In the fast-paced world of startups, success can hinge on a single vulnerability, as demonstrated by recent events in the proptech sector. David Rose, managing partner at Rose Tech Ventures, shared a cautionary tale during a panel at Cybertech NYC, highlighting the rise and fall of two startups with similar business models. One company, which Rose had invested in, aimed to revolutionize the rental market by allowing users to pay their rent with credit cards to build credit. However, this innovative idea was derailed when scammers exploited fake buildings and credit cards, leading to the company’s demise.
On the other hand, a protege of Rose’s had a similar concept but prioritized security measures, ultimately leading to success and growth. The stark difference in outcomes underscored the growing threat that cyber attacks pose to startups, forcing investors and founders to rethink their approach to cybersecurity.
The recent onslaught of cyber attacks from the Chinese advanced persistent threat (APT) known as Volt Typhoon has targeted critical infrastructure providers worldwide, including military organizations. However, the APT shifted its focus to a different type of target: a startup. Versa Networks, known for its secure access service edge (SASE) software-as-a-service offering, fell victim to a vulnerability in its software-defined wide area networking (SD-WAN) technology. This breach allowed Volt Typhoon to exploit a web shell and compromise several Versa customers in the United States and India.
Startups like Versa Networks and Verkada, a security camera firm fined by the FTC for failing to secure customer cameras, are particularly vulnerable to cyber attacks. These companies, often operating on limited budgets, may prioritize growth and innovation over cybersecurity, leaving them exposed to threats. The allure of rapid growth and disruptive ideas can sometimes come at the cost of neglecting fundamental security measures.
As the landscape of cybersecurity evolves, founders and investors are increasingly recognizing the need to prioritize security from the early stages of a startup. While established companies allocate resources towards cybersecurity as they grow, startups face unique challenges in balancing innovation with risk mitigation. Bob Ackerman of AllegisCyber emphasizes the importance of timing in addressing cybersecurity concerns, noting that as startups mature, the consequences of overlooking security become more severe.
Investors are also playing a crucial role in nudging startups towards prioritizing cybersecurity. Due diligence processes now include assessments of cybersecurity readiness, prompting founders to consider security measures more seriously. Companies that demonstrate a comprehensive cybersecurity plan are more likely to attract investment and build trust with potential stakeholders.
Despite the growing awareness of cybersecurity risks, startups continue to face obstacles in implementing robust security measures. Limited budgets and the pressure to deliver results quickly can deter founders from investing in cybersecurity early on. However, as cyber threats become more sophisticated and pervasive, the importance of safeguarding sensitive data and systems cannot be overstated.
In an increasingly digital world, the success and longevity of startups depend on their ability to adapt to evolving cybersecurity threats. By incorporating security measures into their business strategy from the outset, startups can mitigate risks, build resilience, and secure a solid foundation for growth and innovation. As the story of these two startups illustrates, the line between success and failure in the startup world is often drawn by the level of preparedness for cyber threats.