­
Building A Security Program For Startups Preventing And Responding To Cyber Breach - All Articles - CISO Platform

 

 

Breaches and hacks have become almost an everyday affair. Cybersecurity teams of large companies are working with an army of Cybersecurity tools and specialists to test and defend, but medium-size companies and startups are getting hit hard. It is imperative for the startup community to come to terms that any breach is a significant brand/image and confidence issue with customers, partners, and investors.  Without the luxury of a large cybersecurity budget, what is the bare minimum that needs to be done to have a proper Cybersecurity Program in place?

As part of our Cybersecurity series, CISO Platform, The Indus Entrepreneurs(TiE), Bharat Innovation Fund and CIIE.co  collaborated to bring together a discussion specific to Building such a security program for startups.

Our panel was moderated by Madhurima Agarwal, Director, NetApp and the speakers were Vijayendran Sridharan, CISO, Capillary, Ravikiran Annaswamy, CEO, Numocity, Sunando Bhattacharya, CEO, IndiQus, and Ananth Ms, CISO, FireCompass. 

 

Challenges Faced By Startups In The Security Space 

 

  1. The problem of invisibility in the system where the management or the IT team doesn’t know which assets are put up in the cloud. This in turn makes the cloud server vulnerable to attacks from threat actors. 
  2. The problem of physical security is persistent. Where a lot of people who join startups but happen to leave early but take the source code of the company along. 
  3. Security is not the number one problem that start-ups look at when they are starting the business, and incorporating the security programs later into the system becomes a challenge. 
  4. There are data that is sitting in the customer end that the startups need to protect too. So the security program needs to be designed in a way that both your and the customer data stays protected. 
  5. Developers do not let go of access keys to their codes and put it up on git hub. This is a potential threat to any business as there are bots to find these access keys and manipulate them. 
  6. There is no understanding of the asset inventory. And most startups do not test their assets. 

 

Suggestions To The Start-Ups

 

  1. Ananth mentions most startups look at fitting security for the product in the end and that makes things complicated. While start-ups are about giving people freedom, whether they want to work remotely etc, there need to be restrictions on access. Cloud offers restrictions, so one needs to use them If the start-up does not have the budget to invest in an enterprise solution to manage asset inventory or do continuous testing, about 40% of the risk can be mitigated just by deciding who has access to what. 
  2. Sunando talks about role-based access control where people with certain roles have access to only certain things. This should be a policy and it’s the most inexpensive way to mitigate risk.
  3. There has to be clear communication with customers as well because many times even the customers have access to company data. So audit sessions can be conducted to know who is changing what in the cloud. 
  4. Encrypt all your data 
  5. Vijayendra suggests that very early-stage startups can use freelance security professionals to write security codes for you that will help you with testing.
  6. Sunando and Ravi stress the point of adding security as a part of the appointment letters so that people who are hired are careful about managing the data they are working on from the start. 

 

Is There A Right Time To Start Thinking About Security?

 

Sunando mentions that as a start-up when one is building the product, they are not under the radar for the hackers. But the moment the product goes into the market, security should be taken seriously because this is when your business will come under the radar. 

Ananth adds that security should be there by design, it is difficult to think about security once the product is out in the market. Many a time it becomes like chalk and cheese and it doesn’t fit. So one needs to think about security right from the start. 

Vijayendran mentions there is no right time to think about security, it depends on the nature of one’s business, whether it’s b2b or b2c. The geography one is operating in is also important, different countries have different rules related to data security that one needs to comply with. There is basically no binary response to this question. 

The session closed on a common note that startups need to think about security right from the start of designing the product and not as a last resort. 

 

Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events