Is there some kind of saturation point after which we can say: finally, the number of cyberattacks has stopped growing?
In my opinion, two factors will lead to the saturation point. The first is when attacks are combated at the network level. Last year, this was easier to do, since all traffic from abroad was simply blocked. Now they are attacking from within the country, since they rent capacities from domestic providers or place their servers in Russian data centers, and blocking all foreign IPs is no longer enough. Here, decryption and analysis of all traffic, identification of potentially dangerous requests and only then automatic blocking of the sender's address will be required. Such measures will require large resources, can lead to blocking of legal users and significantly slow down the network and various services.
The second is that while hacks are possible with little effort, their number will grow. The saturation point will be the moment when the most mass segment of cybercriminals no longer has the qualifications to successfully attack small and medium-sized companies. Experienced hacker groups are usually not interested in such companies.
of cyber threats, how important is it for businesses to effectively manage cyber risks?
Each organization has its own set of cyber risks. For example, for company A, an attack on a telephony server will go almost unnoticed, because communication with clients is bahamas mobile database in messengers, and requests from the site are distributed through CRM. For company B, such an attack will lead to lost profits: the work of the call center, which receives and processes most of the orders, will stop.
It seems obvious that the damage to company B would be more significant. But company A's telephony server has a second network interface that looks directly into the local network. The attackers gained full access to company A's infrastructure and encrypted everything completely. But company B continued its work less than a day later, because their telephony server could not be used as a springboard for developing an attack.
The criticality of threats should be assessed in terms of the amount of losses that the organization will suffer. And based on this, build a cyber risk management strategy.
Changing legislation is also pushing the market in the right direction. Within the framework of the Decree of the President of Russia dated May 1, 2022, No. 250, specialized managers are appearing in systemically important organizations, whose task is to establish an information security management system. Yes, it will take several more years to achieve some tangible result. But attention is beginning to be paid to issues of IT infrastructure protection one way or another. Best practices and success stories are already being formed. Positive examples are spreading throughout the information security market one way or another. Ultimately, this is definitely beneficial.