New companies have to be security-savvy, but also scrappyOne of the questions I frequently ask startup founders is how much theyre spending on security.
Unsurprisingly, everyone has a different answer.Startups and small companies are invariably faced with the prospect that theyre either not spending enough or are spending too much on something thats hard to quantify in terms of value.
Its a tough sell to sink money into an effort to stop something that might one day happen, particularly for bootstrapped startups that must make every cent count yet were told security is a crucial investment for a companys future.Sorry to break it to you, but there is no easy answer.The reality is that each company is different and there is no single recommended dollar amount to spend.
But its absolutely certain that some investment is required.
We know because we see a lot of security incidents here at A Technology News Room hacks, breaches and especially data exposures, often a result of human error.We spoke to three security experts a head of security, a security entrepreneur and a cybersecurity fellow to understand the questions facing startups.Know and understand your threat modelEvery company has a different threat model by that, we mean identifying risks and possible ways of attack before they happen.
Companies that store tons of user data may be a greater target than companies that dont.
Each firm needs to evaluate which kind of risks they face and identify weaknesses.