Become a member
Become a member
Cyber Security For Startups Risks, Hacks And Solutions

Cyber Security for Startups: Risks, Hacks and Solutions

Cyber security has become a defining pressure point for startups in 2025. Attackers have shifted tactics, identity has overtaken networks as the primary attack surface and AI driven phishing is growing at an alarming pace. In a recent Swiss Startup Association webinar, Matthias Naber, CTO and Partner at care4IT, Adem Bilican, Co-Founder and CTO of Relai and Roger Ellenberger, Co-Founder and CTO of hypt shared what they see in the field every day. Their combined perspectives reveal a landscape where small oversights lead to large consequences and where fast moving teams must rethink how they protect themselves.

Securing Identity and 2FA

The traditional concept of a “secure perimeter” has vanished. As Matthias pointed out, attackers today rarely spend time on complex zero-day exploits; instead, they simply log in using stolen credentials or misconfigured API keys. Identity has become the new perimeter, and with 56% of attackers using legitimate login methods, the danger is often hidden in plain sight.

The panel highlighted a particularly alarming trend: the rise of 2FA man-in-the-middle attacks. Traditional two-factor authentication, such as SMS codes or basic authenticator apps, is no longer sufficient to stop modern phishing. In one recent case, a 25-person startup in Zurich saw its entire Microsoft 365 admin account compromised through a single session-hijacking attack. This allowed the attacker to move data and even issue fake payment instructions from within the system.

To counter this, the experts recommend moving toward phishing-resistant authentication like FIDO2 tokens or passkeys. These methods bind the login to the physical device, making it nearly impossible for an external attacker to intercept the credentials.

Lessons from the CTO Perspective

For technical founders, the challenge is balancing security with speed. Adem shared how they handle this by using “native” code for critical encryption tasks. While their app uses hybrid frameworks for most features to save time, the sensitive parts – like private key storage – rely on the secure enclaves provided by Apple and Google. This ensures that even if Relay itself were compromised, the users’ funds would remain under their own self-custody.

Roger offered a more pragmatic view for early-stage teams. He noted that in the beginning, a founder’s job is often to be the “annoying one” who insists on basic hygiene. This means mandating password managers, ensuring laptops are patched, and avoiding the urge to build custom authentication systems from scratch. Using established players like Google or Microsoft for business infrastructure is often the smartest move for a lean team, as it leverages their massive security budgets.

Practical Steps for Founding Teams

Security does not have to be expensive to be effective. The panel suggested a hierarchy of needs for startups:

  • Master the Basics: Start with a centralized password manager and enforce MFA across every service.
  • Manage Devices: Ensure that every laptop used for work has a clear security policy and receives automated updates.
  • Data Minimization: Use role-based access to ensure that only the employees who absolutely need sensitive data can see it.
  • Plan for Response: Most ransomware attacks happen outside of office hours. Having a tested backup and a basic incident response plan can be the difference between a temporary setback and a total business failure.

Final Thoughts

Cyber security today is less about “hacks” and more about understanding people and processes. Whether you are a fintech startup protecting private keys or a SaaS platform managing customer data, the fundamentals remain the same. By focusing on identity, automating your updates, and trusting established frameworks, you can protect your runway while you focus on growth.

Catch the full webinar replay! Visit our Education Session Library to watch the full session – free for all Swiss Startup Association members

Not a member yet? Explore our membership benefits and join the community that empowers Swiss startups.

Don’t miss out on the latest news and events. Subscribe to our newsletter and stay up to date.

Back to the top
Back
News

Other, related articles you may like

Data Sovereignty A Current Swiss Imperative In The Digital Age
Protected: Data Sovereignty: A current Swiss Imperative in the Digital Age
Read more
Building The Product Without Wasting Time, Money, Or Momentum
Building the Product Without Wasting Time, Money, or Momentum
Read more
Managing Shareholders’ Agreements
How Startups Should Navigate Shareholders’ Agreements
Read more

We use cookies to make our website user-friendly and reliable; this includes measuring performance and reach.
Further information can be found in our Privacy Policy.

Become a member today

Join us as a member and enjoy various benefits that will take your startup to the next level!

Join the movement!