The latest Cybersecurity news, tips and trends

Top 5 Cybersecurity Trends So Far This Year

Cybersecurity trends 2021

We are all too aware that the cybersecurity landscape is changing and will continue to change as the technology we use every day continues to adapt, develop, and alter our daily lives.

Put very simply, this trend is clear when you compare your 2010 Honda Civic to the latest release from Tesla; technology is embedded into every corner of our lives and it now even governs your driver safety.

Because of this, the drive to protect business and individuals from threat actors has never been more important. With an ever-shifting set of cybersecurity goalposts becomes the need to understand, adapt and overcome whatever threats may come your way.

As such in this article I am going to take you through five trends we are seeing when looking a cybersecurity and the defence of your IT infrastructure.

1. The Expanding Cyber-Attack Surface

According to cybersecurity ventures, the world will store 200 zettabytes of data by 2025. This data is coming from thousands upon thousands of different sources and a considerable amount of the data is now being driven by IOT and smart technologies.

As I mentioned in my introduction, think of all the data that every Tesla on the road today is generating, the pure volume of telemetry data, decisions, battery health and all the other statistics these mobile computers are generating is staggering. Now think about your smart home, with fridges that can be remotely controlled, lighting, cooling, heating and even garage doors that can triggered from anywhere across the globe, then add into the mix home security systems link Ring Doorbell. All of this sits outside the realm of what for many would have previously considered data that needed to be secured. However, it is easy to see how data like the time you leave your house, the speed you drive and direction you travel, could be of value to a threat actor and even worse could be data they leverage against you.

This however is just to the point, the fact that as businesses are having to daily adjust the scope of what is and is not part of the business attack surface, this leaves the threat actors room to move and the gaps they need to turn your secure system into Swiss cheese.

5 years ago, CCTV may or may not have been the responsibility of the IT department. Today, with digital cloud driven solutions, this firmly sits within a business IT attack surface and is a clear technological risk.

IT Hardware and software

Similarly, take the smart card reader that opens your office doors and your car parking barrier. This is a business attack surface which in the traditional IT model we would have simply been able to ignore. This is no longer the case. It sits on the list which will continue to grow of new areas where CISO, cyber security experts and IT teams in general need to protect.

This trend will of course continue. As IT professionals we must adjust our

security posture and consider how this effects the technologies we use to protect our data and our systems.

There is by no means a golden bullet but there are key markers for success in this area.

 

2. Ransomware as a Cyber Weapon of Choice

Ransomware has been around for almost two decades and has grown in popularity because it can more easily bring financial rewards to hackers. It is estimated that there are now 124 separate families of ransomware and hackers have become very adept at hiding malicious code.

The reason is that ransomware became a weapon of choice for hackers in the last 18 months was drive by the COVID-19 pandemic. This instantly altered a digital landscape that for many businesses had been slowly changing. In fact, most were stuck to the traditional walled garden of onsite infrastructure and controlled working environments. Now, with the transformation of so many companies and how we operate as a mostly digital, this creates more targets for extortion. According to a research, ransomware increased by 435% in 2020 as compared with 2019.

In 202, the estimated cost of ransomware was £14.5 billion – a rise from £8 billion in 2019 and £5 billion in 2018. That trend will continue to grow.

The likely impact for the near-term future is that there will be more ransomware attacks against institutions and corporations who are less cyber secure and cannot afford to have operations impeded. This includes health care, local governments, and educational institutions. For these sectors the need to adapt and overcome the finical challenges of protecting their businesses has never been more paramount.

 

3. Increase in adoption of cloud services

Cloud vulnerability continues to be one of the biggest cyber security industry trends. Again, the rapid and widespread adoption of remote working following the pandemic increased the necessity for cloud-based services and infrastructure drastically, with huge security implications for organisations. For many, these implications where not understood or ignored as the business threw themselves into a cloud strategy in sheer panic in 2020.

work from homeDon’t get me wrong, cloud services have become essential and offer a range of benefits – scalability, efficiency, and cost savings – but they are also a prime target for attackers.

Misconfigured cloud settings are a significant cause of data breaches and unauthorised access, insecure interfaces, and account hijacking. All of these are avoidable but for many businesses they simply don’t know the vulnerabilities are there. During our webinar series, I often talk about the shared responsibility model. It is key to keeping the door closed to attack but is greatly misunderstood or even ignored by a lot of businesses.

 

4. Social engineering attacks getting smarter

Social engineering attacks, like phishing, are by no means new threats but have become more troubling amid the widespread remote workforce of the last 18 months. Attackers target individuals connecting to their employer’s network from home because they make easier targets. The attack looks to exploit the weak link in most businesses’ security posture, the end user.

As well as traditional phishing attacks on employees, there has also been an uptick in whaling attacks targeting executive organisational leadership. This trend sees CEO, CFO and other business managers being impersonated to other employees or customers to gain financial details or gain credentials.

SMS phishing – sometimes known as ‘smishing’ – is also gaining prominence, thanks to the popularity of messaging apps such as WhatsApp, Slack, Skype, Signal, WeChat, and others. Attackers use these platforms to try to trick users into downloading malware onto their phones, which for many are now heavily linked to the corporate network be that via email or shared file access. For many businesses, MDM or MAM are technologies they still haven’t invested in.

Organisations are increasing their protection against phishing, but criminals are always looking for new ways to stay ahead. This includes sophisticated phishing kits which target victims differently depending on their location. To stay ahead of these trends, businesses need to ensure their staff understand and can act as the human firewall against these attacks – social engineering is not something that technology alone can protect your business from.

 

Managed IT support Oxford

5. The Future, Privacy-enhancing computation techniques.

To change pace slightly now and look less at the trends around attack vectors and how the threat actors are getting in and more around how the cyber security industry is helping us all fight back.

Privacy-enhancing computation (PEC) techniques are emerging that protect data while it’s being used — as opposed to while it’s at rest or in motion.

This marks a dramatic shift in the level of protection we can leverage onto data and how we can continue to work to lock out the threat actors from data at all stages of its life cycle. This technology will also enable secure data processing, sharing, cross-border transfers and analytics, even in untrusted environments.

This technology is rapidly transforming from academic research to real projects delivering real value, enabling new forms of computing, and sharing with reduced risk of data breaches.

I would expect to see these products in your security portfolio in the next 12 months.

 

With the landscape continuing to move beneath our feet daily, as IT professionals, we need to stay ahead of the trends and ensure that we are looking at what threats are just over the horizon.

No IT team can afford to rest on their laurels as the successes of yesterday will not protect you from the threats of tomorrow.

If any of this is of concern to you, whether you are an IT professional, a business leader or simply have cybersecurity fears, please reach out to me or one of my team and we will be more than happy to assess your situation. We are in this war together, and we can’t let the bad guys win!

email: architecture@planet-it.net

call: 01235 433900

or connect with me on LinkedIn: https://www.linkedin.com/in/delljames/

 

 

 

Windows 365 – Windows 11 Comes to your Browser!!

Cloud PC Windows 11

Microsoft has just announced a new “Cloud PC” product where users can stream windows devices from anywhere!

When COVID-19 hit, many people in offices were forced to start working from home. Because of this, Microsoft sped up into the development of Windows 365 so people, wherever and whenever, can work more collaboratively.

Windows 365 will work similarly to what we know as game streaming. The computer will be hosted in a data centre, somewhere remotely, and then streamed to local technology.

This means all sorts of devices from anywhere, ranging from family computers in your home to monitors in the office, that runs Windows desktop can leverage Windows 365 and then you can close the session knowing that your data is safe, secure and saved.

Security Is Key

It is way more secure than working on a local PC, as your local PC is most likely full of personal applications, data and untrustworthy applications, which may go against your business practices. Windows 365 then solves multiple problems such as keeping Word documents and important PDFs where they belong, in business cloud storage, and not at risk of exploitation.

Additionally, Windows 365 will have ultra-fast connections to Azure and Office 365 data, which is very useful when it comes to handling data and finding sufficient ways of sharing workload amongst peers.

Microsoft is marketing it as the new way of using a PC, they want to find a way of demonstrating and solving the difficulties of working from home, so as they state, it is a “hybrid Windows for a hybrid world”.

 

So when do we get to see it, and how does it work?

The software will launch in August for business customers of all sizes however under the technical covers of it all, it is built on Azure Virtual Desktop and managed through Microsoft Endpoint Manager (MEM), Microsoft’s cloud-hosted device and application management solution and for those without MEM, tools are directly integrated into the Cloud PC portal. A MEM licence is therefore not essential.

Windows will also use multi-factor authentication capabilities and admins can apply security policies using MEM if needed. Furthermore, Microsoft has designed a custom “security baseline” meaning a set of policies can be applied to Windows 365 as a simple baseline, however, you can modify this to fit your criteria.

There are even plans in the future for an offline mode, though this will not be included in the initial release. When that happens, they would then be supporting an offline mode where the whole virtualisation environment can run locally and be isolated from your local operating system. When your connection gets restored then that workload will automatically move back up into the cloud. In the complex cybersecurity environment we have seen, businesses need a solution that helps their employees collaborate, share and create while also keeping their data secure.

If you want further information about Windows 365 and how this could change your business practices, then please feel free to reach out and get in contact using the details below

Call 01235 433900 or Email : architecture@planet-it.net

 

Harriet Besford

This article was written by 17 year old Harriet Besford, a Didcot Sixth Form student who joined us at Planet IT for a week’s work experience. Harriet has a keen interest in Cyber Security with plans to study it at University. I think from reading this article, you will agree that she has a strong future in this field!

 

It’s Time Your Business Adopted UEM, And This Is Why!

UEM Endpoint Device Management

The way in which we manage our workforces’ devices is changing. Gone are the days of large, overly complicated on-premise management solutions like Quest (Dell) KACE and Microsoft System Centre. With the continued drive of remote working, flexibility and ultimately employee separation our management tools need to change, now.

Luckily, Microsoft where ready for this move to remote management. They and have spent a long time and A LOT of investment in turning the 2011 product of Microsoft Intune into the 2021 product, which is now known as Microsoft Endpoint Manager, a now formidable UEM (Unified Endpoint Management) tool.

Evolution – just in the nick of time

The original Intune product was designed to answer the question of the time: How to we provide some form of management to the changing device landscape? With the launch of new form factors, and splitting operating systems at the time, this EMM (Endpoint Mobility Management) tool focused on delivering the same basic functional control across the spectrum of devices it supported.

Microsoft is not a company to miss a shift in the market. They released that as we moved into the late 2010’s and into 2020’s that business no longer wanted two products, one to manage devices onsite and one to manage them in the cloud. With this they began the process of taking the features from Microsoft’s System Centre Configuration Manager and merging them with the EMM tool, Microsoft Intune.

This process happened just in time to be ready for the world shifting events of Early 2020. The now mature product from Microsoft gave the best of Config Manager, Intune’s EMM and the fringe features of MDM and MAM that the suite had been dabbling with.

intune device management

So, the question then becomes, why are you not using it?

For nearly all business in 2021 Microsoft Endpoint Manager can play a huge part in ensuring:

1. All your devices controlled,

2. Windows is up to date,

3. patches and software are being deployed and managed.

This on its own takes away 3 key functions you may have existing systems in place to support. However, the largest success for Microsoft Endpoint Manager comes in the form of flexibility. Your users don’t need to be on your VPN, in your network or even in your country to get software updates or even new packages.

This is only then strengthened when we look at the white glove, of out of box experience which can be leveraged with Autopilot.

UEM Device managementImagine you never had to build a laptop again!!

Wouldn’t that just be great? Not only that, but imagine that if a device needed to be moved from user to user. Then you could remotely reset and deploy a fresh version of the operating system and all applications to the device, join it to the domain and have it ready to be reused.

Well with Endpoint Manager and Autopilot you can do just that! The core logic behind the approach is that you don’t need to touch a device to get it ready to use.

Now this can either be directly from the factory or on a previously managed device. This will reduce the time to resolution on support issues and ultimately free up you and your team to work on project that are more important.

With this process, gone are the days of creating a gold image having to run sysprep and then trying to configure the Out of Box Experience with an answer file. Microsoft has simplified this down to a steps-based process. This uses the latest image from Microsoft alongside an answer file based on the Microsoft Endpoint Manager interface, not on a text file. This combined gives you a great position to show business improvements from a system implementation.

Where can YOU make improvements?

The biggest question to ask yourself is where could you optimise your;

  • device management,
  • system imaging,
  • software deployments,
  • application installations and updates,
  • operating system updates
  • and device provisioning?

If the answer is that any of these could be improved, then Microsoft Endpoint Manager is the platform you need to be looking into.

These are just some examples of what Microsoft Endpoint Manager can do. I would be remised to say that the above is a fair representation of all that the suite has to offer. The product is massively impressive and continues to develop and grow as Microsoft as a company moves away from the legacy of its on premise-based solutions to a truly cloud driven SaaS approach.

I know taking this step might seem like a leap in certain circumstances. However, I am always available to discuss how you can leverage better device management for your business. As are the rest of the Technical Architecture team at Planet IT

Please feel free to reach out using the contact details below:

Contact me at – LinkedIn Message James Dell or Email : james.dell@planet-it.net

Call 01235 433900 or Email : architecture@planet-it.net

Windows 11. Huge Steps Forward, But The Death Of Many Devices

windows 11

Microsoft have announced Windows 11!

For now, we can ignore the fact that Microsoft promised that Windows 10 was the last Windows version…. and all the other misleading info around this new version even existing. Windows 11 is here, and it has LOTS of improvements and design changes.

However, this article is not to talk about those. As Windows users, we all know that the move from OS to OS can be hard. Businesses struggle to get the user base, applications and configuration from your current version of Windows to a new one. It can be a mammoth task!

You won’t have a choice to keep Windows 10

That said we know Microsoft will ultimately force your hand. In 2025 Windows 10 will lose support and join XP and 7 in the list of operating systems people continue to use even though they are not supported or safe.

The big change with Windows 11 is that a number of hardware items that were previously supported with Windows 10 will no longer be supported. This is what drove me to write this article. It means many businesses will need to replace a lot of machines. So, I wanted to highlight the devices you may have that are now on a limited life span, a ticking clock as it were, to the end of support.

The official Windows 11 requirements:

  • Two Process cores of 1Ghz or higher
  • 4GB of RAM
  • 64GB of Storage
  • TPM 1.2 or higher with Secure Boot Capabilities

Windows 11 devices

What this therefore means, is that Intel’s i3, i5 and i7 processors from the 6th and 7th get are not eligible to update to Windows 11. While on the AMD side all A and Fx Series processors are not supported. Ryzen 1000 and 2000 chips will also not support Windows 11.

Now this is a big change as Microsoft. In the past they have done their best to only remove a small number of devices from support. This was truefor upgrades to Windows 8, 8.1 and 10 all supporting the same devices which could run Windows 7.

What does that mean for my IT estate?

Audit now! You need to understand which devices you have that won’t be supported on Windows 11 and they need to enter a hardware refresh plan in the next 3 years. By 2025, these devices must be replaced.

For many this won’t be an issue. But for some education and small businesses, this is going to be a large finical burden. These changes can also hit companies using custom built PC’s which use hardware which may be from cross generations. There’s a chance these will not support the Windows 11 software.

If you are struggling to understand which devices will and won’t accept Windows 11, there is a tool from Microsoft which will tell you in your device is eligible to run the Windows 11 which you can get here: https://aka.ms/GetPCHealthCheckApp

If you would like to discuss with myself or any of the Technical Architecture team at Planet IT about how you can get ready for Windows 11 you can reach us usin:

LinkedIN: James Dell

Or email james.dell@planet-it.net

install windows 11

Internet Explorer is Dead – What you need to do now

Internet explorer

Internet explorer is finally coming to the end of its long slow walk to its grave. As of the 15th of June 2022, all devices not running an LTSC or Long Terms Servicing Channel version of Windows 10 or Windows Server will lose the application as part of the 15th of June update.

However, this is much larger than many would initially perceive. Many custom-built or 3rd Party applications use the IE framework to deliver content and allow users to interact with their platforms. The removal of internet explorer, which long advertised and overdue, will affect many businesses adversely.

To make your life a little easier there are actions you can complete now to engage the Microsoft Edge support for many of these legacy programs, and to make life easier, you can follow the steps on page 5 and 6 of this document, from Microsoft that will help you make your business Microsoft Edge ready.

Does It Matter?

For many of you, this won’t be an issue, but remember now is the time to be testing this; if you have any application that opens on IE11 session by default on Windows 10 or Windows Server, you need to ensure it runs in Microsoft Edge before the 15th or move the server/ desktop to the long-term servicing channel if you cannot support the application.

As a side note, it is worth noting that Office 365 and all Microsoft services will not support Internet Explorer from the 17th of August in any form, so while you can use IE on LSTC to support custom applications, you will struggle to use the product for anything outside of these products and Microsoft. Many other vendors are moving fast to drop Internet Explorer from their supported browsers lists.

If you have 3rd party applications which rely on Internet Explorer, now is the time to be reaching out to my team at Planet IT to start looking at how you move away as not only is this issue going to become worse but with no updated Internet Explorer is likely to be a source for vulnerabilities we see when scanning people’s networks.

If you want to talk to one of our team about how we can help you move away from Internet Explorer and associated 3rd party applications. Then please call 01235 433900 or you can email architecture@planet-it.net or if you would like to speak to me directly, you can reach out to me via DM or at james.dell@planet-it.net.

IE death

 

Education in Focus: Biggest IT Refresh Year Ever

Education IT

There comes a point in the academic year where exams ramp up, teachers, lectures and support staff are focused on getting student’s through their end of year exams and keeping the momentum up until the summer break.

Meanwhile in the cool dark of the server room, the IT Support teams across all academic settings are preparing for the calm before the storm.

This year, while we may not be seeing exams like we previously would, the IT Teams in our educational establishments are preparing for their busiest summer refreshes ever. The woes of 2020 are behind us and the shift to classroom learning returning for 2021/22, the push is on to make the infrastructure improvements that were put off during COVID.

Saying all that, budgets are likely to also be tighter than ever. So how can IT teams get the absolute most out of their IT projects?

To help we have put together 5 top tips for smashing your summer projects in 2021

Plan Early

When it comes to any form of IT project the further ahead you are planning the better chance of success you have, so start early!

Engage vendors and technology partners. Test the market and understand your options. If you are looking 6 months ahead of where you need to be, then when do you have to make the choice on the technology or the vendors you are going to use? Be armed with all the information you need so you can overcome the challenges the project throws at you.

School ITHave a contingency plan

As you begin to plan your project, look at the what if’s…

For example, if you are replacing a server infrastructure, what happens if the new servers fail? Or before you have moved the data, if the old servers fail, do you have a backup? Have you tested it?

By implementing a rock-solid contingency plan you are positioning yourselves in such a way that you can overcome whatever challenges come your way.

Choose a partner you can trust

Remember you are not in this alone.

Whatever the chosen project you are undertaking there are partners who will help you achieve the goals of your organisation. However not all partners are equal. Not all partners have the same approach.

Find a partner who has the certifications and accreditations with the vendors you want to work with, i.e Dell Gold Partner or Microsoft Gold Partner with certified engineers. Don’t settle for “the local firm” as 9 times out of 10 they will get out of their depth very quickly. They’ll can end up making the challenges of delivering IT in education much worse.

So, pick a partner you can trust, and you know when you’re up against it, will have your back!

Only choose best of breed technology and don’t settle for last generation.

Lots of companies see education as an opportunity to move stock which the corporate world no longer wants – for example, servers which are now end of sale or software which has been pushed into its last few operational years.

You should never settle for anything other than the best in breed technology for your establishment. If budgets constrain that, reduce the scope of the project or limit the technology used. Don’t settle for old, refurbished or reconditioned equipment just to hit a financial goal. In the long term, you will pay the price when the equipment cannot be serviced and needs replacing before the business has got the full value from the solution.

Maximise gains using operations leasing

When making purchases in education, you have a great opportunity to access low cost or even free finance offerings for all of your large purchases. So, leverage these deals to extend your budget.

Limit the capex spend and get the best solution you can and prevent the project delays of stretching upgrades over 2-3 years which really need to be done today.

Using these top tips, your organisations should be able to avoid the pitfalls of so many education providers in the past and make sure you take step in the right direction when making your upgrade this summer.

Just remember you are not alone. At Planet IT we have a team of specialists who can not only support you with the decision making and selection of new equipment, but can support with the role out, implementations and upgrades to your systems.

If you want to talk to one of our educational team about how we can help you with your summer projects then please call 01235 433900 or you can email architecture@planet-it.net or if you would like to speak to me directly you can reach out to me via DM or at james.dell@planet-it.net.

 

What is Conditional Access, and why is it an essential part of your security posture?

Conditional Access

By now, you should be aware that the modern digital landscape is full of threat actors. That are always looking for any opportunity to find a weakness in a business’s security posture and then leverage this to gain unauthorised access to data for malicious reasons.

To protect against these attacks, we often look at antivirus and anti-ransomware technology and products like MFA or Two-factor authentication. The truth is that MFA is part of much larger protection that can be afforded a system through an approach known as Conditional Access.

How does Conditional Access work?

Conditional Access (CA) is the process of defining entry vectors and criteria; in its most simplistic form, consider CA to be a door that only opens if you are wearing the right clothes, have arrived in the right vehicle, and are holding your ID. In real terms, CA allows a business to define controls around what can be accessed by who, from where and under what circumstances.

I feel that conditional access is an underutilised part of any defence arsenal. This is partly due to a lack of understanding in the IT community about the technology and a misconception about its limitations. These beliefs and options come from a legacy of Software as a Service (SaaS) and on-premises infrastructure being integrated minimally, however with modern SaaS, IaaS, PaaS and on-prem working in a heavily integrated way. Conditional Access allows you to take advantage of the proper protection that can be afforded a system without comprise.

Is it widely used?

All the major SaaS, IaaS and PaaS vendors support conditional access, and an optimum way to deploy the technology is as such.

  • Limit access to login to Geo Locations that are trusted and used by the business
  • Allow internal networks or trusted networks to have fast passed authentication
  • Only allow data access from trusted and complaint enrolled devices
  • Require MFA in any location that is not inside a trusted network
  • Remove support for legacy authentication methods
  • Deploy true Single Sign-on across all platforms and devices
  • Limit access to the data and services a user needs based on the roles of that user
  • Only allow devices that have Antivirus and Anti-ransomware installed and up to date
  • Only enable devices that have the latest operating system updates
  • Integrate all systems into a single platform, use Conditional Access and MFA to protect the whole network, not just cloud services.

By undertaking this approach, you can reduce the attached surface of your infrastructure and protect data while not limiting your staff’s functionality by placing unwanted security barriers in place.

The diagram below shows how the conditional access approach works.

Conditional Access Explained

Conditional Access

Do you think your business could benefit from the technologies of conditional access? Do you want to know more? Then please reach out to a member of the Architecture team at Planet IT via architecture@planet-it.net or call 01235 433900, and we can talk to you about the options available that work with your more comprehensive technologies.

4 Steps to the Perfect Backup Plan

World Backup Day

Today is World Backup Day, for many it’s a day to be celebrated, but for just as many, it’s a stark reminder of the dark omen that is an uncertain backup environment or plan.

We all know the basics of backup right? The things we all want to achieve

  • Retention
  • Redundancy
  • Recovery

I could happily go on for far longer than any of you would care to read on each of these topics!

Today however, I want to talk about the practical elements of making sure your backups and overall disaster recovery plan are the best they can be. Starting with some basic questions.

  • Are you backing up your whole environment?
  • Are you running your backups daily?
  • Are your backups retained for the right amount of time?
  • Do you take backups off-site?
  • Are your backup sets fully automated?
  • Are your backup jobs encrypted?
  • If you have cloud resources (Microsoft 365, Azure, AWS) are these backed up?
Back up servers

In an ideal world, you would want each of the above to be a confident and resounding YES! However, this is not always the case – we often hear the ill-fated “I don’t know”.

So, what can we do to be certain on the above and confidently rest knowing our backups will be there for us should the worst occur?

Step 1 – Check the List 

Firstly, I would start by checking your infrastructure or approach your IT Team to get the answers to the above questions. Understand that if the answer to any of them is no, in this first step, it’s less important to know why, just to understand the position you are currently in. Once you’ve established that, let’s move on to step 2.

Step 2 – Check the Kit 

Once you have a firm understanding of your overall backup integrity, it’s time to push past the smoke and mirrors and figure out exactly what you are working with. Check your storage, check your software and make sure it isn’t letting you down. There are so many options available in today’s market, but a quick search of your products and the competition should help you understand if you need to make any changes.

Step 3 – Make your Plan

At this point, you’re either happily relishing in confidence… or you’re not.

If you’re not… bear with me, I promise, we’ve just ripped off the worst of the band-aids and from here… the only way is up. When making your plan, it’s important to work out what you need first, what you want second and then figure out the cost implications (if any) your business will need to work towards. Everyone loves a good deal (or better, a free deal!) but sometimes investment is required to ensure you have the right infrastructure for your plan. When making your plan, make sure you are referencing the list from Step 1 and work out the following:

  • How long do I want to keep my backups?
  • What is my off-site storage plan?
  • Do I have Cloud Resources that need to be backed up?
  • How efficient do I want my backups to be?
  • How long can I afford to be offline in the event of a disaster?
  • How much data can I afford to lose in the event of a disaster?

The answers to these questions will help you to understand how much storage you need, whether you need a cloud or second-site storage plan, if you need high performance equipment and your Recovery Point/Time Objectives. Know that even if the plan is loose, it’s more than you had at Step 1 and it will help you enormously when collaborating with your teams, suppliers and peers to achieve the best outcome.

disaster recovery plan

Step 4 – Reach Out 

At this point, we’ve gone from scratching our heads, to having a clear understanding of the potential issues, a goal to aim for and a plan to get there. Now it’s time to reach out.

Speak to your team and your suppliers and get them on board with your plan. From this point forward, you’re taking control of your backup & disaster recovery plan. You’ve worked out what you want to achieve and you’re making it happen. That, or you were happy from Step 1 – either way, grab a coffee and your favourite lockdown biscuit, you’ve earned it!

Remember, if you ever have any questions, just ask. I, or one of the team here at Planet IT, are always happy to be used as a sounding board and can offer our expertise for your specific situation.

Feel free to reach out to me via LinkedIn or email me at michael.davey@planet-it.net.

HAFNIUM and Exchange Vulnerabilities – What To Do Now…

Hafnium Attack

There has been lots of noise in the press and on social media about the HAFNIUM threat actors and the current vulnerability that has been detected in all current versions of Exchange on premise.

If you haven’t read up on the attack and the risks you can do so here;

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2021-patch-tuesday-fixes-82-flaws-2-zero-days/

https://www.kaspersky.co.uk/blog/exchange-vulnerabilities/22385/

https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/

These articles have been leaving a lot of IT managers and CTO running around looking for solutions. They need a way to quickly patch up the servers and cover over a hole that has been there since at least last November, when as far as the first reported case of an attack using this vulnerability. However, what do you need to be doing next?

We all know that Microsoft issued patches on a non-standard update to Windows or a (out-of-band) update. For those out of the know, this means this Hafnium vulnerability is bad! Microsoft rarely break their patch cycle but when they do as with the SMB vulnerabilities with WannaCry. When they do it means you need to be act fast.

By the time these latest OoB updates where released, Microsoft made it clear that these attacks where already happening, which means for some of you who are readying this article thinking you are safe because you ran the patch, you may not be.

The four most dangerous vulnerabilities already being exploited allow attacks to pull off a three stage attack on compromised systems.

The attack chain is simple;
  1. First, access a compromised Exchange server (one missing the patch) this can even be an Exchange Management point for Office 365, it doesn’t need to be a full running system.
  2. Then they create a Web shell for remote server access
  3. They then use this to harvest data from the network and systems associated with this Exchange server, essential using it like an open front door.

So how do you protect against the Hafnium threat?

This is where you need to be looking at having a product in place as your antivirus/antimalware which uses EDR or XDR technology and has up to date behaviour and exploit prevention and detection.

Watch out for the following detections

  • Exploit.Win32.CVE-2021-26857.gen
  • HEUR:Exploit.Win32.CVE-2021-26857.a
  • HEUR:Trojan.ASP.Webshell.gen
  • HEUR:Backdoor.ASP.WebShell.gen
  • UDS:DangerousObject.Multi.Generic

So what should you do next?

As Microsoft has already released an update to fix all these vulnerabilities, we strongly recommend updating Exchange Servers as soon as possible, Microsoft have even gone as far as releasing a quick install roll up which should work for most Exchange servers. For more complex deployments like DAG’s, then Planet IT can support you with this process.

You then need to focus on your defence strategy on detection lateral movements and data exfiltration to the internet. For this we recommend that you pay special attention to outgoing traffic to detect cybercriminal connections.

As always you should ensure that you are backing-up regularly and make sure you can quickly access it in an emergency, if you have questions on this then Michael Davey – Michael.Davey@planet-it.net and his Back Up Services team will be more than happy to help.

Make sure you have an Endpoint Detection and Response product in place. If you don’t reach out to your Planet IT account manager who can provide you with details of what is available and works with your security landscape.

Finally make sure you are using a reliable endpoint security solution such as Kaspersky or Sophos that has included in it Exploit Prevention, Behaviour Detection, a Remediation engine. It would also be beneficial to ensure that your product has a Vulnerability and Patch Management capabilities.

If you would like to discuss with myself or any of the cyber security team at Planet IT about how you can better protect you business, should that be with new technology, strategies or even better back ups you can reach us using the contact details below;

Contact me at – LinkedIn Message James Dell or Email : james.dell@planet-it.net

Call 01235 433900 or Email : enquires@planet-it.net

Education in Focus: Cyber Attacks on the rise while protection remains behind other industries

Education Cyber Attack

2020 was far from an easy year for the education sector, with the strains of COVID-19, the forced move to remote learning and the constant moving goals of exams, assessments and certifications looming over the industry. IT improvements and IT budgets were shifted from infrastructure and enhancements to purchasing laptops and enabling learning over video. These changes have had a dramatic impact on all educational organisations. Unfortunately, we are starting to see the repercussions of this, with several educational organisations being hit by cyber-attacks.

Another Attack

This week we have seen the latest attack on the University of Northampton, this is unfortunately just another in a long line of victims of the last few years.

As many of you who have read my articles are aware, I have a long history in the education sector, working across schools, academies, and colleges. From this, I have a very first-hand experience of how budgeting works in education. I know its effect on the choices that we make when it comes to selecting solutions and ultimately protecting educational establishments.

When I read stories like the one about the University of Northampton, it churns my stomach. This is because I know that the ladies and gentlemen who work in the IT teams of these organisations will have been doing everything they could to protect the system. However, they are always constrained by the limits they have finically and with their current technology stack. Having personally experienced several attacks first-hand, the IT Team usually takes the brunt of the fallout from these events. In truth, it’s business management and senior management, who’s lack of understanding, allows these incidents to happen.

university cyber security

The real-world cost of an attack

When these kinds of cyber attacks in education occur, we all see the headlines and the public outcry about the fact these threat actors get into and disrupt educational organisations. What is very rarely discussed is the organisation’s cost.

The cost itself is not just that of recovering from the breach. Depending on what equipment has been affected and what can be recovered, the cost anywhere from £10,000 to £500,000!

However, on top of this, you have to add the cost of staff not working. The organisation not being able to deliver teaching and learning can easily cost an organisation over £50,000 a week.

We then have to consider the cost of the damage to the organisation’s reputation and any fines that may come in from the ICO if data has been lost. These costs can total into millions.

The worst part of all of this is that insurance will not always cover these costs if you have the wrong cover type. In a real-world example, we are aware of a case where an educational organisation had a total cost of an outbreak at £2.5 Million, this figure should be enough to make your senior management sit up and pay attention.

Where to start…

The question then is, how do we get our educational sector partners to a position where they can protect their data, deliver teaching and learning and ultimately avoid cyber attacks in education?

The answer is about prioritising spending and focusing on ensuring that a security landscape is in place that covers all bases and protects against all foreseeable attack vectors. We start this with solid anti-virus and anti-ransomware technology. Endpoint protection must be paired with a robust Endpoint Detection and Response product (EDR) or an Extended Detection and Response product (XDR). These technologies will give you a strong endpoint protection roster.

Then layered on top of this, you need to look at device encryption, which must be centrally managed. Then, on top of that, we need to pivot and look at the ingress points on your network, this being your email and your firewall. Both should be robust next-generation products that use both Unified threat management and a traditional stateful firewall approach.

school cyber security

And then there’s the human element

When we have tackled the technical delivery needed to secure the network, we need to look at your staff and the human firewall element of protection. From this regard, we should be looking at Phishing training, security awareness and data protection training.

When you have all these pieces in line and configured to best practice, then there is a good chance that you will mitigate most risks towards your organisation. Now, that doesn’t mean your senior management can wash their hands of cybersecurity. Proper cybersecurity protection is reviewed and maintained regularly, and this also means patching all your other IT systems; it’s a busy and full-on task to undertake. However, if you do it correctly, it’s advantageous knowing that you are keeping your learners, staff and visitors safe and protecting against the effects of a cyber-attack on the business, individuals and the wider community

If you would like to have a conversation about how we can review your security landscape and work with you to build a robust cybersecurity landscape for your organisation, then CLICK HERE to book a meeting with me, or you can email me at james.dell@planet-it.net and together we can work to align your organisation against the current and future risks.

Looking for a technology partner?
Let’s talk