Improved visibility can stop hacks in their tracks

SMEs are especially “juicy targets” for cybercrime

Tom Allen
clock • 2 min read
Improved visibility can stop hacks in their tracks

“It’s kind of trite these days, but the rise in cybercrime make it a case of when, not if, you will be breached.”

That was the wince-inducing opening presented by Mark Winter, Vice President of Products at RapidFire Tools, on the second day of the Cybersecurity Festival last week. 

The UK government concluded that incidents of cyberattacks have risen 30% this year compared to 2021, and IT professionals need to be prepared to reduce this risk. 

Moreover, "It's not just big business." Nearly half of attacks - 43% - target SMEs, representing a massive spike: 150% over the last two years. And while small and mid-size firms are absorbing almost the same proportion of attacks as enterprise-scale companies, their resources are much more limited. 

SMEs are "juicy targets," warned Winter, for two reasons. First, they often rely on free or consumer-level security tools, rather than business-class security. Second, despite their small size they still hold a wealth of important data; many healthcare providers and insurers operate in the SME space, for example. 

On top of all that - as if you need any more to worry about - hackers have beefed up their attacks over the course of the pandemic, using "readily available" code and higher compute power. In fact, RapidFire Tools estimates that cybercrime has risen 600% since early 2020. 

At this point, after screaming a little bit, you're probably wondering: "Where should I start to beef up my security?" Luckily, Winter covered this next. 

"The NIST Cyber Security Framework is a great place to start. It has everything you need to do laid out for you, across five areas: Identify, Protect, Detect, Respond and Recover." These areas cover everything you should do, from basic (identify the information your business stores and uses and limit unnecessary access to it) to advanced, to defend yourself. 

Winter's final point was to emphasise the importance of monitoring and visibility. 

"How do you know your environment is safe if you're not monitoring it," he asked, "especially with the speed of technological change? Networks change constantly. You must know the weak links in your network to effectively protect it."

You can watch Mark's entire presentation below:

You may also like
The changing face of shadow IT

Security

Cloud, smartphones and the pandemic. How to maintain control over proliferating devices and services?

clock 17 May 2023 • 4 min read
Accidental exclusion exacerbating cyber's staffing problem

Careers and Skills

Many people who would excel in cybersecurity roles see no obvious way in, with those that do make it getting stuck in entry-level positions

clock 12 May 2023 • 4 min read
Former Head of Police National Cyber Crime Unit joins Cybersecurity Festival

Leadership

Charlie McMurdie spent 32 years in the Met and built the Police Central e-crime Unit

clock 29 March 2023 • 2 min read
Most read
01

'Microsoft Copilot is a gimmick', says top CIO

28 February 2024 • 2 min read
02
03
04

Cyber incident disrupts another UK university

25 February 2024 • 2 min read
05

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Threats and Risks

US, UK, Canada seek global coalition to combat state disinformation

US, UK, Canada seek global coalition to combat state disinformation

US, UK and Canada have endorsed a framework to tackle information manipulation

clock 27 February 2024 • 3 min read
LockBit re-emerges a week after takedown

LockBit re-emerges a week after takedown

'Damage control for the LockBit brand, a show of strength'

John Leonard
clock 26 February 2024 • 2 min read
Massive data leak exposes Chinese infosec vendor's cyberattacks-for-hire

Massive data leak exposes Chinese infosec vendor's cyberattacks-for-hire

Documents outline the use of hardware hacking devices, including a malicious power bank designed to surreptitiously upload data into victims' systems

clock 23 February 2024 • 3 min read