19 Jun Embracing Cybersecurity: A Masterclass for Startups

In today’s digital age, cybersecurity has become a critical concern for businesses worldwide. This realiIn today’s digital age, cybersecurity has become a critical concern for businesses worldwide. This reality was emphasised during our Masterclass: A Journey into Cybersecurity, hosted by KPMG South Africa, featuring Gustav d’Assonville and Darren Lentz CA(SA). The event provided a comprehensive look at the importance of cyber-resilience, practical steps to enhance cybersecurity, and the broader implications for businesses, particularly startups.

The Growing Importance of Cyber-Resilience

South Africa consistently ranks among the top five countries in the world most targeted by cyber-attacks. In 2023 alone, the country experienced an average of 56 reported data breaches per month, with this number spiking to 162 in the first quarter of 2024. These statistics highlight the escalating threat landscape and the urgent need for businesses to enhance their cyber-resilience.

Cyber-resilience isn’t just a defensive strategy; it is a competitive advantage, particularly for startups. With 43% of all cyberattacks directed at companies with 100 employees or less, the stakes are incredibly high. Alarmingly, 60% of small businesses close their doors within six months of a cyberattack. Therefore, establishing a comprehensive cybersecurity framework can be the difference between thriving and going out of business.

Starting Your Cyber-Journey

Protecting your data begins with understanding the rapidly changing customer expectations. Consumers today demand quick, seamless, and secure digital interactions. This requires businesses to engage in rapid prototyping and functionality testing, ensuring that their solutions are both innovative and secure. As businesses scale, the need for more staff and services becomes evident. Partnerships can also play a crucial role in this expansion, helping to reduce costs and share the burden of cybersecurity. Embracing AI and digital transformation further drives efficiency and trust within the ecosystem, making it essential for businesses to stay ahead of the curve.

Building Blocks of Cyber-Security

KPMG outlined six critical components of a comprehensive cybersecurity strategy: Govern, Identify, Protect, Detect, Respond, and Recover.

1. Govern: Establishing and monitoring a cybersecurity strategy is the first step. This includes setting clear expectations and policies. Key actions involve adopting a cybersecurity standard, regularly reviewing and updating the plan, and raising employee awareness.

2. Identify: Businesses need to determine their current cybersecurity risks. This involves identifying the most valuable assets (the ‘crown jewels’) and the biggest threats. Effective asset management and continuous risk identification are crucial.

3. Protect: It is important for companies to implement safeguards to prevent or reduce cybersecurity risks. Key actions include using multi-factor authentication, keeping systems patched and up to date, and maintaining backups using the 3-2-1 rule (three copies, two different media types, one off-site).

4. Detect: Early detection of potential cyber-attacks is essential. This requires conducting regular audits, using intrusion detection systems, and monitoring logs and activities with dashboards.

5. Respond: Businesses must have a plan in place to respond to detected cybersecurity incidents. Developing an incident response plan, allocating ‘cyber marshals’, and regularly drilling the plan are key actions.

6. Recover: Finally, businesses need to restore operations and assets impacted by a cybersecurity incident. Developing a disaster recovery plan, conducting failover testing, and continuously improving processes are critical steps.

Application and Infrastructure Security

Application security includes practices such as using unique credentials and avoiding the storage of credit card information. Infrastructure security also plays a vital role, leveraging cloud or open-source solutions, implementing multi-factor authentication, and ensuring endpoints are protected with antivirus and encryption.

Case Study on Cyber-Maturity

This event featured a compelling case study illustrating the importance of cybersecurity. In the case study, two college friends started a rapidly growing, highly profitable business. However, a discrepancy in comfort levels regarding data protection between the CTO and CFO led to vulnerabilities. An Insecure Direct Object Reference (IDOR) test revealed access to sensitive product information and the ability to manipulate transaction details. The key lessons learned included the need for better code review processes and comprehensive team education on cybersecurity.

Broader Implications and Insights

The masterclass highlighted that companies with robust cybersecurity measures are 2.5 times more likely to attract venture capital investment. Additionally, startups can save an average of R950,000 per data breach by implementing sound cybersecurity practices. 87% of consumers are proven to prefer doing business with companies that have strong cybersecurity measures, underscoring the link between cybersecurity and customer trust. Effective cyber-resilience can provide startups with a significant competitive edge. Good governance, including transparent and robust cybersecurity policies, enhances investor confidence and client trust. This is particularly important in today’s digital ecosystem, where brand reputation is hard to earn and easy to lose.

Thanks to KPMG for providing valuable insights and practical steps for businesses to enhance their cyber-resilience. By embracing these strategies, businesses can not only protect themselves from cyber threats but also drive progress, foster innovation, and uplift communities.

This edition of Tech Tuesdays and Other Tales was supplied by Natalie Coon, current iXperience/Innovation City intern from Harvard University. Thank you Natalie!

ty was emphasised during our Masterclass: A Journey into Cybersecurity, hosted by KPMG South Africa, featuring Gustav d’Assonville and Darren Lentz CA(SA). The event provided a comprehensive look at the importance of cyber-resilience, practical steps to enhance cybersecurity, and the broader implications for businesses, particularly startups.

The Growing Importance of Cyber-Resilience

South Africa consistently ranks among the top five countries in the world most targeted by cyber-attacks. In 2023 alone, the country experienced an average of 56 reported data breaches per month, with this number spiking to 162 in the first quarter of 2024. These statistics highlight the escalating threat landscape and the urgent need for businesses to enhance their cyber-resilience.

Cyber-resilience isn’t just a defensive strategy; it is a competitive advantage, particularly for startups. With 43% of all cyberattacks directed at companies with 100 employees or less, the stakes are incredibly high. Alarmingly, 60% of small businesses close their doors within six months of a cyberattack. Therefore, establishing a comprehensive cybersecurity framework can be the difference between thriving and going out of business.

Starting Your Cyber-Journey

Protecting your data begins with understanding the rapidly changing customer expectations. Consumers today demand quick, seamless, and secure digital interactions. This requires businesses to engage in rapid prototyping and functionality testing, ensuring that their solutions are both innovative and secure. As businesses scale, the need for more staff and services becomes evident. Partnerships can also play a crucial role in this expansion, helping to reduce costs and share the burden of cybersecurity. Embracing AI and digital transformation further drives efficiency and trust within the ecosystem, making it essential for businesses to stay ahead of the curve.

Building Blocks of Cyber-Security

KPMG outlined six critical components of a comprehensive cybersecurity strategy: Govern, Identify, Protect, Detect, Respond, and Recover.

1. Govern: Establishing and monitoring a cybersecurity strategy is the first step. This includes setting clear expectations and policies. Key actions involve adopting a cybersecurity standard, regularly reviewing and updating the plan, and raising employee awareness.

2. Identify: Businesses need to determine their current cybersecurity risks. This involves identifying the most valuable assets (the ‘crown jewels’) and the biggest threats. Effective asset management and continuous risk identification are crucial.

3. Protect: It is important for companies to implement safeguards to prevent or reduce cybersecurity risks. Key actions include using multi-factor authentication, keeping systems patched and up to date, and maintaining backups using the 3-2-1 rule (three copies, two different media types, one off-site).

4. Detect: Early detection of potential cyber-attacks is essential. This requires conducting regular audits, using intrusion detection systems, and monitoring logs and activities with dashboards.

5. Respond: Businesses must have a plan in place to respond to detected cybersecurity incidents. Developing an incident response plan, allocating ‘cyber marshals’, and regularly drilling the plan are key actions.

6. Recover: Finally, businesses need to restore operations and assets impacted by a cybersecurity incident. Developing a disaster recovery plan, conducting failover testing, and continuously improving processes are critical steps.

Application and Infrastructure Security

Application security includes practices such as using unique credentials and avoiding the storage of credit card information. Infrastructure security also plays a vital role, leveraging cloud or open-source solutions, implementing multi-factor authentication, and ensuring endpoints are protected with antivirus and encryption.

Case Study on Cyber-Maturity

This event featured a compelling case study illustrating the importance of cybersecurity. In the case study, two college friends started a rapidly growing, highly profitable business. However, a discrepancy in comfort levels regarding data protection between the CTO and CFO led to vulnerabilities. An Insecure Direct Object Reference (IDOR) test revealed access to sensitive product information and the ability to manipulate transaction details. The key lessons learned included the need for better code review processes and comprehensive team education on cybersecurity.

Broader Implications and Insights

The masterclass highlighted that companies with robust cybersecurity measures are 2.5 times more likely to attract venture capital investment. Additionally, startups can save an average of R950,000 per data breach by implementing sound cybersecurity practices. 87% of consumers are proven to prefer doing business with companies that have strong cybersecurity measures, underscoring the link between cybersecurity and customer trust. Effective cyber-resilience can provide startups with a significant competitive edge. Good governance, including transparent and robust cybersecurity policies, enhances investor confidence and client trust. This is particularly important in today’s digital ecosystem, where brand reputation is hard to earn and easy to lose.

Thanks to KPMG for providing valuable insights and practical steps for businesses to enhance their cyber-resilience. By embracing these strategies, businesses can not only protect themselves from cyber threats but also drive progress, foster innovation, and uplift communities.

This edition of Tech Tuesdays and Other Tales was supplied by Natalie Coon, current iXperience/Innovation City intern from Harvard University. Thank you Natalie!