conversation.
Make security a company-wide priority.
Security used to be seen as a sort of expert’s club, but now it’s the concern of everyone in a company. Today, security has permeated into every department, whether that’s the marketing, development, sales, engineering, finance, or HR. Every person is impacted in a company if there’s a security breach, so every person should be aware of the issues and what they need to do to protect themselves, their department, their employees, and the entire company. For example, developers should have a mindset of “I should write code that’s unbreachable” and marketing teams should always check with the security team before using a third-party app or buying ads on a network. For entrepreneurs starting a company today, you have to understand the ABCs of security. And it's actually not that hard; just turn to experts and say, “OK, teach me the basics.” — Michelle Zatlyn
Hire a CISO early on.
If you hire a CISO early on, you’ll save yourself a lot of money and stress later, because you have an individual whose entire job is to think about risks all day long. A CISO should ideally be one of your early hires. That is unfortunately not very common, but I think more startups are beginning to see the importance of putting security first, with so many breaches getting covered in the media. They realize if they have a breach, it will cost their company a lot in terms of lost revenue, momentum, and customers, and could ever permanently damage their business. — Rinki Sethi
Start with the basics.
Every founder is pulled in a million different directions and security can fall on the back burner, but you can take steps from day one to get it right. Almost every company today is selling a product or service that involves the internet, whether you just have a website or are building a SaaS application, so step one is to protect your connection to the internet. You can't be naked on the internet; you need some digital armor, and those basics are a web application firewall and DDoS protection. You can get this level of protection for about $20 a month. As you grow, you can tackle the next three important legs of security: bot detection and management, internal and external breach detection and response, and, finally, really good security hygiene baked into your development practices. — Michelle Zatlyn
Build security into your products.
COVID fueled innovation in the security space because suddenly there was a great awareness of protecting company networks with everyone working at home. They needed the same protection before, but the vulnerability really came to light when companies sent everyone home from the office. And one of the trends that came out of COVID is that new security applications are emerging that are targeted at developers, so they can build security directly into the platforms they’re building. Security used to be about protecting what you already had, but now I see security being baked into your development from day one, being part of your offering. — Rinki Sethi
Product marketing & lead gen for rapid-growth startups & scale-ups. Former Gartner analyst. Backed by AI, analytics, cybersecurity, DevSecOps & MarTech expertise.
3 年Hi Oren Yunger Thanks for sharing. I have noticed that while there is more attention paid now to security by startups -- including DevOps observability teams that now add security monitoring for a broader DevSecOps or SecDevOps view -- often startups have a poor approach to governing cybersecurity. For example, when Zoom was challenged by many security concerns at the start of the pandemic, their organizational structure was the head of security reported to the chief lawyer who reported to the CEO. Not exactly a best practice, but far from being uncommon among startups.
C Suite Professional | Mentor | Advisor | Investor | Ex CEO @ Birla | Ex @ Tata | Advisor | Handholding Startups to Scale and Raise Funds
3 年Pertinent and important Oren Yunger . Interesting insights. Thank you ??. Cyber security is a fundamental when we develop our product and services at Andromeida . Blessed to have the best resources in the founding team.
Best comment I thought of the session with Rinki and Michelle was when Michelle said towards the end, "Hackers don't hack in, they log in." So simple, yet so important.