The war in Ukraine has rewritten the rulebook for cybersecurity, with organisations of all sizes, including SMEs, being pushed onto the front line, a webinar organised by Tech Monitor in partnership with Sophos has heard.
Whereas previously, financial institutions and large global companies were in the firing line, the Ukraine war has made a target of most companies, as state-sponsored attackers care more about attention than dividends, the webinar, explained Jon Hope, senior technology evangelist at Sophos, during a Tech Monitor panel. The webinar, entitled Staying Ahead of the Hackers in 2023, a Case for Cybersecurity-as-a-Service, was told.
The webinar is available to watch in full and on demand. Simply register here to access it.
How the cybercrime landscape has changed
Jon Hope, senior technology evangelist at Sophos, told the event that not all attacks are financially driven.
“Because of the Ukrainian conflict and the fact that people are now using their cyber capabilities as a political and functional weapon in these kinds of situations, that rewrites the rulebook completely,” he said. “Now we see organisations being targeted not because they’re even remotely interested in making money, but because they can grab headlines.”
As cybercriminals are becoming less discriminant in who they attack, victims are multiplying, said Jessica Figueras, founder of cybersecurity governance platform Hither Strategy. “Today everyone is on the frontline, and that includes charities, schools and small businesses, which might well believe that they don’t really have very much value to cyber criminals,” she said.
The reality is that SMEs do have value for cybercriminals. As well as drawing attention to their cause, criminals attacking small businesses can amass huge amounts of data to create digital profiles of their victims, Hope explained.
“Criminals are building huge banks of synthetic identities which have been used in cyber fraud,” he said. This means that data can be sold to the highest bidder on the dark web, who often use it on the clear web to open bank accounts and apply for credit cards. Criminals can recycle the data into further campaigns to ensnare the target company’s customers with phishing attacks.
The growing importance of cybersecurity-as-a-Service
SMEs often do not have the resources to protect themselves appropriately against this level of threat, said Hope. “There’s no way that an SME could hope to stand up a security operation centre (SOC) and have people monitoring it 24 hours a day, seven days a week, which is really what you need to commit to if you’re going to do cybersecurity properly,” he says.
This is where the concept of Cybersecurity-as-a-Service comes in. Instead of each company needing to set up its own security structures from scratch, it can outsource to professionals who can implement appropriate protection.
“This is a great way of giving that capability without having to invest in all the people themselves,” Hope says. It also relieves companies of the need to find staff to maintain these systems. “You can just buy the service and concentrate on being the best bakery, the best manufacturing company, the best whatever it is that you do,” Hope adds.
This can help with the psychological health of tech teams as well, Figueras said. If cyber issues can be handled by a competent third-party, the risk of burnout can be dramatically decreased. “Managed services are arguably more sustainable because third-party vendors do have greater economies of scale,” she said. “They can cross-fertilise between customers, you know, and they can look after and upskill their workforces.”
Some companies may find that they are generating more data than they can handle, something else that can be outsourced using managed detection and response services, to help the workload of core employees, continues Figueras. “Teams are actually drowning in data,” she said. “There is no lack of data to analyse, there’s no lack of technology, but being able to find the right workforce mode to use what’s in place effectively, that’s really tough.”