While highlighting the importance of ensuring proper cybersecurity facilities in a company's operations, Prashant Pitti, co-founder, EaseMyTrip revealed how the company was close to winding up its operations after it was hit by a cyberattack in 2008, the company's formative days.
Speaking at the Moneycontrol Startup Conclave held in Bengaluru on July 7, Pitti said, "During the initial phase itself (in 2008), there was a security breach at EaseMyTrip. We were almost at the cusp of shutting down in the first two months of our existence by losing 20-26 lakhs in that."
"We were extremely naive towards the data engineering and security in the beginning. And at that time, we were like, What were we doing? Should I get back to my job? Should I call my boss and say that I'm really sorry, please get me back? But sanity or insanity prevailed, and we decided that we will never let this happen again in the company. Since then, there has been no security data breach in the organisation in the last 15 years," Pitti explained.
Pitti was speaking on the panel 'Securing Digital India - Why Data Security and Observability are Vital', along with Vinay Inamdar, director-strategic enterprise and digital natives, Cisco Commerce India and Goutam Kurumella, senior manager, startup solution architecture, AWS India.
The EaseMyTrip co-founder says that employees have to know the entire (security) architecture, be very accountable, minimise data sharing and so on. "Because security breach does not just happen at the API level, but also at the human level," he added.
Cisco Commerce India's Vinay Inamdar warned that in the startup ecosystem, the obsession behind ensuring speed in operations may lead to taking shortcuts, which ultimately can open doors for vulnerabilities to creep in.
For that, Inamdar said that startups need to take decisions from the DevSecOps (development, security, and operations) perspective.
"Today when we talk to most organisations, we hear that they want to build in DevSecOps into the CI CD pipeline (a practice focused on improving software delivery throughout the software development life cycle via automation)," Inamdar said.
"That will ensure that the right code is written at the right time to deliver the right experience with the right security; otherwise, you're gonna miss out on one of these parameters and suffer later," he added.
AWS India's Goutam Kurumella said that startups need to have capabilities to identify cyber-security incidents and then investigate them.
"You need to have a bunch of capabilities to identify or detect or sniff some of the events so that you can actually investigate the issues. All right, identify the root cause, but at the same time have or build capabilities that you can use it for remediation," Kurumella said.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
