Digitally Speaking
Data backup

Alastair Broom
March 28, 2019

This Sunday marks the 8th year of World Backup Day. What began as a light-hearted campaign to encourage end-users to create secure copies of their treasured photos and files is slowing morphing into a message for the business community: without data there is no business.

Most UK businesses are now part way through digital transformation, which is fuelled by data. Almost every business decision is based upon the data held, yet losing that data is worryingly easy. From equipment theft and accidents to security breaches and simply failing to backup, businesses have to work hard to safeguard their data. And with the growing sophistication of cyber attacks, both the prevention measures and the price you pay for failure are increasing.

In February, hackers breached the servers of a US email provider, wiping the data from its US servers in what was termed an ‘attack and destroy’ incident. The firm did have backup measures but they weren’t secure enough to prevent the attackers from infiltrating their backup servers. No ransom, just an act of vandalism that put the company out of business overnight.

This senseless attack illustrates the point: we cannot overestimate the importance of data or its security. Fortunately, there are steps all businesses can take to protect their most precious asset.

Understand the value and location of your data

Your critical data is not just in your datacentre. It’s likely to be dispersed right across the organisation, from HR and marketing to sales databases and financial systems. It could be a spreadsheet attached to an email, but if that’s the only copy, and that data has a high value to the organisation, then that spreadsheet is critical data.

Understanding where the data is located and knowing its value is essential to determining your data protection policy. It’s not feasible to back up every single piece of data, so knowing what matters is crucial. This is where data discovery and classification do the heavy lifting, increasing your visibility of where data resides on the network, the endpoint and in the cloud, and allowing you to create scalable security solutions to protect that data.

Arm yourself against ransomware

While it’s not an uncommon occurrence for organisations to lose servers or for data centres to go down and return without their data, most businesses do now have their most important data backed up. This has historically been used as protection against ransomware, a form of malware which locks the user out of their device or files and then demands a monetary ransom to restore access. However, cyber criminals have evolved their malware to search out and encrypt backup servers as well as the primary data store so it is important to ensure backup systems are adequately protected from attack.

In 2018 there were 4.7 million ransomware attacks, down 50% from the previous year, but still alarmingly high. And while attacks have decreased, they have become more targeted meaning Enterprises and SMBs alike need to do more to protect their data.

Backup is critical as it enables lost or ransomed data to be restored and business disruption minimised. Encrypting data will protect against data theft but without appropriate protection for the data backups, corporate data can still be destroyed or rendered inaccessible during a cyber attack. Making sure backup systems are suitably distanced from the primary data is critical, if there is a link, cybercriminals can find a way in.

Put the right policies in place

It bears repeating that businesses must understand the value of their data and where it’s located. Discovery and classification enable a security policy to be applied to data and provides a platform for automated backup policies.

In order to build the most effective defences, you need a policy which delivers a level of protection that is appropriate to the value of the data. The policy should dictate different levels of resilience for your tiers of data. For really critical data, the best line of defence is to keep it secure on a completely different, non-digital system.

Don’t forget your role in cloud security

If you put your data into the cloud, don’t be fooled into thinking your cloud providers are responsible for security. They will, of course, ensure your data is secure from external attacks, but they can’t control your access policy. If you get breached internally then criminals can get access to your cloud-stored data. Poor user awareness and lax password policies can leave the door to the cloud wide open, so security must be made a high priority.

As with any security threat, internal training can create an extra line of defence. By training employees to spot and stop phishing emails and other forms of social engineering, organisations can prevent accounts becoming compromised and protect their data and backups from attack.

Your data is a valuable commodity and should be treated as such. By understanding its value, taking steps to remove links between your operating environment and your backup servers, and by protecting your business from ransomware attacks, you know you’ve done the best job you can.

World Backup day

(This page is not officially supported or endorsed by World Backup Day)

 

Category: Security

Women in Channel A list

Jen Molyneux
March 25, 2019

Back in October, leading IT channel publication CRN hosted its inaugural Women in Channel Awards. Five Logicalis UK employees were shortlisted, with two going on to win their categories!  And now, five are on the A-List!

Determined to continue their efforts to recognise the individuals who are influencing, challenging and reshaping the tech industry, CRN have since launched the first Women in Channel A-List. Modelled on the annual who’s who of the channel, which this year included both our MD and COO, it’s described as an annual guide that features the wave makers of those working in the channel. We’re proud to announce that five of our employees have made it onto the list, giving their opinions on how the industry can become more diverse, ways to encourage more women into the IT sector, and their career top tips.

Logicalis Women in Channel A-List

Andreea Ceasar, Marketing Campaign Manager at Logicalis UK and an A-Lister said ‘no matter how you look at it, there is a painful gender deficit in the UK IT channel. Any initiative that tries to bridge the gender gap, as the Women in Channel A-list does, should be supported by the entire industry. Women in tech need to be heard and seen, because only with real examples can we change mentalities and misconceptions. Being a very small part of this movement feels really good.”

We’d like to congratulate all of our A-Listers who continue to rework the tech sector and encourage other women to join the industry:

View the full Women in Channel A-list 2019.

Category: Security, Women in IT

Alastair Broom
January 18, 2019

We spoke to Paul Graziano, Cyber Security Compliance Manager at Transport for London (TFL), about his job to defend the UK’s largest public transport network through innovative approaches.

The transport system is part of our critical national infrastructure – how do you see the cyber threat against this evolving?

I think cyber security within critical national infrastructure is becoming an increasingly complex task. A common security challenge is that many of the systems and devices we rely on were built when security wasn’t really an issue. They were designed for only a few people to have access to them. Now, more and more modern industrial control systems are being connected by IT Infrastructure, which is of course a positive thing.

However this means we don’t design ourselves into a position where we have to break in security to protect residency devices, which is what we’re currently working on. Instead of having security by design, we need to put the monitoring around these systems, so we know what users are accessing, know what they’re doing, as well as the network monitoring around these devices too.

What can we do to protect our critical infrastructure against attack

There’s no simple answer to this. In some ways, what we’re trying to do now is use a framework we’ve adopted in Information Technology (IT) to protect Operational Technologies (OT) which involves a security strategy. Security needs to start right from the beginning of the procurement of new systems and IT needs to make sure any new systems meet our security requirements.

I think we need to assume that we will be compromised. As long as the Security Operations team have that visibility, we will be able to respond to any incidents if need be and they’ll also need to be able to pull the plug in worst case scenarios.

A lot of work has been done within the government to help us out. The Centre for Protection of National Infrastructure (CPNI), a UK government body, released a number of frameworks for industrial control systems. They believe we should structure our industrial control systems to make them secure and deploy frameworks around them to achieve that.

What are your thoughts on the value of threat intelligence and and security analytics in the fight against cybercrime?

Both are extremely important and a vital part of Security Operations. Threat intelligence is a necessity as we need to understand what the new threats are and how that could morph into an attack on TFL.

Security analytics is just as important because to protect your network you need to have good visibility over it and you can only really achieve that through security log analytics. To do this you need to have the capability to sort logs from a range of sources and correlate these for suspicious activity. This enables you to benchmark it in order to understand what normal looks like and then you can look out for anomalies.

Will the Internet of Things change the way you address cyber crime?

Absolutely. Up until recently, the increasing number of devices being connected to the internet were mainly from the commercial side, but now it is entering the business side too. Every connected device is a potential target for botnet activities because they are not inherently secure, so they’re easily targeted and taken over as part of a larger attack. This is a very difficult problem to solve and we can’t be isolated as a business in dealing with it, there needs to be a consolidated effort.

How are you using virtualisation to transform your business?

TFL are hugely into virtualisation. A really good example of this would be TFL.gov.uk, our public facing API that’s used for TFL’s journey planner, which powers applications like Citymapper too.

In terms of its impact on our business, it has changed the way in which we think about new projects and new applications. Previously we had to rack up a new server every time we started a project. Now we can rapidly develop, build and test prototypes for new applications at very little cost. It gives us a lot of flexibility as we can scale up pretty much automatically when we need to, which we would never have been in a position to do before virtualisation.

There is a renewal aspect to it too, that if configured correctly, it’s relatively simple to spin up a new server if your prime one goes down. So there are many great benefits to virtualisation.

What other technologies would you suggest adopting in the fight against cyber-crime?

My idea is not so much a technology, but an awareness strategy. If you look at the number of the high profile attacks over the last year, a lot of them started with simple phishing attacks. Our spam filters will never be able to spot the first email from a newly setup phishing campaign and they’re purposefully designed to do that. One of the only ways to protect against this is to ensure our users are sufficiently trained to detect suspicious emails. I think improving communication with employees and making them aware of the impact an attack could potentially have, is vital.

In terms of actual technology, I think privileged identity access management is also key to a security team. It’s important to understand who has access to the most critical parts of your business as during a compromised attack, hackers will look for the business’ ‘crown jewels’.

One of the technologies that the industry is looking at more widely is called ‘deceptive security technology’, this is essentially a very old security component called a ‘honeypot’. A honeypot is a system that is built to be insecure and placed in a public part of your network. By doing so, you can see who finds it and what they do to it. This enables you to understand what sort of attacks are being targeted at it, providing a wider picture of the threat landscape. It is essentially a piece of proactive threat intelligence to find out if people are attacking parts of your network.

Thank you very much for answering all of our questions Paul and we wish you a fruitful career at TFL.

Category: Security

Alastair Broom
January 2, 2019

With high profile breaches for the likes of Facebook, British Airways and Marriott fresh in the mind, it’s no surprise to see a backlash against the companies that hold our data and a new impetus to take back control. But how are CIOs tackling the information security challenge, and what do we expect the future to hold?

Assessing the threat

According to more than 840 CIOs that we interviewed for the sixth edition of the annual Logicalis Global CIO Survey, the role of the CIO is in flux. A traditional focus on “keeping the lights on” has seemingly given way to more strategic activities around service and product innovation as organisations take to the cloud and expand their IT estate. Despite all this, security continues to dominate CIO’s time and attention, with 93% saying that they devote between 10% and 50% of their time to information security – with 54% spending at least 30% of their time on it.

CIOs are right to remain vigilant, as all evidence points to the fact that threats are definitely increasing. We’re seeing no sign that external threats such as malware, ransomware, crypto-jacking and phishing are going anywhere, especially because it’s become even easier for the bad guys to launch these type of attacks. They’re low cost and have the potential to reach either massive or highly targeted audiences.

One trend that has emerged from the survey is that CIOs are now far more focused on the human dimension of cyber risk than before. Whilst the 2017 report cited external threats as the clear focus, this year’s findings saw lack of staff awareness and mistakes as a concern for more than half (56%) of CIOs, while 39% are concerned about malicious insiders. The human dimension is interesting, and we’d certainly say that people and process should always be the place to start. This attitude doesn’t particularly bear out in what we’ve seen before, however, as technology tends to take precedence over training.

The expansion of the IT footprint and the ever evolving threat landscape have clear implications for security, and most CIOs signal that they are moving away from a purely defensive footing to one of cyber resilience, which brings together defence with detection and recovery. More than a third (37%) of CIOs say their organisation now adopts a resilience-based information security footing. This stance will be aided by some element of automation within the process, as the rate at which threats are accelerating is outpacing our ability to develop skills. AI represents an opportunity to keep pace, particularly when it comes to threat detection and response. We’d expect developments in this area to focus on the ‘response’ part of this process, although it will require something of a cultural leap to allow technology to make decisions for us.

The value of data

Data breaches were cited as a concern by 54% of CIOs, demonstrating how CIOs are attuned to the broader debate around data privacy and management. Despite measures introduced this year, it’s still very difficult to understand and manage data permissions, for both consumers and the businesses that own their data, and there’s a lot more that needs to be done to clean up the ethics around this.

According to our CIO sample, the impact of GDPR has fallen far short of the dire predictions with nearly three quarters (71%) saying that GDPR passing into law has had no impact on their organisation at all. Based on what we heard from customers, GDPR was significantly overplayed and organisations became apathetic long before the May deadline. Faced by business trying to sell them solutions to address their GDPR requirements, a lack of understanding of what their liability was and a misconception that they were too small to be significant, fed-up businesses appear to have opted for a view that “we only need to be as good as our neighbour”.

It would be wrong to suggest that GDPR in, and of itself, had no effect. Rather that most organisations did a great job of implementation, as those with longer memories will recall from Y2K. The Logicalis Global CIO Survey also assessed the cost of GDPR compliance and, again, the reality fell well short of the hype. Though the average investment of up to £25,000 is not insignificant, it suggests that the process was well and efficiently handled.

So what happens now?

Even though the fines for non-compliance are considerable, we’d expect the biggest financial impact in a post GDPR world to be seen in class-action lawsuits arising as a result of data breaches. The huge numbers of customers affected by these large data breaches make this inevitable. But this also has the potential to be hijacked by ‘ambulance-chasers’, and our survey found that 6% of CIOs have already been targeted by opportunists seeking to profit from non-compliance. So expect those PPI and whiplash calls on your phone to be replaced by an automated voice asking about the data breach that compromised your personal information.

We’re certainly at the point now where data breaches should be viewed as ‘when’ and not ‘if’. We’d expect organisations to be increasingly turning to encryption as a way to minimise the impact when a breach does happen, a trend that has been slow to date because of the costs associated. Perhaps the threat of users removing their personal data, and a greater understanding of its value to the business world will be the catalyst this needs.

Category: Security

series of padlocks on brick wall, data privacy related words on the rights side

Tim Wadey
January 28, 2018

Data Privacy on the spotlight!

Data Privacy Day may not be an official holiday for your IT department, but it definitely should remind you that you need to focus and do more to protect confidential data.

The Data Privacy Day was first introduced in 2009 by the Online Trust Alliance (OTA) in response to the increasing number of cybersecurity attacks and data privacy breaches, emphasising the need for effective data protection regulations and transparent processes for collecting and using personally identifiable information (PII).

Examples of PII that fall under data protection regulations are:
• Name;
• Social Security number, full and truncated;
• Driver’s license and other government identification numbers;
• Citizenship, legal status, gender, race/ethnicity;
• Birth date, place of birth;
• Biometrics;
• Home and personal cell telephone numbers;
• Personal email address, mailing and home address;
• Security clearance;
• Financial information, medical information, disability information;
• Law enforcement information, employment information, educational information

If one considers the sources that PII can be collected from and how many new are added on a daily basis – big data, the internet of things, wearable technology – it is easy to understand why data privacy has become increasingly challenging. And let’s not forget the ransomware attacks, which are the latest major data privacy challenge.

Despite the size of the recent ransomware attacks, the majority of organisations still don’t have structured processes in place to prepare themselves and keep confidential data safe. Although there are effective steps for protection against ransomware threats, their number has significantly increased and companies delay to announce in fear of negative publicity.

In order to stop such actions from happening and improve the current data privacy practices, the European Union is introducing the General Data Protection Regulation (GDPR) taking effect in May 2018. This is the biggest shake up of data protection laws in the last 20 years.

What is GDPR?

GDPR is the latest set of regulation law framework across the EU that aims to increase data privacy for individuals, and gives regulatory authorities greater power to take action against businesses that breach the new data privacy laws. GDPR also introduces rules relating to the free movement of personal data within and outside the EU.
In particular, GDPR involves:
• Obtaining consent for processing personal data must be clear and must seek an affirmative response.

• Data subjects have the right to be forgotten and erased from records.

• Users may request a copy of personal data in a profile format.

• Parental consent is required for the processing of personal data of children under the age of 16.

As a result, organisations need to be extremely aware of these changes as they can face very strict fines in the cases of non-compliance. Can your organisation afford to be fined up to £20 million for failing this data privacy regulation or 4% of annual global revenue, as required by the new General Data Protection Regulation?

 

24% are unaware of the incoming data protection legislation, while one in three companies believe that GDPR isn’t relevant to them.*

Get Started with a GDPR Readiness Assessment

In response to the fast approaching data protection regulation, Logicalis UK Advisory Services team have developed a GDPR Readiness Assessment that will allow us to help you understand and frame your thoughts on your journey to compliance.

The Logicalis GDPR Readiness Assessment will help you answer a key question – Where am I on my journey to data privacy compliance, today? By investigating elements of your organisational landscape, we will produce an ‘as is’ assessment, where we will be able to gauge where you are on a standardised maturity curve, considering all things around cybersecurity and data protection.

Get in touch with our Advisory Services to discuss how we can help you in your journey to GDPR Readiness.

 

 

*London Chamber of Commerce and Industry, https://www.londonchamber.co.uk/news/press-releases/one-in-four-london-businesses-unaware-of-new-data/ 

man working with servers, IT gear

Team Logicalis
January 18, 2018

In the previous blog post on Capacity Management, we explored why IT projects fail and what you can do to prevent it.  What is even more important is to understand why, when it comes to securing your business, product alone isn’t the answer.

 Ransomware, data breaches, insider threats, phishing scams… we’ve all seen the headlines. And, although these words, once reserved for IT departments, are becoming a part of everyday vocabulary, that doesn’t make them any less concerning. They have the power to derail your entire business- everything that you’ve built- within seconds.

Nowadays, cybercrime is big business, and you can guarantee that for every security solution churned out by vendors, someone, somewhere is creating a brand new malicious code to target other vulnerabilities you didn’t even know existed within your organisation. Add to that modern working habits, with more and more businesses needing to adopt cloud and IoT for day-to-day operations, to keep up with their competitors, but subsequently increasing the potential attack surface, and you soon see that organisations are under siege from all angles.

To state the obvious; cybersecurity is no longer optional.

And this is something that all CIOs are more than aware of. In fact, in our 2017 global CIO Survey, security was cited as the number one concern when it came to an increase in the use of cloud services, with 70% of respondents citing it as a challenge.

So the problem is common knowledge, but what’s the solution?

Well, if your automatic answer is ‘by investing in security products’, then you’re not alone. Many business leaders define ‘security strategy’ as lots of different solutions coming together to work as one protective shield. Each solution is built to defend against a single threat vector, so various email, cloud and web products all become separate pieces of a much larger security puzzle.

Given the sheer volume of security products readily available, it’s no surprise that this puzzle doesn’t come cheap and that certain pieces aren’t as effective as others. But, surely the more products you deploy- effective or otherwise- the more significant your overall security capabilities and the better the protection for your organisation. After all, it’s better to be safe, and slightly out of pocket, than sorry… right?

 It’s an easy trap to fall into.

In reality, a growing number of point solutions patched together is no longer an effective strategy. Instead, this method compounds complexity and creates the very vulnerabilities that it is meant to be mitigating against.

This is because security devices raise an alert for each threat that they detect- that’s how they work. And when you have multiple tools in place, each detecting multiple threats, the chances are that alerts will be going off almost constantly. This is fine; it shows that the solutions are working.

But, it’s unlikely that a single organisation will have the manpower needed to deal with each alert simultaneously. Instead, overwhelmed and underresourced IT teams will probably try to prioritise and as a result many of the alerts, and therefore threats, are ignored, making your organisation vulnerable.

So, when it comes to protecting your business, spending thousands and thousands of pounds worth of your budget on product alone is futile. It’s clear that the ‘best of breed approach’ has had its day, with an increasing number of organisations coming to the realisation that it’s not about how many solutions you have in place, it’s about how you’re using them.

 A problem shared is a problem halved

To simplify things, you can strip your security strategy back to three key areas that all need to be done well; threat insight, vulnerability management and managed endpoint security.

Then, you need to make sure that the solutions you have within these areas are being used correctly. The easiest way to do this, and to make the most out of your resources, is to undertake a collaborative approach.

Take the heat off your own IT team and share the security burden with a partner who can help you to plug the gaps with managed solutions like:

–       Managed SIEM/SIRM- A Security Incident Event Management service working in conjunction with a Security Incident Response Management service will provide optimal threat insights. It will solve the biggest and longest headache for your internal IT team- the one that began when you started installing security solutions… External engineering teams will analyse and, effectively, filter the never-ending stream of alerts so that, before they even reach your team, they are prioritised in terms of risk to your business and have clear actions on how to stop them in their tracks.

–       Patch management- By combining patch management services with existing vulnerability scanning in a single service you can achieve optimal vulnerability management. Believe it or not, this service will fill any gaps in your security wall automatically. This is because networks will be regularly scanned for vulnerabilities with any intel gathered then being rolled into a patching program. Obviously, this will significantly reduce the time between when a vulnerability is identified and when it is patched.

 –       Security device management- This incorporates all endpoint security, including antivirus solutions, firewalls and device control, as a single managed service. Delivered via software on laptops, desktops and servers, the service can also detect rogue devices attaching to the network and provide web filtering.

The bottom line is that cybersecurity is not about product. It’s about people, processes and technology working coherently to manage risk and protect your organisation. Often, working collaboratively with providers who can manage your security can be the better option. They will have the resourcing and the skillset to help you deal with any potential threats, while offering more peace of mind.

Today, a third of CIOs see security as the most prominent barrier towards digital transformation. Outsourcing can change that by granting your internal IT teams the gift of time… time that can be used to pursue other areas of your business’ IT strategy.

Talk to us to find out how we can help you.

 

Originally posted on CBR, 21 November 2017

 

Category: Security

Alastair Broom
December 13, 2017

Ransomware is a hot topic at the moment and the “attack du jour” for cybercriminals.   The code is easy to obtain and campaigns simple to execute thanks to the industrialised infrastructure that supports it.  The result – a rapidly growing market that is already estimated to be worth in excess of $1 billion.

Criminal gangs provide “ransomware as a service” with everything from code provision through to the monetisation of the attack making it easy to both execute and profit from.  Other types of cyber-attacks may involve complex, time-consuming or risky steps for the criminals but ransomware profits are immediate, usually via Bitcoin payment into the criminal’s wallet.

The traditional approach to cyber security has been to deploy more and more technology to protect against the evolving threat.  This has led to uncontrolled technology sprawl creating a security management nightmare.  Throwing more technology at the problem implies more resources to manage the estate and security resources are hard to come by.  According to research by the recruitment company

Despite the increased level of sophistication and frequency of ransomware attacks, by following the steps described below, organisations can significantly reduce their risk.

Step 1: Security Awareness Training

Although technology plays an important part, the majority of malware and ransomware attacks involve a user doing something they shouldn’t, such as clicking on a malicious web link, opening an email attachment or installing a new application.  Usually this is due to a lack of understanding of the security risks associated with such actions.  Phishing, a form of social engineering is a common technique used to get ransomware inside an organisation, effectively duping users into downloading malicious code or otherwise opening up the organisation’s network to cyber-attack.

Many organisations provide basic security training as part of company induction or as one-off exercises to address audit requirements.  However, security training should be a regular part of users’ development and regularly updated.   Training should be delivered at a pace and frequency that fits in with the employees’ work schedules with progress monitored and tested for effectiveness as part of the program.  Security awareness is a critical part of any organisation’s security program and is fundamental to several security frameworks such as the UK National Cyber Security Centre’s “10 Steps to Cyber Security” program

Step 2:  Vulnerability Management

Most malware infections, including ransomware, compromise our systems due to vulnerabilities in the operating systems and applications.  All too often, these vulnerabilities remain unpatched for months or even years allowing criminals to exploit the same flaws time and time again.

In 2015, of exploited vulnerabilities have had a patch for more than one year and it doesn’t look as though that’s changing.  In addition, IBM research shows that when new vulnerabilities are discovered, the average time taken for hackers to exploit them has decreased from 45 days ten years ago to 15 days today.

Effective vulnerability management is critical in ensuring that existing vulnerabilities are dealt with and new ones are patched quickly before they can be are exploited.

Step 3:  Web Protection

Almost all ransomware is delivered across the web.  Regardless of whether the initial infection is via email or a malicious/compromised web site, the malware will normally attempt to contact a remote server to download additional software such as exploit kits or encryption software.  Web security solutions can be used to detect this suspicious activity, preventing the dangerous malware payloads from being downloaded – even if the initial infection is successful.  Modern web security solutions make use of advanced threat intelligence to identify malicious domains and web servers and prevent the malware from receiving its instructions.

Step 4:  Endpoint Protection

Ransomware infection inevitably happens at the endpoint.  Typically, a laptop, PC or server will be compromised and used to propagate the malware throughout the network.  Traditional signature-base anti-malware solutions are largely ineffective against modern malware due to rapidly changing code and the time taken by security vendors to identify new malware variants and create and distribute signatures.  Behaviour-based endpoint protection is much more effective in dealing with modern malware as it will identify malicious behaviour such as file substitution and registry changes rather than looking for a specific malware fingerprint in an ever increasing signature database.

Step 5:  Security Analytics

Steps 1 to 4 above will provide an effective defence against ransomware and malware in general.  However, it is impractical to expect your systems never to be breached so it is imperative that you have visibility into the activity in your environment and the ability to identify breaches and react when they occur.  This visibility and identification is provided by a Security Incident & Event Management (SIEM) platform.  This software will ingest logs from your security infrastructure, servers, routers etc. and search for suspicious activity that could signal a breach.  SIEM provides a “single pane of glass” view into disparate technology overcoming many of the problems associated with the technology sprawl mentioned earlier and enabling security events to identified so they can be dealt with quickly.

Ransomware is a plague that threatens the availability of the data we rely on for our businesses to operate.  If successful, ransomware attacks can bring organisations to their knees and result in substantial financial loss in ransom payments, system restoration, clean-up and the growing impact of regulatory fines. Following these 5 steps will significantly reduce the risk of ransomware attacks.   Logicalis can help you with solutions to address each of these steps helping you navigate to a more secure environment.  For more details, please feel free to contact us.

Category: Security

Team Logicalis
November 21, 2017

Mark Rogers, CEO Logicalis Group, digs into the Logicalis Global CIO Survey 2017-2018 to pick out some of the major topics arising from the survey of 890 CIOs in 23 countries.

The big themes emerging from this years survey break CIO priorities down across three areas that could be mistaken for business as usual: Simplify, secure and engage. But, on the contrary, each has its part to play in a much loftier goal – digital transformation.

Indeed, the headline from the 2017-18 survey is this: CIOs say a massive infrastructure overhaul must be coupled with culture change if organisations are to unlock the benefits of digital transformation.

Digital ambition versus digital reality

That headline finding stems from CIOs’ assessment of their organisations’ digital footing.

The survey tells a story of real digital ambition amongst CIOs, but of limited progress in delivering digital transformation. To use tech adoption bell curve terminology, only 5% of respondents call their organisations digital innovators right now, while 49% characterise their organisations as part of an early majority.

That’s not a significant change on last years’ figures – and the reality is most CIOs see their organisations as partly digitally enabled at best.

Crucially, however, they contextualise those rather cautious views with a realistic and pragmatic assessment of the barriers to digital transformation – and it is their ambitious plans to overcome those barriers that give rise to the ‘simplify, secure, and engage’ triptych:

Simplify

For almost half (44%) of respondents to this year’s CIO survey, complex legacy technology is the chief barrier to digital transformation.

In simple terms, the job of maintaining and managing those complex environments – in the face of ever more draconian security threats, and business demand for ever more open architecture – is huge. So, legacy complexity doesn’t just slow down or prevent digital projects, it also prevents a refocus on higher level, strategy activity, like digital transformation.

That is clearly not lost on CIOs, who understand very well the urgent need to simplify existing systems – indeed, 51% said they planned to adapt or replace existing infrastructure as a means of accelerating digital transformation.

It’s not hard to envisage CIOs making greater use of cloud services and third party support as a means of both simplifying those systems and handing off some of the management burden associated with them.

Secure

It’s no great surprise to see security high on the CIO agenda given the nature of the cyber threat landscape – and no great surprise either to see ransomware top of the threat list for CIOs. Ransomware [http://cxounplugged.com/2017/01/what-is-ransomware-a-c-suite-quick-guide/] is the biggest threat according to 71% of CIOs surveyed.

More surprising though, is the fact that one in three CIOs admit security concerns have led to the curtailment or cancellation of IT projects – a fact that must surely amplify the impact of security issues on digital transformation.

With that in mind, it is small wonder that so many CIOs (31%) see increased security investment as crucial to digital transformation – and not just to weathering the next cyber threat storm.

I’m in little doubt that CIOs’ security focus will drive an increased demand for services like Cisco Umbrella [Link] as organisations adopt multi-layered security solutions capable of defending against an ever-evolving array of cyber threats.

Engage

Perhaps most interesting, CIOs see organisational culture as a key barrier to digital transformation. That is, legacy technology brings with it a legacy relationship between business and technology, a ‘separateness’ that is incompatible with a digital model that puts technology at the heart of every aspect of the business.

In response, CIOs want to engage with line of business (LOB) to drive culture change. They want to be the digital ambassadors who create a new relationship between business and technology, and who foster an environment in which digital transformation can thrive.

Analytics offers a case in point. Back in 2015, 63% of CIOs ranked analytics as ‘very important’ or ‘critical’ to driving business innovation.

Two years later the same barriers to delivering those benefits remain complex systems and siloed data, but so is business engagement – the lack of a clear brief from the business as to what is required from analytics is still an issue for 41% of CIOs.

Crucially, though, they are responding: 54% of CIOs are working with LOB colleagues to bottom out requirements and 38% are setting up working groups to unravel complexity.

Those plans to tackle analytics suggest that CIOs are successfully adapting to a changing environment for business IT, an issue we first highlighted in 2015. [http://cxounplugged.com/2015/01/power-shift-will-cios-respond/]. The big question is whether they will be successful in replicating the approach as they seek to unlock the benefits of wider digital transformation.

In my view, the CIOs that are successful in tackling these three big issues will be those looking outside for help. The majority still spend between 60% and 80% of their time on day to day IT management – an issue that, in itself, is a barrier to change.

That’s partly because so much IT remains in-house. Only 25% outsource 50% or more of their IT – a situation that must surely change quickly if CIOs are to free themselves from the everyday and be digital change makers, not change managers.

Read the full Logicalis Global CIO Survey 2017-2018 here.

Team Logicalis
September 8, 2017

Shadow IT is not a new concept, but certainly is a big issue for many organisations today. Companies of all sizes see a significant increase in the use of devices and/or services not within the organisation’s approved IT infrastructure.

A Global CIO Survey  found that IT leaders are under growing pressure from Shadow IT and are gradually losing the battle to retain the balance of power in IT decision-making. The threat from Shadow IT is forcing CIOs to re-align their IT strategy to better serve the needs of their line of business colleagues, and transforming IT to become the first choice for all IT service provision. However Shadow IT continues to apply pressure to many CIO’s and IT leaders who do not have clear visibility of the use of Shadow IT within their organisations and therefore cannot quantify the risks or opportunities.

So is Shadow IT a threat to your organisation or does it improve productivity and drive innovation?

Based on Gartner’s report, Shadow IT will account for a third of the cyber-attacks experienced by enterprises by the time we reach 2020. However, some customers have told us:

  • “Shadow IT is an opportunity for us to test devices or services before we go to IT for approval,”
  • Shadow IT allows us to be Agile and use services that IT don’t provide so we can work more effectively

One of the most important aspects of Shadow IT is of course the cost. What are the costs to the business from the hidden costs of a security breach, potential loss of data and for those with regulatory compliance requirements, the possibility of large fines and loss of reputation in their respective markets?

With an ever changing and expanding IT landscape and new regulations  such as the General Data Protection Regulation (GDPR) coming into effect in May 2018, managing and controlling data whilst ensuring complete data security should be top of the priority list. Therefore understanding the key challenges of Shadow IT is fundamental in order to manage it effectively.

Shadow IT – The Key Challenges:

    • Identifying the use of Shadow IT
      Arguably the biggest challenge with Shadow IT is visibility within the organisation. How can IT leaders see who is using or consuming what and for what purpose? If you can’t see or are aware of it, how can you manage it?
    • Costs of Shadow IT
      Controlling costs is impossible for Shadow IT spend if there is no visibility of what is being used. Not just the direct Shadow IT purchases present a challenge but the consequences of a security breach as a result of the use of Shadow IT in fines, reputation damage and future loss of business.
    • Securing the threat to your business
      One of the biggest areas of concern and quite rightly is the security threat to the business from the use of non-approved IT sources.  Not only does this have the potential to add to the organisation’s costs but also could result in the loss of data, again with the potential risk of considerable fines.
    • Managing Shadow IT without stifling innovation
      The wrong approach to managing Shadow IT, such as the “total lock down messaging”  can send signals to the organisation that IT are controlling, inflexible and  unwilling to listen with the possible result of driving Shadow IT under ground and in cases actually increase its use , thus increasing risks and costs.

Shadow IT is a complicated issue, but your response to it doesn’t have to be. Contact us to find out how we can help you manage Shadow IT, be forward thinking and fill the gaps within the current IT infrastructure.

Alastair Broom
August 9, 2017

It’s common knowledge that there is a global shortage of experienced IT security professionals, right across the spectrum of skills and specialities, and that this shortage is exacerbated by an ongoing lack of cyber security specialists emerging from education systems.

Governments are taking action to address this skills shortage, but it is nevertheless holding back advancement and exposing IT systems and Internet businesses to potential attacks.

Because of this, and despite the fear that other industries may have of Artificial Intelligence (AI) the information security industry should be embracing it and making the most of it. As the connectivity requirements of various different environments become ever more sophisticated, so the number of security information data sources is increasing rapidly, even as potential threats increase in number and complexity. Automation and AI offer powerful new ways of managing security in this brave new world.

At the moment, the focus in AI is on searching and correlating large amounts of information to identify potential threats based on data patterns or user behaviour analytics. These first generation AI-driven security solutions only go so far, though: security engineers are still needed, to validate the identification of threats and to activate remediation processes.

As these first generation solutions become more efficient and effective in detecting threats, they will become the first step towards moving security architectures into genuine auto-remediation.

To explore this, consider a firewall – it allows you to define access lists based on applications, ports or IP addresses. Working as part of a comprehensive security architecture, new AI-driven platforms will use similar access lists, based on a variety of complex and dynamic information sources. The use of such lists will under-gird your auto-remediation policy, which will integrate with other platforms to maintain consistency in the security posture defined.

As we move into this new era in security systems, in which everything comes down to gathering information that can be processed, with security in mind, by AI systems, we will see changes as services adapt to the new capabilities. Such changes will be seen first in Security Operations Centres (SOCs).

Today’s SOCs still rely heavily on security analysts reviewing reports to provide the level of service expected by customers. They will be one of the first environments to adopt AI systems, as they seek to add value to their services and operate as a seamless extension to digital businesses of all kinds.

SOCs are just one example, the security industry will get the most out of AI, but they need to start recognising that machines do best at what people do best. Any use of this technology will enable the creation of new tools and processes in the cybersecurity space that will protect new devices and networks from threats even before a human can classify that threat.

Artificial intelligence techniques such as unsupervised learning and continuous retraining can keep us ahead of the cyber criminals. However, we need to be aware that hackers will be also using these techniques, so here is where the creativity of the Good Guys can focus on thinking about what is coming next and let the machines do their job in learning and continuous protection.

Don’t miss out: to find out more, contact us – we’ll be delighted to help you with emerging technology and use it to your benefit.

Category: Security

Alastair Broom
May 16, 2017

What if I told you, that Ransomware, is on its way to becoming a $1 billion annual market ?

Eyebrows raised (or not), it is a matter of fact in 2017 that Ransomware is an extremely lucrative business, evolving in an alarming rate and becoming more sophisticated day by day.

But, the question remains, what is Ransomware?

Ransomware is a malicious software – a form of malware – that either disables a target system or encrypts a user’s files and holds them ‘hostage’ until a ransom is paid. This malware generally operates indiscriminately with the ability to target any operating system, within any organisation. Once the malware has gained a foothold in an organisation, it can spread quickly infecting other systems, even backup systems and therefore can effectively disable an entire organisation. Data is the lifeblood of many organisations and without access to this data, businesses can literally grind to a halt. Attackers demand that the user pay a fee (often in Bitcoins) to decrypt their files and get them back.

On a global scale, more than 40% of ransomware victims pay the ransom, although there is no guarantee that you will actually get your data back and copies of your data will now be in the attacker’s hands. In the UK, 45% of organisations reported that a severe data breach caused systems to be down on average for more than eight hours. This makes it apparent that the cost is not only the ransom itself, but also the significant resources required to restore the systems and data. What is even more alarming, is that in the UK the number of threats and alerts is significantly higher than other countries (Cisco 2017 Annual Cybersecurity Report). Outdated systems and equipment are partially to blame, coupled with the belief that line managers are not sufficiently engaged with security. Modern and sophisticated attacks like ransomware require user awareness, effective processes and cutting edge security systems to prevent them from taking your organisation hostage!

How can you protect your company?

As one of the latest threats in cybersecurity, a lot has been written and said around ransomware and potential ways of preventing it. A successful mitigation strategy involving people, process and technology is the best way to minimise the risk of an attack and its impact. Your security program should consider the approach before, during and after an attack takes place giving due consideration to protecting the organisation from attack, detecting Ransomware and other malware attacks and how the organisation should respond following an attack. Given that Ransomware can penetrate organisations in multiple ways, reducing the risk of an infection requires a holistic approach, rather than a single point solution.  It takes seconds to encrypt an entire hard disk and so IT security systems must provide the highest levels of protection, rapid detection and high containment and quarantine capability to limit damage. Paying the ransom should be viewed as an undesirable, unpredictable last resort and every organisation should therefore take effective measures to avoid this scenario.

Could your organisation be a target?

One would imagine that only large corporations would be at risk of a Ransomware attack, but this is far from the truth. Organisations of all industries and sizes report Ransomware attacks which lead to substantial financial loss, data exposure and potential brand damage. The reason is that all businesses rely on the availability of data, such as employee profiles, patents, customer lists, financial statements etc. to operate.  Imagine the impact of Ransomware attacks in police departments, city councils, schools or hospitals. Whether an organisation operates in the public or private sector, banking or healthcare, it must have an agile security system in place to reduce the risk of a Ransomware attack.

Where to start?

The first step to shield your company against Ransomware is to perform an audit of your current security posture and identify areas of exposure.  Do you have the systems and skills to identify an attack?  Do you have the processes and resources to respond effectively?  As Ransomware disguises itself and uses sophisticated hacking tactics to infiltrate your organisation’s network, it is important to constantly seek innovative ways to protect your data before any irreparable damage is done.

With our Security Consultancy, Managed Security Service offerings and threat-centric Security product portfolio, we are able to help our customers build the holistic security architecture needed in today’s threat landscape.

Contact us to discuss your cyber security needs and ensure you aren’t the next topic of a BBC news article.

 

Category: Security

Alastair Broom
March 10, 2017

As Logicalis’ Chief Security Technology Officer I’m often asked to comment on cyber security issues. Usually the request relates to specific areas such as ransomware or socially engineered attacks. In this article I’m taking a more holistic look at IT security.

Such a holistic approach to security is, generally, sorely lacking. This is a serious matter, with cyber criminals constantly looking for the weak links in organisations’ security, constantly testing the fence to find the easiest place to get through. So, let’s take a look at the state of enterprise IT security in early 2017, using the technology, processes and people model.

Technology

A brief, high-level look at the security market is all it takes to show that there are vast numbers of point products out there – ‘silver bullet’ solutions designed to take out specific threats. There is, however, little in terms of an ecosystem supporting a defence-in-depth architecture. Integration of and co-operation between the various disparate components is , although growing, typically weak or non-existent.

We’ve seen customers with more than 60 products deployed, from over 40 vendors, each intended to address a specific security issue. Having such a large number of products itself presents significant security challenges, though. All these products combined have their own vulnerability: support and manintenance. Managing them and keeping them updated generates significant workload, and any mistakes or unresolved issues can easily become new weak points in the organisation’s security.

The situation has been exacerbated by the rapidly increasing popularity of Cloud and Open Source software. Both trends make market entry significantly simpler, allowing new players to quickly and easily offer new solutions, targeting whichever threat happens to be making a big noise at the moment.

Just as poor integration between security products is an issue, so is lack of integration between the components on which they are built. Through weak coding or failure to make use of hardware security features – Intel’s hardware-level Software Guards Extensions (SGX) encryption technology is a good example – security holes are left open, waiting to be exploited.

The good news on the technology front is that we are seeing the early stages of the development of protocols, such as STIX, TAXII and CybOX, allowing different vendors’ products to interact and share standardised threat information. The big security vendors have been promoting the idea of threat information sharing and subsequent action for a while, but only within their own product ecosystems. It’s time for a broader playing field!

Processes

IT security is one of the most important issues facing today’s enterprise, yet, while any self-respecting board will feature directors with responsibility for sales, marketing, operations and finance, few enterprises have a board level CISO.

Similarly few organisations have a comprehensive and thoroughly considered security strategy in place, or proper security processes and policies suitable for today’s threat landscape and ICT usage patterns. A number of industry frameworks exist: ISO 27001, Cyber Essentials, NIST to name but a few; and yet very few organisations adopt these beyond the bare minimum to meet regulatory requirements.

Most organisations spend considerable sums on security technology, but without the right security strategy in place, and user behaviour in line with the right processes and policies, they remain at risk of serious breaches.

People

The hard truth is that some 60% of breaches are down to user error. Recent research obtiained through Freedom of Information requests found that 62% reported to the ICO are down to humans basically getting it wrong. People make poor password choices, use insecure public (and private!) WiFi, and use public Cloud storage and similar services without taking the necessary security precautions. They do not follow, or indeed even know, corporate data classification and usage policies. The list, of course, goes on.

Training has a part to play here, to increase users’ awareness of the importance of security, as well as the behaviours they need to adopt (and discard) to stay secure. However, there will come a point at which the law of diminishing returns kicks in: we all make mistakes – even the most careful, well trained of us.

We need to explore, discover and devise new ways in which technology can help, by removing the human element, where possible and desirable, and by limiting and swiftly rectifying the damage done when human error occurs. Furthermore, we need to leverage ever improving machine learning and artificial intelligence software to help augment human capability.

Enterprises need to work with specialists that can help them understand the nature of the threats they face, and the weak links in their defences that offer miscreants easy ways in. That means closely examining all aspects of their security from each of the technology, processes and people perspectives, to identify actual and potential weaknesses. Then robust, practical, fit-for-purpose security architectures and policies can be built.

For an outline of how this can work, take a look at Logicalis’ three-step methodology here or email us security@uk.logicalis.com to discuss your cyber security needs.

Category: Security

Fanni Vig
January 16, 2017

A friend of mine recently introduced me to the idea of the ‘runaway brain’ – a theory first published in 1993 outlining the uniqueness of human evolution. We take a look into how artificial intelligence is developing into something comparable to the human brain and the potential caveats that concern us as human-beings.

The theory considers how humans have created a complex culture by continually challenging their brains, leading to the development of more complex intellect throughout human evolution. A process which continues to occur, even up to today and will again tomorrow, and will no doubt for years to come. This is what theorists claim is driving human intelligence towards its ultimate best.

There are many ways in which we can define why ‘human intelligence’ is considered unique. In essence, it’s characterised by perception, consciousness, self-awareness, and desire.

It was by speaking to a friend that I considered with human intelligence alongside the emergence of artificial intelligence (AI), is it possible for the ‘runaway brain’ to reach a new milestone? After further research, I found some that say it already has.

They label it ‘runaway super intelligence‘.

Storage capacity of the human brain

Most neuroscientists estimate the human brains storage capacity to range between 10 and 100 terabytes, with some evaluations estimating closer to 2.5 petabytes. In fact, new research suggests the human brain could hold as much information as the entire internet.

As surprising as that sounds, it’s not necessarily impossible. It has long been said that the human brain can be like a sponge, absorbing as much information that we throw towards it. Of course we forget a large amount of that information, but take into consideration those with photographic memory or those who practice a combination of innate skills, learned tactics, mnemonic strategies or those who have an extraordinary knowledge base.

Why can machines still perform better?

Ponder this – if human brains have the capacity to store significant amounts of data, why do machines continue to outperform human decision making?

The human brain has a huge range – data analysis and pattern recognition alongside the ability to learn and retain information. A human needs only to glance before they recognise a car they’ve seen before, but AI may need to process hundreds or even thousands of samples before it’s able to come to a conclusion. Perhaps human premeditative assumption, if you will, to save time analysing finer details for an exact match, but conversely, while AI functions may be more complex and varied, the human brain is unable to process the same volume of data as a computer.

It’s this efficiency of data processing that calls on leading researchers to believe that indeed AI will dominate our lives in the coming decades and eventually lead to what we call the ‘technology singularity’.

Technology singularity

Technological singularity is defined by the hypothesis that through the invention of artificial super intelligence abruptly triggering runaway technological growth, which will result in unfathomable changes to human civilization.

According to this hypothesis, an upgradable intelligent agent, such as software-based artificial general intelligence, could enter a ‘runaway reaction’ cycle of self-learning and self-improvement, with each new and increasingly intelligent generation appearing more rapidly, causing an intelligence explosion resulting in a powerful super intelligence that would, qualitatively, far surpass human intelligence.

Ubiquitous AI

When it comes to our day-to-day lives, algorithms often save time and effort. Take online search tools, Internet shopping and smartphone apps using beacon technology to provide recommendations based upon our whereabouts.

Today, AI uses machine learning. Provide AI with an outcome-based scenario and, to put it simply, it will remember and learn. The computer is taught what to learn, how to learn, and how to make its own decisions.
What’s more fascinating, is how new AI’s are modeling the human mind using techniques similar to that of our own learning processes.

Do we need to be worried about the runaway artificial general intelligence?

If we to listen to the cautiously wise words of Stephen Hawking who said “success in creating AI would be the biggest event in human history”, before commenting “unfortunately, it might also be the last, unless we learn how to avoid the risks”.

The answer to whether we should be worried all depends on too many variables for a definitive answer. However, it is difficult not to argue that AI will play a growing part in our lives and businesses.

Rest assured: 4 things that will always remain human

It’s inevitable that one might raise the question is there anything that humans will always be better at?

  1. Unstructured problem solving. Solving problems in which the rules do not currently exist; such as creating a new web application.
  2. Acquiring and processing new information. Deciding what is relevant; like a reporter writing a story.
  3. Non-routine physical work. Performing complex tasks in a 3-dimentional space that requires a combination of skill #1 and skill #2 which is proving very difficult for computers to master. As a consequence this causes scientists like Frank Levy and Richard J. Murmane to say that we need to focus on preparing children for an “increased emphasis on conceptual understanding and problem-solving“.
  4. And last but not least – being human. Expressing empathy, making people feel good, taking care of others, being artistic and creative for the sake of creativity, expressing emotions and vulnerability in a relatable way, and making people laugh.

Are you safe?

We all know that computers/machines/robots will have an impact (positive and/or negative) on our lives in one way or another. The rather ominous elephant in the room here is whether or not your job can be done by a robot?

I am sure you will be glad to know there is an algorithm for it…
In a recent article by the BBC it is predicted that 35% of current jobs in the UK are at a ‘high risk’ of computerization in the coming 20 years (according to a study by Oxford University and Deloitte).

It remains, jobs that rely on empathy, creativity and social intelligence are considerably less at risk of being computerized. In comparison roles including retail assistants (37th), chartered accountants (21st) and legal secretaries (3rd) all rank among the top 50 jobs at risk.

Maybe not too late to pick up the night course on ‘Computer Science’…

Alastair Broom
December 15, 2016

Last week I read that you can now hijack nearly any drone mid-flight just by using a tiny gadget.

The gadget responds to the name of Icarus and it can hijack a variety of popular drones mid-flight, allowing attackers to lock the owner out and give them complete control over the device.

Besides Drones, the new gadget has the capability of fully hijacking a wide variety of radio-controlled devices, including helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx.

Although this is not the first device we have seen that can hijack drones, this is the first one giving the control Icarus works by exploiting DMSx protocol, granting attackers complete control over target drones that allows attackers to steer, accelerate, brake and even crash them.

The attack relies on the fact that DSMx protocol does not encrypt the ‘secret’ key that pairs a controller and the controlled device. So, it is possible for an attacker to steal this secret key by launching several brute-force attacks.

You can also watch the demonstration video to learn more about Icarus box.

There is no mitigation approach to this issue at the moment, other than wait for manufacturers affected to release patches and update their hardware embracing encryption mechanisms to secure the communication between controller and device.

Having seen this video and the potential impact of this hijacking technique, my first thought was about the threat for Amazon’s new service coming soon, which will allow drones to safely deliver packages to people’s homes in under 30 minutes.

This is just another example of how important is to define the right strategy around using encryption as part of the security in the digital era. Business data and the way we want to access this data from any device, anywhere and anytime just highlight the need of enhanced and clever security solutions.

There are different ways Logicalis can help our customers in the protection of data located in data centres and end points with the help of the ecosystem of partners like Cisco and Intel Security.

An interesting offering to mention is Logicalis Endpoint Encryption Managed Service. This service gives our customer’s devices and the data within them the level of protection that will give them peace of mind should a device be lost or stolen, and we Logicalis manage the service for them. This service is the market leader for data protection and it provides the highest levels of Confidentiality, Integrity and Availability. The service is part of the global strategy adopted by Logicalis Group across EMEA.

Category: Automation, Security

Alastair Broom
December 11, 2016

21 times in the past 12 months! According to the following BBC article, that’s how many times Bournemouth University has been hit by ransomware attacks (University hit 21 times in one year by ransomware – BBC News). 23 universities have suffered that same issue, 28 NHS trusts. And the problem continues in the Enterprise space. According to Kaspersky labs research, over 50,000 corporate PCs were infected with ransomware in 2015, a 100% year-on-year growth as compared to 2014. And that’s the data Kaspersky has access to. The FBI states that in Q2 of 2015, 4 million unique ransomware samples were detected, and that in 2016 over $1 billion will be paid out in ransomware attacks to retrieve data. I may be in the wrong job…

The thing is, ransomware in the past has been what I would term, a typically opportunistic attack. It was predominantly targeted at individuals, and would rely on relatively basic techniques, such as phishing scams or drive-by-downloads, to get the infection done. Attacks would range from scareware, to screenlockers, all the way to encryption attacks, and would demand a reasonably small sum from the victim to decrypt locked files (assuming you were lucky enough to get the files back at all). You would handover some Bitcoins, the currency hackers crave due to its global and anonymous nature, and hope the decryption key was handed over in return.

But that is no longer the case. Ransomware is now far better classed as an APT – Advanced Persistent Threat, and carries all the industrialized process behind it that we expect of corporate or sovereign government funded warfare. This is big business, and attackers are fully aware of the cost corporations are exposed to if they are unable to access that most precious of resources – their data. Attackers will spend huge effort researching their victim: footprinting, scanning, enumerating – and will then follow a very well thought out plan to realise their desired outcomes!

Not good news, but we can help! At Logicalis, we have been helping our clients prepare for and defend against ransomware and other APTs. Let’s specifically address ransomware.

We understand the key stages involved in a ransomware attack (infection, execution, backup spoliation, encryption, notification & clean up), and so can help advise you on the best lines of defence, and provide a number of services to make sure you are protected. The below list is a great place to start:

  • Reduce logged in user privileges so that they are unable to execute PowerShell and any other code not required.
  • Remove the command prompt from Citrix or logon profile sessions.
  • Use application whitelisting so that only authorised applications can run.
  • Prevent or disallow macro execution via group policy.
  • Investigate using where appropriate Microsoft EMET
  • Use a SIEM to monitor, for example, process injection
  • Ensure that there is a full backup of all the data and systems to be able to restore if and when required.
  • Use a software restriction policy in applocker (SRP)
  • Disable activeX in the browsers.
  • Install a personal firewall or use HIPS
  • Block binaries running from %APPDATA% and %TEMP% paths

With our Security consultancy, Managed Security Service offerings and threat-centric Security product portfolio, we are able to help our customers build the holistic security architecture needed in today’s threat landscape. When it comes to ransomware, our solutions in Anti-Virus, Endpoint Protection, Data Loss Protection, Advanced Malware Protection and Managed SIEM will ensure you aren’t the next topic of a BBC news article.

Category: Security

Alastair Broom
November 30, 2016

As you might have read back in November 2016, a huge Distributed Denial of Service (DDoS) attach against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet, causing a significant outage to a tonne of websites and services; including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

How did the attack happen? What was the cause behind the attack?

Although exact details of the attack remain vague, Dyn reported an army of hijacked internet-connected devices are thought to be responsible for the large-scale attack; similar to a method recently employed by hackers to carry out a record-breaking DDoS attack of over 1 Tbps against the French hosting provider OVH.

According to security intelligence firm Flashpoint, Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against Dyn. Mira is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of these compromised devices into a bonnet, which is then used to conduct DDoS attacks.

This type of attack is notable and concerning because it largely consists of unsecured IoT devices, which are growing exponentially with time. These devices are implemented in a way that they cannot easily be updated and thus are nearly impossible to secure.

Manufacturers majorly focus on performance and usability of IoT devices but ignore security measures and encryption mechanisms. Which is why they are routinely hacked and widely becoming part of DDoS botnets and used as weapons in cyber-attacks.

An online tracker of the Mirai botnet suggests there are more than 1.2 Million Mirai-infected devices on the Internet, with over 166,000 devices active right now.

IoT botnets like Mirai are growing rapidly, and there is no easy way to stop them.

According to officials having spoken to Reuters, the US Department of Homeland Security (DHS) and the FBI are both investigating the massive DDoS attacks hitting Dyn, but none of the agencies have yet speculated on who might be behind them.

At Logicalis UK, we have a threat centric approach. We can help customers protect their applications and environments against DDoS attacks with on-premise, cloud-based or hybrid deployments based on solutions through our partner F5.

F5 provides seamless, flexible, and easy-to-deploy solutions that enable a fast response, no matter what type of DDoS attack you’re under. Together, Logicalis and F5 can;

  • Deliver multi-layered DDoS defense from a single box with a fast-acting, dual-mode appliance that supports both out-of-band processing and inline mitigation, while enabling SSL inspection and guarding against layer 7 app attacks.
  • Stop attacks on your data centre immediately with an in-depth DDoS defense that integrates appliance and cloud services for immediate cloud off-loading.
  • Unique layer 7 application coverage defeats threats cloaked behind DDoS attacks without impacting legitimate traffic.
  • Activate comprehensive DDoS defense with less complexity and greater attack coverage than most solutions.

If you would like to find out more about Logicalis’ advanced security practice, please complete the form opposite. Our experts are primed and ready to support you.

If you would like to find out more about our security practice please do not hesitate to get in touch: jorge.aguilera@uk.logicalis.com

Alastair Broom
November 29, 2016

Last week we hosted a number of our customers (30 people from 18 different organisation in fact) to an event held at Sushisamba in London. From the 39th floor, overlooking most of London, I had the privilege of hosting some of our existing and potential clients for a discussion predicated by the upcoming General Data Protection Regulation (GDPR). Over an absolutely fantastic lunch, which thankfully included many tasty meat dishes – I’m no huge fan of raw fish – we talked about how organisations are going to have to rethink their strategy around data governance and security in the face of a very tough new law.

I just wanted to give you a few takeaways from the day, none of which are edible – I’m sorry…

The first of our guest speakers was Lesley Roe, Data Protection Officer from the IET. Lesley spoke about what the IET are doing to get ready for GDPR. They hold a vast amount of personal data, and given that they are advising their membership on all manner of related things, they need to lead by example. Key points from her presentation are:

  • GDPR is about giving people more control over their personal data. Every day we share an extraordinary amount of personal data with all manner of organisations, and this data is valuable. GDPR is about ensuring we retain the rights to that value. What it is processed for, how can process it, how its retained/deleted once its useful life has expired.
  • Everyone has a part to play and training of staff & staff awareness are paramount. This, however, is no mean feat.
  • The process of data governance, and the education of that process throughout the organisation, will be the only way to fully comply with the regulation. How do the IET classify old & new data? How do they manage the lifecycle of the data? How do they make sure they are only obtaining, using and retaining the data they need and have consent for?
  • None of this, however, is possible without first knowing what personal data is within your organisational context, and where it lives.
  • Much of the thinking around GDPR will be a huge shift in the mindset of organisations today. Companies just do not think about their data assets and their responsibility for that data in the spirit of the regulation at all.

Our next two speakers were from two of our technology partners, VMWare and Palo Alto Networks. Things to remember here:

  • Technology, without a doubt, has a part to play in ensuring compliance. The regulators are far more savvy to what the art of the possible is in the security market, and they will be expecting organisations to leverage technologies within reach of budgets and according to exposure to best mitigate any risks to rights of individuals.
  • The ability to prevent, detect and report on the nature and extent of any breaches will be very important. Technologies will be needed to prove that organisations can do this effectively and efficiently, especially in the face of stringent reporting requirements.
  • State of the art will really mean state of the art. Regulators will be assessing how organisations are using the best possible mix of technologies to minimise both exposure to risk, and impact of any breach if/when they should occur.

The last presentation was from Ed Charvet and his guest star Ian De Frietas. Ian is part of the alliance we have with legal experts BLP. The joint value proposition Ed and Ian spoke about is what I believe makes us entirely unique in this space:

  • The first step towards compliance is data discovery – what is personal data from the perspectives of both the GDPR and the organisations’ context? Where is the data? How is data currently classified? How is it processed? How are permissions obtained? This is delivered through a mix of manual and automated processes to help customers understand where they stand today.
  • But this process takes time. The regulation comes into law on the 28th May 2018, and as Ian made clear, the regulator is taking a “zero day” approach. This effectively means that if you’re not fully complaint on that day, you are non-compliant, and the regulator has ever power to come after you. With fines of up to 4% of global group revenues, or EUR20 million (whichever is the greater of course), this is a regulation with teeth – and with what seems like a very real political agenda. Watch out Facebook, Google, Amazon…
  • Being compliant with the likes of the DPA today, while impressive, would still mean on day zero you do not comply with the new law.
  • Key questions to ask are: do you have a legitimate interest to process the data? What exactly are you planning to do with it? These will need to be made very clear even before the gathering of data has begun.

What became clear throughout the day is that time is tight to reach compliance, and the ICO in the UK seem to be recruiting in earnest to gear up for real enforcement of the law. This feels like something that is going to change how data, and in particular the protection of personal rights and data, is valued and protected by the organisations that get the most benefit from it. What organisations need to do as a matter of urgency is find out what personal data they hold, and where they store it. They need to assess the current security infrastructures they have and find out what gaps existing that could pose a risk and ultimately a loss of personal data. They need to be putting the right people and procedures in place to comply with new and enhanced rights, tighter reporting deadlines, and they should be working out what Data Protection Impact Assessments need to look like for their organisation to satisfy regulatory requirements.

As a next step, please reach out to either myself, Ed Charvet, Alastair Broom or Jorge Aguilera to discuss how Logicalis can help our customers get ready for GDPR. From the data discovery workshop, to engaging with BLP in legal matters, and technology assessments powered by tools from the likes of VMware and Palo Alto Networks; we really can help customers on the road towards compliance.

Latest Tweets