“It’s kind of trite these days, but the rise in cybercrime make it a case of when, not if, you will be breached.”
That was the wince-inducing opening presented by Mark Winter, Vice President of Products at RapidFire Tools, on the second day of the Cybersecurity Festival last week.
The UK government concluded that incidents of cyberattacks have risen 30% this year compared to 2021, and IT professionals need to be prepared to reduce this risk.
Moreover, "It's not just big business." Nearly half of attacks - 43% - target SMEs, representing a massive spike: 150% over the last two years. And while small and mid-size firms are absorbing almost the same proportion of attacks as enterprise-scale companies, their resources are much more limited.
SMEs are "juicy targets," warned Winter, for two reasons. First, they often rely on free or consumer-level security tools, rather than business-class security. Second, despite their small size they still hold a wealth of important data; many healthcare providers and insurers operate in the SME space, for example.
On top of all that - as if you need any more to worry about - hackers have beefed up their attacks over the course of the pandemic, using "readily available" code and higher compute power. In fact, RapidFire Tools estimates that cybercrime has risen 600% since early 2020.
At this point, after screaming a little bit, you're probably wondering: "Where should I start to beef up my security?" Luckily, Winter covered this next.
"The NIST Cyber Security Framework is a great place to start. It has everything you need to do laid out for you, across five areas: Identify, Protect, Detect, Respond and Recover." These areas cover everything you should do, from basic (identify the information your business stores and uses and limit unnecessary access to it) to advanced, to defend yourself.
Winter's final point was to emphasise the importance of monitoring and visibility.
"How do you know your environment is safe if you're not monitoring it," he asked, "especially with the speed of technological change? Networks change constantly. You must know the weak links in your network to effectively protect it."
You can watch Mark's entire presentation below: