View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
In association with Sophos
  1. Technology
  2. Cybersecurity
April 5, 2023updated 12 Apr 2023 9:11am

The war in Ukraine has changed the cybercrime landscape. SMEs must beware

Cybersecurity-as-a-Service could be the boost that SMEs need to keep up with the latest threats.

By Claudia Glover

The war in Ukraine has rewritten the rulebook for cybersecurity, with organisations of all sizes, including SMEs, being pushed onto the front line, a webinar organised by Tech Monitor in partnership with Sophos has heard.

It’s not just big businesses that are on the cybersecurity frontline. (Photo by NicoElNino/Shutterstock)

Whereas previously, financial institutions and large global companies were in the firing line, the Ukraine war has made a target of most companies, as state-sponsored attackers care more about attention than dividends, the webinar, explained Jon Hope, senior technology evangelist at Sophos, during a Tech Monitor panel. The webinar, entitled Staying Ahead of the Hackers in 2023, a Case for Cybersecurity-as-a-Service, was told.

The webinar is available to watch in full and on demand. Simply register here to access it.

How the cybercrime landscape has changed

Jon Hope, senior technology evangelist at Sophos, told the event that not all attacks are financially driven.

“Because of the Ukrainian conflict and the fact that people are now using their cyber capabilities as a political and functional weapon in these kinds of situations, that rewrites the rulebook completely,” he said. “Now we see organisations being targeted not because they’re even remotely interested in making money, but because they can grab headlines.”

As cybercriminals are becoming less discriminant in who they attack, victims are multiplying, said Jessica Figueras, founder of cybersecurity governance platform Hither Strategy. “Today everyone is on the frontline, and that includes charities, schools and small businesses, which might well believe that they don’t really have very much value to cyber criminals,” she said.

The reality is that SMEs do have value for cybercriminals. As well as drawing attention to their cause, criminals attacking small businesses can amass huge amounts of data to create digital profiles of their victims, Hope explained.

“Criminals are building huge banks of synthetic identities which have been used in cyber fraud,” he said. This means that data can be sold to the highest bidder on the dark web, who often use it on the clear web to open bank accounts and apply for credit cards. Criminals can recycle the data into further campaigns to ensnare the target company’s customers with phishing attacks.

The growing importance of cybersecurity-as-a-Service

SMEs often do not have the resources to protect themselves appropriately against this level of threat, said Hope. “There’s no way that an SME could hope to stand up a security operation centre (SOC) and have people monitoring it 24 hours a day, seven days a week, which is really what you need to commit to if you’re going to do cybersecurity properly,” he says.

This is where the concept of Cybersecurity-as-a-Service comes in. Instead of each company needing to set up its own security structures from scratch, it can outsource to professionals who can implement appropriate protection.

“This is a great way of giving that capability without having to invest in all the people themselves,” Hope says. It also relieves companies of the need to find staff to maintain these systems. “You can just buy the service and concentrate on being the best bakery, the best manufacturing company, the best whatever it is that you do,” Hope adds.

This can help with the psychological health of tech teams as well, Figueras said. If cyber issues can be handled by a competent third-party, the risk of burnout can be dramatically decreased. “Managed services are arguably more sustainable because third-party vendors do have greater economies of scale,” she said. “They can cross-fertilise between customers, you know, and they can look after and upskill their workforces.”

Some companies may find that they are generating more data than they can handle, something else that can be outsourced using managed detection and response services, to help the workload of core employees, continues Figueras. “Teams are actually drowning in data,” she said. “There is no lack of data to analyse, there’s no lack of technology, but being able to find the right workforce mode to use what’s in place effectively, that’s really tough.”

To view the whole webinar on demand, simply register here

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.