Digitally Speaking
series of padlocks on brick wall, data privacy related words on the rights side

Tim Wadey
January 28, 2018

Data Privacy on the spotlight!

Data Privacy Day may not be an official holiday for your IT department, but it definitely should remind you that you need to focus and do more to protect confidential data.

The Data Privacy Day was first introduced in 2009 by the Online Trust Alliance (OTA) in response to the increasing number of cybersecurity attacks and data privacy breaches, emphasising the need for effective data protection regulations and transparent processes for collecting and using personally identifiable information (PII).

Examples of PII that fall under data protection regulations are:
• Name;
• Social Security number, full and truncated;
• Driver’s license and other government identification numbers;
• Citizenship, legal status, gender, race/ethnicity;
• Birth date, place of birth;
• Biometrics;
• Home and personal cell telephone numbers;
• Personal email address, mailing and home address;
• Security clearance;
• Financial information, medical information, disability information;
• Law enforcement information, employment information, educational information

If one considers the sources that PII can be collected from and how many new are added on a daily basis – big data, the internet of things, wearable technology – it is easy to understand why data privacy has become increasingly challenging. And let’s not forget the ransomware attacks, which are the latest major data privacy challenge.

Despite the size of the recent ransomware attacks, the majority of organisations still don’t have structured processes in place to prepare themselves and keep confidential data safe. Although there are effective steps for protection against ransomware threats, their number has significantly increased and companies delay to announce in fear of negative publicity.

In order to stop such actions from happening and improve the current data privacy practices, the European Union is introducing the General Data Protection Regulation (GDPR) taking effect in May 2018. This is the biggest shake up of data protection laws in the last 20 years.

What is GDPR?

GDPR is the latest set of regulation law framework across the EU that aims to increase data privacy for individuals, and gives regulatory authorities greater power to take action against businesses that breach the new data privacy laws. GDPR also introduces rules relating to the free movement of personal data within and outside the EU.
In particular, GDPR involves:
• Obtaining consent for processing personal data must be clear and must seek an affirmative response.

• Data subjects have the right to be forgotten and erased from records.

• Users may request a copy of personal data in a profile format.

• Parental consent is required for the processing of personal data of children under the age of 16.

As a result, organisations need to be extremely aware of these changes as they can face very strict fines in the cases of non-compliance. Can your organisation afford to be fined up to £20 million for failing this data privacy regulation or 4% of annual global revenue, as required by the new General Data Protection Regulation?

 

24% are unaware of the incoming data protection legislation, while one in three companies believe that GDPR isn’t relevant to them.*

Get Started with a GDPR Readiness Assessment

In response to the fast approaching data protection regulation, Logicalis UK Advisory Services team have developed a GDPR Readiness Assessment that will allow us to help you understand and frame your thoughts on your journey to compliance.

The Logicalis GDPR Readiness Assessment will help you answer a key question – Where am I on my journey to data privacy compliance, today? By investigating elements of your organisational landscape, we will produce an ‘as is’ assessment, where we will be able to gauge where you are on a standardised maturity curve, considering all things around cybersecurity and data protection.

Get in touch with our Advisory Services to discuss how we can help you in your journey to GDPR Readiness.

 

 

*London Chamber of Commerce and Industry, https://www.londonchamber.co.uk/news/press-releases/one-in-four-london-businesses-unaware-of-new-data/ 

man working with servers, IT gear

Dean Mitchell
January 18, 2018

In the previous blog post on Capacity Management, we explored why IT projects fail and what you can do to prevent it.  What is even more important is to understand why, when it comes to securing your business, product alone isn’t the answer.

 Ransomware, data breaches, insider threats, phishing scams… we’ve all seen the headlines. And, although these words, once reserved for IT departments, are becoming a part of everyday vocabulary, that doesn’t make them any less concerning. They have the power to derail your entire business- everything that you’ve built- within seconds.

Nowadays, cybercrime is big business, and you can guarantee that for every security solution churned out by vendors, someone, somewhere is creating a brand new malicious code to target other vulnerabilities you didn’t even know existed within your organisation. Add to that modern working habits, with more and more businesses needing to adopt cloud and IoT for day-to-day operations, to keep up with their competitors, but subsequently increasing the potential attack surface, and you soon see that organisations are under siege from all angles.

To state the obvious; cybersecurity is no longer optional.

And this is something that all CIOs are more than aware of. In fact, in our 2017 global CIO Survey, security was cited as the number one concern when it came to an increase in the use of cloud services, with 70% of respondents citing it as a challenge.

So the problem is common knowledge, but what’s the solution?

Well, if your automatic answer is ‘by investing in security products’, then you’re not alone. Many business leaders define ‘security strategy’ as lots of different solutions coming together to work as one protective shield. Each solution is built to defend against a single threat vector, so various email, cloud and web products all become separate pieces of a much larger security puzzle.

Given the sheer volume of security products readily available, it’s no surprise that this puzzle doesn’t come cheap and that certain pieces aren’t as effective as others. But, surely the more products you deploy- effective or otherwise- the more significant your overall security capabilities and the better the protection for your organisation. After all, it’s better to be safe, and slightly out of pocket, than sorry… right?

 It’s an easy trap to fall into.

In reality, a growing number of point solutions patched together is no longer an effective strategy. Instead, this method compounds complexity and creates the very vulnerabilities that it is meant to be mitigating against.

This is because security devices raise an alert for each threat that they detect- that’s how they work. And when you have multiple tools in place, each detecting multiple threats, the chances are that alerts will be going off almost constantly. This is fine; it shows that the solutions are working.

But, it’s unlikely that a single organisation will have the manpower needed to deal with each alert simultaneously. Instead, overwhelmed and underresourced IT teams will probably try to prioritise and as a result many of the alerts, and therefore threats, are ignored, making your organisation vulnerable.

So, when it comes to protecting your business, spending thousands and thousands of pounds worth of your budget on product alone is futile. It’s clear that the ‘best of breed approach’ has had its day, with an increasing number of organisations coming to the realisation that it’s not about how many solutions you have in place, it’s about how you’re using them.

 A problem shared is a problem halved

To simplify things, you can strip your security strategy back to three key areas that all need to be done well; threat insight, vulnerability management and managed endpoint security.

Then, you need to make sure that the solutions you have within these areas are being used correctly. The easiest way to do this, and to make the most out of your resources, is to undertake a collaborative approach.

Take the heat off your own IT team and share the security burden with a partner who can help you to plug the gaps with managed solutions like:

–       Managed SIEM/SIRM- A Security Incident Event Management service working in conjunction with a Security Incident Response Management service will provide optimal threat insights. It will solve the biggest and longest headache for your internal IT team- the one that began when you started installing security solutions… External engineering teams will analyse and, effectively, filter the never-ending stream of alerts so that, before they even reach your team, they are prioritised in terms of risk to your business and have clear actions on how to stop them in their tracks.

–       Patch management- By combining patch management services with existing vulnerability scanning in a single service you can achieve optimal vulnerability management. Believe it or not, this service will fill any gaps in your security wall automatically. This is because networks will be regularly scanned for vulnerabilities with any intel gathered then being rolled into a patching program. Obviously, this will significantly reduce the time between when a vulnerability is identified and when it is patched.

 –       Security device management- This incorporates all endpoint security, including antivirus solutions, firewalls and device control, as a single managed service. Delivered via software on laptops, desktops and servers, the service can also detect rogue devices attaching to the network and provide web filtering.

The bottom line is that cybersecurity is not about product. It’s about people, processes and technology working coherently to manage risk and protect your organisation. Often, working collaboratively with providers who can manage your security can be the better option. They will have the resourcing and the skillset to help you deal with any potential threats, while offering more peace of mind.

Today, a third of CIOs see security as the most prominent barrier towards digital transformation. Outsourcing can change that by granting your internal IT teams the gift of time… time that can be used to pursue other areas of your business’ IT strategy.

Talk to us to find out how we can help you.

 

Originally posted on CBR, 21 November 2017

 

Category: Security

Alastair Broom
December 13, 2017

Ransomware is a hot topic at the moment and the “attack du jour” for cybercriminals.   The code is easy to obtain and campaigns simple to execute thanks to the industrialised infrastructure that supports it.  The result – a rapidly growing market that is already estimated to be worth in excess of $1 billion.

Criminal gangs provide “ransomware as a service” with everything from code provision through to the monetisation of the attack making it easy to both execute and profit from.  Other types of cyber-attacks may involve complex, time-consuming or risky steps for the criminals but ransomware profits are immediate, usually via Bitcoin payment into the criminal’s wallet.

The traditional approach to cyber security has been to deploy more and more technology to protect against the evolving threat.  This has led to uncontrolled technology sprawl creating a security management nightmare.  Throwing more technology at the problem implies more resources to manage the estate and security resources are hard to come by.  According to research by the recruitment company

Despite the increased level of sophistication and frequency of ransomware attacks, by following the steps described below, organisations can significantly reduce their risk.

Step 1: Security Awareness Training

Although technology plays an important part, the majority of malware and ransomware attacks involve a user doing something they shouldn’t, such as clicking on a malicious web link, opening an email attachment or installing a new application.  Usually this is due to a lack of understanding of the security risks associated with such actions.  Phishing, a form of social engineering is a common technique used to get ransomware inside an organisation, effectively duping users into downloading malicious code or otherwise opening up the organisation’s network to cyber-attack.

Many organisations provide basic security training as part of company induction or as one-off exercises to address audit requirements.  However, security training should be a regular part of users’ development and regularly updated.   Training should be delivered at a pace and frequency that fits in with the employees’ work schedules with progress monitored and tested for effectiveness as part of the program.  Security awareness is a critical part of any organisation’s security program and is fundamental to several security frameworks such as the UK National Cyber Security Centre’s “10 Steps to Cyber Security” program

Step 2:  Vulnerability Management

Most malware infections, including ransomware, compromise our systems due to vulnerabilities in the operating systems and applications.  All too often, these vulnerabilities remain unpatched for months or even years allowing criminals to exploit the same flaws time and time again.

In 2015, of exploited vulnerabilities have had a patch for more than one year and it doesn’t look as though that’s changing.  In addition, IBM research shows that when new vulnerabilities are discovered, the average time taken for hackers to exploit them has decreased from 45 days ten years ago to 15 days today.

Effective vulnerability management is critical in ensuring that existing vulnerabilities are dealt with and new ones are patched quickly before they can be are exploited.

Step 3:  Web Protection

Almost all ransomware is delivered across the web.  Regardless of whether the initial infection is via email or a malicious/compromised web site, the malware will normally attempt to contact a remote server to download additional software such as exploit kits or encryption software.  Web security solutions can be used to detect this suspicious activity, preventing the dangerous malware payloads from being downloaded – even if the initial infection is successful.  Modern web security solutions make use of advanced threat intelligence to identify malicious domains and web servers and prevent the malware from receiving its instructions.

Step 4:  Endpoint Protection

Ransomware infection inevitably happens at the endpoint.  Typically, a laptop, PC or server will be compromised and used to propagate the malware throughout the network.  Traditional signature-base anti-malware solutions are largely ineffective against modern malware due to rapidly changing code and the time taken by security vendors to identify new malware variants and create and distribute signatures.  Behaviour-based endpoint protection is much more effective in dealing with modern malware as it will identify malicious behaviour such as file substitution and registry changes rather than looking for a specific malware fingerprint in an ever increasing signature database.

Step 5:  Security Analytics

Steps 1 to 4 above will provide an effective defence against ransomware and malware in general.  However, it is impractical to expect your systems never to be breached so it is imperative that you have visibility into the activity in your environment and the ability to identify breaches and react when they occur.  This visibility and identification is provided by a Security Incident & Event Management (SIEM) platform.  This software will ingest logs from your security infrastructure, servers, routers etc. and search for suspicious activity that could signal a breach.  SIEM provides a “single pane of glass” view into disparate technology overcoming many of the problems associated with the technology sprawl mentioned earlier and enabling security events to identified so they can be dealt with quickly.

Ransomware is a plague that threatens the availability of the data we rely on for our businesses to operate.  If successful, ransomware attacks can bring organisations to their knees and result in substantial financial loss in ransom payments, system restoration, clean-up and the growing impact of regulatory fines. Following these 5 steps will significantly reduce the risk of ransomware attacks.   Logicalis can help you with solutions to address each of these steps helping you navigate to a more secure environment.  For more details, please feel free to contact us.

Category: Security

Mark Rogers
November 21, 2017

Mark Rogers, CEO Logicalis Group, digs into the Logicalis Global CIO Survey 2017-2018 to pick out some of the major topics arising from the survey of 890 CIOs in 23 countries.

The big themes emerging from this years survey break CIO priorities down across three areas that could be mistaken for business as usual: Simplify, secure and engage. But, on the contrary, each has its part to play in a much loftier goal – digital transformation.

Indeed, the headline from the 2017-18 survey is this: CIOs say a massive infrastructure overhaul must be coupled with culture change if organisations are to unlock the benefits of digital transformation.

Digital ambition versus digital reality

That headline finding stems from CIOs’ assessment of their organisations’ digital footing.

The survey tells a story of real digital ambition amongst CIOs, but of limited progress in delivering digital transformation. To use tech adoption bell curve terminology, only 5% of respondents call their organisations digital innovators right now, while 49% characterise their organisations as part of an early majority.

That’s not a significant change on last years’ figures – and the reality is most CIOs see their organisations as partly digitally enabled at best.

Crucially, however, they contextualise those rather cautious views with a realistic and pragmatic assessment of the barriers to digital transformation – and it is their ambitious plans to overcome those barriers that give rise to the ‘simplify, secure, and engage’ triptych:

Simplify

For almost half (44%) of respondents to this year’s CIO survey, complex legacy technology is the chief barrier to digital transformation.

In simple terms, the job of maintaining and managing those complex environments – in the face of ever more draconian security threats, and business demand for ever more open architecture – is huge. So, legacy complexity doesn’t just slow down or prevent digital projects, it also prevents a refocus on higher level, strategy activity, like digital transformation.

That is clearly not lost on CIOs, who understand very well the urgent need to simplify existing systems – indeed, 51% said they planned to adapt or replace existing infrastructure as a means of accelerating digital transformation.

It’s not hard to envisage CIOs making greater use of cloud services and third party support as a means of both simplifying those systems and handing off some of the management burden associated with them.

Secure

It’s no great surprise to see security high on the CIO agenda given the nature of the cyber threat landscape – and no great surprise either to see ransomware top of the threat list for CIOs. Ransomware [http://cxounplugged.com/2017/01/what-is-ransomware-a-c-suite-quick-guide/] is the biggest threat according to 71% of CIOs surveyed.

More surprising though, is the fact that one in three CIOs admit security concerns have led to the curtailment or cancellation of IT projects – a fact that must surely amplify the impact of security issues on digital transformation.

With that in mind, it is small wonder that so many CIOs (31%) see increased security investment as crucial to digital transformation – and not just to weathering the next cyber threat storm.

I’m in little doubt that CIOs’ security focus will drive an increased demand for services like Cisco Umbrella [Link] as organisations adopt multi-layered security solutions capable of defending against an ever-evolving array of cyber threats.

Engage

Perhaps most interesting, CIOs see organisational culture as a key barrier to digital transformation. That is, legacy technology brings with it a legacy relationship between business and technology, a ‘separateness’ that is incompatible with a digital model that puts technology at the heart of every aspect of the business.

In response, CIOs want to engage with line of business (LOB) to drive culture change. They want to be the digital ambassadors who create a new relationship between business and technology, and who foster an environment in which digital transformation can thrive.

Analytics offers a case in point. Back in 2015, 63% of CIOs ranked analytics as ‘very important’ or ‘critical’ to driving business innovation.

Two years later the same barriers to delivering those benefits remain complex systems and siloed data, but so is business engagement – the lack of a clear brief from the business as to what is required from analytics is still an issue for 41% of CIOs.

Crucially, though, they are responding: 54% of CIOs are working with LOB colleagues to bottom out requirements and 38% are setting up working groups to unravel complexity.

Those plans to tackle analytics suggest that CIOs are successfully adapting to a changing environment for business IT, an issue we first highlighted in 2015. [http://cxounplugged.com/2015/01/power-shift-will-cios-respond/]. The big question is whether they will be successful in replicating the approach as they seek to unlock the benefits of wider digital transformation.

In my view, the CIOs that are successful in tackling these three big issues will be those looking outside for help. The majority still spend between 60% and 80% of their time on day to day IT management – an issue that, in itself, is a barrier to change.

That’s partly because so much IT remains in-house. Only 25% outsource 50% or more of their IT – a situation that must surely change quickly if CIOs are to free themselves from the everyday and be digital change makers, not change managers.

Read the full Logicalis Global CIO Survey 2017-2018 here.

Andrew Newton
September 8, 2017

Shadow IT is not a new concept, but certainly is a big issue for many organisations today. Companies of all sizes see a significant increase in the use of devices and/or services not within the organisation’s approved IT infrastructure.

A Global CIO Survey  found that IT leaders are under growing pressure from Shadow IT and are gradually losing the battle to retain the balance of power in IT decision-making. The threat from Shadow IT is forcing CIOs to re-align their IT strategy to better serve the needs of their line of business colleagues, and transforming IT to become the first choice for all IT service provision. However Shadow IT continues to apply pressure to many CIO’s and IT leaders who do not have clear visibility of the use of Shadow IT within their organisations and therefore cannot quantify the risks or opportunities.

So is Shadow IT a threat to your organisation or does it improve productivity and drive innovation?

Based on Gartner’s report, Shadow IT will account for a third of the cyber-attacks experienced by enterprises by the time we reach 2020. However, some customers have told us:

  • “Shadow IT is an opportunity for us to test devices or services before we go to IT for approval,”
  • Shadow IT allows us to be Agile and use services that IT don’t provide so we can work more effectively

One of the most important aspects of Shadow IT is of course the cost. What are the costs to the business from the hidden costs of a security breach, potential loss of data and for those with regulatory compliance requirements, the possibility of large fines and loss of reputation in their respective markets?

With an ever changing and expanding IT landscape and new regulations  such as the General Data Protection Regulation (GDPR) coming into effect in May 2018, managing and controlling data whilst ensuring complete data security should be top of the priority list. Therefore understanding the key challenges of Shadow IT is fundamental in order to manage it effectively.

Shadow IT – The Key Challenges:

    • Identifying the use of Shadow IT
      Arguably the biggest challenge with Shadow IT is visibility within the organisation. How can IT leaders see who is using or consuming what and for what purpose? If you can’t see or are aware of it, how can you manage it?
    • Costs of Shadow IT
      Controlling costs is impossible for Shadow IT spend if there is no visibility of what is being used. Not just the direct Shadow IT purchases present a challenge but the consequences of a security breach as a result of the use of Shadow IT in fines, reputation damage and future loss of business.
    • Securing the threat to your business
      One of the biggest areas of concern and quite rightly is the security threat to the business from the use of non-approved IT sources.  Not only does this have the potential to add to the organisation’s costs but also could result in the loss of data, again with the potential risk of considerable fines.
    • Managing Shadow IT without stifling innovation
      The wrong approach to managing Shadow IT, such as the “total lock down messaging”  can send signals to the organisation that IT are controlling, inflexible and  unwilling to listen with the possible result of driving Shadow IT under ground and in cases actually increase its use , thus increasing risks and costs.

Shadow IT is a complicated issue, but your response to it doesn’t have to be. Contact us to find out how we can help you manage Shadow IT, be forward thinking and fill the gaps within the current IT infrastructure.

Alastair Broom
August 9, 2017

It’s common knowledge that there is a global shortage of experienced IT security professionals, right across the spectrum of skills and specialities, and that this shortage is exacerbated by an ongoing lack of cyber security specialists emerging from education systems.

Governments are taking action to address this skills shortage, but it is nevertheless holding back advancement and exposing IT systems and Internet businesses to potential attacks.

Because of this, and despite the fear that other industries may have of Artificial Intelligence (AI) the information security industry should be embracing it and making the most of it. As the connectivity requirements of various different environments become ever more sophisticated, so the number of security information data sources is increasing rapidly, even as potential threats increase in number and complexity. Automation and AI offer powerful new ways of managing security in this brave new world.

At the moment, the focus in AI is on searching and correlating large amounts of information to identify potential threats based on data patterns or user behaviour analytics. These first generation AI-driven security solutions only go so far, though: security engineers are still needed, to validate the identification of threats and to activate remediation processes.

As these first generation solutions become more efficient and effective in detecting threats, they will become the first step towards moving security architectures into genuine auto-remediation.

To explore this, consider a firewall – it allows you to define access lists based on applications, ports or IP addresses. Working as part of a comprehensive security architecture, new AI-driven platforms will use similar access lists, based on a variety of complex and dynamic information sources. The use of such lists will under-gird your auto-remediation policy, which will integrate with other platforms to maintain consistency in the security posture defined.

As we move into this new era in security systems, in which everything comes down to gathering information that can be processed, with security in mind, by AI systems, we will see changes as services adapt to the new capabilities. Such changes will be seen first in Security Operations Centres (SOCs).

Today’s SOCs still rely heavily on security analysts reviewing reports to provide the level of service expected by customers. They will be one of the first environments to adopt AI systems, as they seek to add value to their services and operate as a seamless extension to digital businesses of all kinds.

SOCs are just one example, the security industry will get the most out of AI, but they need to start recognising that machines do best at what people do best. Any use of this technology will enable the creation of new tools and processes in the cybersecurity space that will protect new devices and networks from threats even before a human can classify that threat.

Artificial intelligence techniques such as unsupervised learning and continuous retraining can keep us ahead of the cyber criminals. However, we need to be aware that hackers will be also using these techniques, so here is where the creativity of the Good Guys can focus on thinking about what is coming next and let the machines do their job in learning and continuous protection.

Don’t miss out: to find out more, contact us – we’ll be delighted to help you with emerging technology and use it to your benefit.

Category: Security

Alastair Broom
May 16, 2017

What if I told you, that Ransomware, is on its way to becoming a $1 billion annual market ?

Eyebrows raised (or not), it is a matter of fact in 2017 that Ransomware is an extremely lucrative business, evolving in an alarming rate and becoming more sophisticated day by day.

But, the question remains, what is Ransomware?

Ransomware is a malicious software – a form of malware – that either disables a target system or encrypts a user’s files and holds them ‘hostage’ until a ransom is paid. This malware generally operates indiscriminately with the ability to target any operating system, within any organisation. Once the malware has gained a foothold in an organisation, it can spread quickly infecting other systems, even backup systems and therefore can effectively disable an entire organisation. Data is the lifeblood of many organisations and without access to this data, businesses can literally grind to a halt. Attackers demand that the user pay a fee (often in Bitcoins) to decrypt their files and get them back.

On a global scale, more than 40% of ransomware victims pay the ransom, although there is no guarantee that you will actually get your data back and copies of your data will now be in the attacker’s hands. In the UK, 45% of organisations reported that a severe data breach caused systems to be down on average for more than eight hours. This makes it apparent that the cost is not only the ransom itself, but also the significant resources required to restore the systems and data. What is even more alarming, is that in the UK the number of threats and alerts is significantly higher than other countries (Cisco 2017 Annual Cybersecurity Report). Outdated systems and equipment are partially to blame, coupled with the belief that line managers are not sufficiently engaged with security. Modern and sophisticated attacks like ransomware require user awareness, effective processes and cutting edge security systems to prevent them from taking your organisation hostage!

How can you protect your company?

As one of the latest threats in cybersecurity, a lot has been written and said around ransomware and potential ways of preventing it. A successful mitigation strategy involving people, process and technology is the best way to minimise the risk of an attack and its impact. Your security program should consider the approach before, during and after an attack takes place giving due consideration to protecting the organisation from attack, detecting Ransomware and other malware attacks and how the organisation should respond following an attack. Given that Ransomware can penetrate organisations in multiple ways, reducing the risk of an infection requires a holistic approach, rather than a single point solution.  It takes seconds to encrypt an entire hard disk and so IT security systems must provide the highest levels of protection, rapid detection and high containment and quarantine capability to limit damage. Paying the ransom should be viewed as an undesirable, unpredictable last resort and every organisation should therefore take effective measures to avoid this scenario.

Could your organisation be a target?

One would imagine that only large corporations would be at risk of a Ransomware attack, but this is far from the truth. Organisations of all industries and sizes report Ransomware attacks which lead to substantial financial loss, data exposure and potential brand damage. The reason is that all businesses rely on the availability of data, such as employee profiles, patents, customer lists, financial statements etc. to operate.  Imagine the impact of Ransomware attacks in police departments, city councils, schools or hospitals. Whether an organisation operates in the public or private sector, banking or healthcare, it must have an agile security system in place to reduce the risk of a Ransomware attack.

Where to start?

The first step to shield your company against Ransomware is to perform an audit of your current security posture and identify areas of exposure.  Do you have the systems and skills to identify an attack?  Do you have the processes and resources to respond effectively?  As Ransomware disguises itself and uses sophisticated hacking tactics to infiltrate your organisation’s network, it is important to constantly seek innovative ways to protect your data before any irreparable damage is done.

With our Security Consultancy, Managed Security Service offerings and threat-centric Security product portfolio, we are able to help our customers build the holistic security architecture needed in today’s threat landscape.

Contact us to discuss your cyber security needs and ensure you aren’t the next topic of a BBC news article.

 

Category: Security

Alastair Broom
March 10, 2017

As Logicalis’ Chief Security Technology Officer I’m often asked to comment on cyber security issues. Usually the request relates to specific areas such as ransomware or socially engineered attacks. In this article I’m taking a more holistic look at IT security.

Such a holistic approach to security is, generally, sorely lacking. This is a serious matter, with cyber criminals constantly looking for the weak links in organisations’ security, constantly testing the fence to find the easiest place to get through. So, let’s take a look at the state of enterprise IT security in early 2017, using the technology, processes and people model.

Technology

A brief, high-level look at the security market is all it takes to show that there are vast numbers of point products out there – ‘silver bullet’ solutions designed to take out specific threats. There is, however, little in terms of an ecosystem supporting a defence-in-depth architecture. Integration of and co-operation between the various disparate components is , although growing, typically weak or non-existent.

We’ve seen customers with more than 60 products deployed, from over 40 vendors, each intended to address a specific security issue. Having such a large number of products itself presents significant security challenges, though. All these products combined have their own vulnerability: support and manintenance. Managing them and keeping them updated generates significant workload, and any mistakes or unresolved issues can easily become new weak points in the organisation’s security.

The situation has been exacerbated by the rapidly increasing popularity of Cloud and Open Source software. Both trends make market entry significantly simpler, allowing new players to quickly and easily offer new solutions, targeting whichever threat happens to be making a big noise at the moment.

Just as poor integration between security products is an issue, so is lack of integration between the components on which they are built. Through weak coding or failure to make use of hardware security features – Intel’s hardware-level Software Guards Extensions (SGX) encryption technology is a good example – security holes are left open, waiting to be exploited.

The good news on the technology front is that we are seeing the early stages of the development of protocols, such as STIX, TAXII and CybOX, allowing different vendors’ products to interact and share standardised threat information. The big security vendors have been promoting the idea of threat information sharing and subsequent action for a while, but only within their own product ecosystems. It’s time for a broader playing field!

Processes

IT security is one of the most important issues facing today’s enterprise, yet, while any self-respecting board will feature directors with responsibility for sales, marketing, operations and finance, few enterprises have a board level CISO.

Similarly few organisations have a comprehensive and thoroughly considered security strategy in place, or proper security processes and policies suitable for today’s threat landscape and ICT usage patterns. A number of industry frameworks exist: ISO 27001, Cyber Essentials, NIST to name but a few; and yet very few organisations adopt these beyond the bare minimum to meet regulatory requirements.

Most organisations spend considerable sums on security technology, but without the right security strategy in place, and user behaviour in line with the right processes and policies, they remain at risk of serious breaches.

People

The hard truth is that some 60% of breaches are down to user error. Recent research obtiained through Freedom of Information requests found that 62% reported to the ICO are down to humans basically getting it wrong. People make poor password choices, use insecure public (and private!) WiFi, and use public Cloud storage and similar services without taking the necessary security precautions. They do not follow, or indeed even know, corporate data classification and usage policies. The list, of course, goes on.

Training has a part to play here, to increase users’ awareness of the importance of security, as well as the behaviours they need to adopt (and discard) to stay secure. However, there will come a point at which the law of diminishing returns kicks in: we all make mistakes – even the most careful, well trained of us.

We need to explore, discover and devise new ways in which technology can help, by removing the human element, where possible and desirable, and by limiting and swiftly rectifying the damage done when human error occurs. Furthermore, we need to leverage ever improving machine learning and artificial intelligence software to help augment human capability.

Enterprises need to work with specialists that can help them understand the nature of the threats they face, and the weak links in their defences that offer miscreants easy ways in. That means closely examining all aspects of their security from each of the technology, processes and people perspectives, to identify actual and potential weaknesses. Then robust, practical, fit-for-purpose security architectures and policies can be built.

For an outline of how this can work, take a look at Logicalis’ three-step methodology here or email us security@uk.logicalis.com to discuss your cyber security needs.

Category: Security

Fanni Vig
January 16, 2017

A friend of mine recently introduced me to the idea of the ‘runaway brain’ – a theory first published in 1993 outlining the uniqueness of human evolution. We take a look into how artificial intelligence is developing into something comparable to the human brain and the potential caveats that concern us as human-beings.

The theory considers how humans have created a complex culture by continually challenging their brains, leading to the development of more complex intellect throughout human evolution. A process which continues to occur, even up to today and will again tomorrow, and will no doubt for years to come. This is what theorists claim is driving human intelligence towards its ultimate best.

There are many ways in which we can define why ‘human intelligence’ is considered unique. In essence, it’s characterised by perception, consciousness, self-awareness, and desire.

It was by speaking to a friend that I considered with human intelligence alongside the emergence of artificial intelligence (AI), is it possible for the ‘runaway brain’ to reach a new milestone? After further research, I found some that say it already has.

They label it ‘runaway super intelligence‘.

Storage capacity of the human brain

Most neuroscientists estimate the human brains storage capacity to range between 10 and 100 terabytes, with some evaluations estimating closer to 2.5 petabytes. In fact, new research suggests the human brain could hold as much information as the entire internet.

As surprising as that sounds, it’s not necessarily impossible. It has long been said that the human brain can be like a sponge, absorbing as much information that we throw towards it. Of course we forget a large amount of that information, but take into consideration those with photographic memory or those who practice a combination of innate skills, learned tactics, mnemonic strategies or those who have an extraordinary knowledge base.

Why can machines still perform better?

Ponder this – if human brains have the capacity to store significant amounts of data, why do machines continue to outperform human decision making?

The human brain has a huge range – data analysis and pattern recognition alongside the ability to learn and retain information. A human needs only to glance before they recognise a car they’ve seen before, but AI may need to process hundreds or even thousands of samples before it’s able to come to a conclusion. Perhaps human premeditative assumption, if you will, to save time analysing finer details for an exact match, but conversely, while AI functions may be more complex and varied, the human brain is unable to process the same volume of data as a computer.

It’s this efficiency of data processing that calls on leading researchers to believe that indeed AI will dominate our lives in the coming decades and eventually lead to what we call the ‘technology singularity’.

Technology singularity

Technological singularity is defined by the hypothesis that through the invention of artificial super intelligence abruptly triggering runaway technological growth, which will result in unfathomable changes to human civilization.

According to this hypothesis, an upgradable intelligent agent, such as software-based artificial general intelligence, could enter a ‘runaway reaction’ cycle of self-learning and self-improvement, with each new and increasingly intelligent generation appearing more rapidly, causing an intelligence explosion resulting in a powerful super intelligence that would, qualitatively, far surpass human intelligence.

Ubiquitous AI

When it comes to our day-to-day lives, algorithms often save time and effort. Take online search tools, Internet shopping and smartphone apps using beacon technology to provide recommendations based upon our whereabouts.

Today, AI uses machine learning. Provide AI with an outcome-based scenario and, to put it simply, it will remember and learn. The computer is taught what to learn, how to learn, and how to make its own decisions.
What’s more fascinating, is how new AI’s are modeling the human mind using techniques similar to that of our own learning processes.

Do we need to be worried about the runaway artificial general intelligence?

If we to listen to the cautiously wise words of Stephen Hawking who said “success in creating AI would be the biggest event in human history”, before commenting “unfortunately, it might also be the last, unless we learn how to avoid the risks”.

The answer to whether we should be worried all depends on too many variables for a definitive answer. However, it is difficult not to argue that AI will play a growing part in our lives and businesses.

Rest assured: 4 things that will always remain human

It’s inevitable that one might raise the question is there anything that humans will always be better at?

  1. Unstructured problem solving. Solving problems in which the rules do not currently exist; such as creating a new web application.
  2. Acquiring and processing new information. Deciding what is relevant; like a reporter writing a story.
  3. Non-routine physical work. Performing complex tasks in a 3-dimentional space that requires a combination of skill #1 and skill #2 which is proving very difficult for computers to master. As a consequence this causes scientists like Frank Levy and Richard J. Murmane to say that we need to focus on preparing children for an “increased emphasis on conceptual understanding and problem-solving“.
  4. And last but not least – being human. Expressing empathy, making people feel good, taking care of others, being artistic and creative for the sake of creativity, expressing emotions and vulnerability in a relatable way, and making people laugh.

Are you safe?

We all know that computers/machines/robots will have an impact (positive and/or negative) on our lives in one way or another. The rather ominous elephant in the room here is whether or not your job can be done by a robot?

I am sure you will be glad to know there is an algorithm for it…
In a recent article by the BBC it is predicted that 35% of current jobs in the UK are at a ‘high risk’ of computerization in the coming 20 years (according to a study by Oxford University and Deloitte).

It remains, jobs that rely on empathy, creativity and social intelligence are considerably less at risk of being computerized. In comparison roles including retail assistants (37th), chartered accountants (21st) and legal secretaries (3rd) all rank among the top 50 jobs at risk.

Maybe not too late to pick up the night course on ‘Computer Science’…

Alastair Broom
December 15, 2016

Last week I read that you can now hijack nearly any drone mid-flight just by using a tiny gadget.

The gadget responds to the name of Icarus and it can hijack a variety of popular drones mid-flight, allowing attackers to lock the owner out and give them complete control over the device.

Besides Drones, the new gadget has the capability of fully hijacking a wide variety of radio-controlled devices, including helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx.

Although this is not the first device we have seen that can hijack drones, this is the first one giving the control Icarus works by exploiting DMSx protocol, granting attackers complete control over target drones that allows attackers to steer, accelerate, brake and even crash them.

The attack relies on the fact that DSMx protocol does not encrypt the ‘secret’ key that pairs a controller and the controlled device. So, it is possible for an attacker to steal this secret key by launching several brute-force attacks.

You can also watch the demonstration video to learn more about Icarus box.

There is no mitigation approach to this issue at the moment, other than wait for manufacturers affected to release patches and update their hardware embracing encryption mechanisms to secure the communication between controller and device.

Having seen this video and the potential impact of this hijacking technique, my first thought was about the threat for Amazon’s new service coming soon, which will allow drones to safely deliver packages to people’s homes in under 30 minutes.

This is just another example of how important is to define the right strategy around using encryption as part of the security in the digital era. Business data and the way we want to access this data from any device, anywhere and anytime just highlight the need of enhanced and clever security solutions.

There are different ways Logicalis can help our customers in the protection of data located in data centres and end points with the help of the ecosystem of partners like Cisco and Intel Security.

An interesting offering to mention is Logicalis Endpoint Encryption Managed Service. This service gives our customer’s devices and the data within them the level of protection that will give them peace of mind should a device be lost or stolen, and we Logicalis manage the service for them. This service is the market leader for data protection and it provides the highest levels of Confidentiality, Integrity and Availability. The service is part of the global strategy adopted by Logicalis Group across EMEA.

Category: Automation, Security

Alastair Broom
December 11, 2016

21 times in the past 12 months! According to the following BBC article, that’s how many times Bournemouth University has been hit by ransomware attacks (University hit 21 times in one year by ransomware – BBC News). 23 universities have suffered that same issue, 28 NHS trusts. And the problem continues in the Enterprise space. According to Kaspersky labs research, over 50,000 corporate PCs were infected with ransomware in 2015, a 100% year-on-year growth as compared to 2014. And that’s the data Kaspersky has access to. The FBI states that in Q2 of 2015, 4 million unique ransomware samples were detected, and that in 2016 over $1 billion will be paid out in ransomware attacks to retrieve data. I may be in the wrong job…

The thing is, ransomware in the past has been what I would term, a typically opportunistic attack. It was predominantly targeted at individuals, and would rely on relatively basic techniques, such as phishing scams or drive-by-downloads, to get the infection done. Attacks would range from scareware, to screenlockers, all the way to encryption attacks, and would demand a reasonably small sum from the victim to decrypt locked files (assuming you were lucky enough to get the files back at all). You would handover some Bitcoins, the currency hackers crave due to its global and anonymous nature, and hope the decryption key was handed over in return.

But that is no longer the case. Ransomware is now far better classed as an APT – Advanced Persistent Threat, and carries all the industrialized process behind it that we expect of corporate or sovereign government funded warfare. This is big business, and attackers are fully aware of the cost corporations are exposed to if they are unable to access that most precious of resources – their data. Attackers will spend huge effort researching their victim: footprinting, scanning, enumerating – and will then follow a very well thought out plan to realise their desired outcomes!

Not good news, but we can help! At Logicalis, we have been helping our clients prepare for and defend against ransomware and other APTs. Let’s specifically address ransomware.

We understand the key stages involved in a ransomware attack (infection, execution, backup spoliation, encryption, notification & clean up), and so can help advise you on the best lines of defence, and provide a number of services to make sure you are protected. The below list is a great place to start:

  • Reduce logged in user privileges so that they are unable to execute PowerShell and any other code not required.
  • Remove the command prompt from Citrix or logon profile sessions.
  • Use application whitelisting so that only authorised applications can run.
  • Prevent or disallow macro execution via group policy.
  • Investigate using where appropriate Microsoft EMET
  • Use a SIEM to monitor, for example, process injection
  • Ensure that there is a full backup of all the data and systems to be able to restore if and when required.
  • Use a software restriction policy in applocker (SRP)
  • Disable activeX in the browsers.
  • Install a personal firewall or use HIPS
  • Block binaries running from %APPDATA% and %TEMP% paths

With our Security consultancy, Managed Security Service offerings and threat-centric Security product portfolio, we are able to help our customers build the holistic security architecture needed in today’s threat landscape. When it comes to ransomware, our solutions in Anti-Virus, Endpoint Protection, Data Loss Protection, Advanced Malware Protection and Managed SIEM will ensure you aren’t the next topic of a BBC news article.

Category: Security

Alastair Broom
November 30, 2016

As you might have read back in November 2016, a huge Distributed Denial of Service (DDoS) attach against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet, causing a significant outage to a tonne of websites and services; including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

How did the attack happen? What was the cause behind the attack?

Although exact details of the attack remain vague, Dyn reported an army of hijacked internet-connected devices are thought to be responsible for the large-scale attack; similar to a method recently employed by hackers to carry out a record-breaking DDoS attack of over 1 Tbps against the French hosting provider OVH.

According to security intelligence firm Flashpoint, Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against Dyn. Mira is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of these compromised devices into a bonnet, which is then used to conduct DDoS attacks.

This type of attack is notable and concerning because it largely consists of unsecured IoT devices, which are growing exponentially with time. These devices are implemented in a way that they cannot easily be updated and thus are nearly impossible to secure.

Manufacturers majorly focus on performance and usability of IoT devices but ignore security measures and encryption mechanisms. Which is why they are routinely hacked and widely becoming part of DDoS botnets and used as weapons in cyber-attacks.

An online tracker of the Mirai botnet suggests there are more than 1.2 Million Mirai-infected devices on the Internet, with over 166,000 devices active right now.

IoT botnets like Mirai are growing rapidly, and there is no easy way to stop them.

According to officials having spoken to Reuters, the US Department of Homeland Security (DHS) and the FBI are both investigating the massive DDoS attacks hitting Dyn, but none of the agencies have yet speculated on who might be behind them.

At Logicalis UK, we have a threat centric approach. We can help customers protect their applications and environments against DDoS attacks with on-premise, cloud-based or hybrid deployments based on solutions through our partner F5.

F5 provides seamless, flexible, and easy-to-deploy solutions that enable a fast response, no matter what type of DDoS attack you’re under. Together, Logicalis and F5 can;

  • Deliver multi-layered DDoS defense from a single box with a fast-acting, dual-mode appliance that supports both out-of-band processing and inline mitigation, while enabling SSL inspection and guarding against layer 7 app attacks.
  • Stop attacks on your data centre immediately with an in-depth DDoS defense that integrates appliance and cloud services for immediate cloud off-loading.
  • Unique layer 7 application coverage defeats threats cloaked behind DDoS attacks without impacting legitimate traffic.
  • Activate comprehensive DDoS defense with less complexity and greater attack coverage than most solutions.

If you would like to find out more about Logicalis’ advanced security practice, please complete the form opposite. Our experts are primed and ready to support you.

If you would like to find out more about our security practice please do not hesitate to get in touch: jorge.aguilera@uk.logicalis.com

Alastair Broom
November 29, 2016

Last week we hosted a number of our customers (30 people from 18 different organisation in fact) to an event held at Sushisamba in London. From the 39th floor, overlooking most of London, I had the privilege of hosting some of our existing and potential clients for a discussion predicated by the upcoming General Data Protection Regulation (GDPR). Over an absolutely fantastic lunch, which thankfully included many tasty meat dishes – I’m no huge fan of raw fish – we talked about how organisations are going to have to rethink their strategy around data governance and security in the face of a very tough new law.

I just wanted to give you a few takeaways from the day, none of which are edible – I’m sorry…

The first of our guest speakers was Lesley Roe, Data Protection Officer from the IET. Lesley spoke about what the IET are doing to get ready for GDPR. They hold a vast amount of personal data, and given that they are advising their membership on all manner of related things, they need to lead by example. Key points from her presentation are:

  • GDPR is about giving people more control over their personal data. Every day we share an extraordinary amount of personal data with all manner of organisations, and this data is valuable. GDPR is about ensuring we retain the rights to that value. What it is processed for, how can process it, how its retained/deleted once its useful life has expired.
  • Everyone has a part to play and training of staff & staff awareness are paramount. This, however, is no mean feat.
  • The process of data governance, and the education of that process throughout the organisation, will be the only way to fully comply with the regulation. How do the IET classify old & new data? How do they manage the lifecycle of the data? How do they make sure they are only obtaining, using and retaining the data they need and have consent for?
  • None of this, however, is possible without first knowing what personal data is within your organisational context, and where it lives.
  • Much of the thinking around GDPR will be a huge shift in the mindset of organisations today. Companies just do not think about their data assets and their responsibility for that data in the spirit of the regulation at all.

Our next two speakers were from two of our technology partners, VMWare and Palo Alto Networks. Things to remember here:

  • Technology, without a doubt, has a part to play in ensuring compliance. The regulators are far more savvy to what the art of the possible is in the security market, and they will be expecting organisations to leverage technologies within reach of budgets and according to exposure to best mitigate any risks to rights of individuals.
  • The ability to prevent, detect and report on the nature and extent of any breaches will be very important. Technologies will be needed to prove that organisations can do this effectively and efficiently, especially in the face of stringent reporting requirements.
  • State of the art will really mean state of the art. Regulators will be assessing how organisations are using the best possible mix of technologies to minimise both exposure to risk, and impact of any breach if/when they should occur.

The last presentation was from Ed Charvet and his guest star Ian De Frietas. Ian is part of the alliance we have with legal experts BLP. The joint value proposition Ed and Ian spoke about is what I believe makes us entirely unique in this space:

  • The first step towards compliance is data discovery – what is personal data from the perspectives of both the GDPR and the organisations’ context? Where is the data? How is data currently classified? How is it processed? How are permissions obtained? This is delivered through a mix of manual and automated processes to help customers understand where they stand today.
  • But this process takes time. The regulation comes into law on the 28th May 2018, and as Ian made clear, the regulator is taking a “zero day” approach. This effectively means that if you’re not fully complaint on that day, you are non-compliant, and the regulator has ever power to come after you. With fines of up to 4% of global group revenues, or EUR20 million (whichever is the greater of course), this is a regulation with teeth – and with what seems like a very real political agenda. Watch out Facebook, Google, Amazon…
  • Being compliant with the likes of the DPA today, while impressive, would still mean on day zero you do not comply with the new law.
  • Key questions to ask are: do you have a legitimate interest to process the data? What exactly are you planning to do with it? These will need to be made very clear even before the gathering of data has begun.

What became clear throughout the day is that time is tight to reach compliance, and the ICO in the UK seem to be recruiting in earnest to gear up for real enforcement of the law. This feels like something that is going to change how data, and in particular the protection of personal rights and data, is valued and protected by the organisations that get the most benefit from it. What organisations need to do as a matter of urgency is find out what personal data they hold, and where they store it. They need to assess the current security infrastructures they have and find out what gaps existing that could pose a risk and ultimately a loss of personal data. They need to be putting the right people and procedures in place to comply with new and enhanced rights, tighter reporting deadlines, and they should be working out what Data Protection Impact Assessments need to look like for their organisation to satisfy regulatory requirements.

As a next step, please reach out to either myself, Ed Charvet, Alastair Broom or Jorge Aguilera to discuss how Logicalis can help our customers get ready for GDPR. From the data discovery workshop, to engaging with BLP in legal matters, and technology assessments powered by tools from the likes of VMware and Palo Alto Networks; we really can help customers on the road towards compliance.

Latest Tweets