The latest Cybersecurity news, tips and trends

Integrating Generative AI

Integrating Generative AI, Machine Learning and AI

In the dynamic landscape of technology, integrating Generative AI, Machine Learning (ML), and Artificial Intelligence (AI) has become imperative for businesses to stay competitive and innovative.

 

Not since the dot.com era have we seen such a dramatic shift in technology, which has become a part of our everyday lives. 

 

Businesses must adapt and integrate AI, ML and GenAI into their short and long-term IT strategies. To enable employees to access AI tools from their workstations, mobiles and any web-enabled device. 

 

More than ever, IT professionals ought to be committed to developing robust strategies that leverage these technologies to enhance operational efficiency, customer experiences and overall business outcomes. This article will explore key considerations and recommendations for incorporating Generative AI, Machine Learning, and AI into your IT strategies in 2024.

Understanding the Business Objectives:

 

As IT leaders, you must align the adoption of Generative AI, ML, and AI with the broader business objectives.

 

Due to a lack of consideration for your business’s strategic objectives, the improper use and implementation of these technologies may have little or no effect on achieving organisational objectives. In other words, these tools should be complementary and continuously aligned with the organisational strategy. For instance, some technologies may not necessarily support the direction of the business. The same principle applies to the implementation of strategic IT decisions.

 

Conversely, the judicious use of AI can elevate customer service satisfaction and increase operational efficiency, which can lead to gaining a competitive advantage in some shape or form.

 

Crafting an effective IT strategy based on individual business merits will help choose technologies tailored to individual needs that will support development and growth.

 

Talent Acquisition and Skill Development:

 

Investing in talent is crucial for successful implementation. IT leaders should assess the existing skill set within their teams and identify the gaps. This is crucially important as well as your current team’s skill including knowledge of working with IA set vs. AI delivery services.  

Hiring or upskilling employees in areas like data science, machine learning, and deep learning ensures that the organisation has the expertise to drive AI initiatives. Not only focusing on the team who will support it, but your IT strategy must also focus on how you train end users to understand, leverage and validate where AI is used.

 

Establishing a Data-Driven Culture:

 

Generative AI and ML rely heavily on data. IT leaders must foster a data-driven culture within the organisation, emphasising the importance of high-quality, relevant data. It has always been a challenge for businesses to hold data regardless of its quality, relevance, or ability to be reused, ingested, or understood by a system. With AI, both structured and unstructured data can be used, but the data still needs to be relevant if you implement a system to reduce the amount of time your business spends on answering customer queries based on previous fixes but don’t check the previous fixes for validity you are likely to suggest non-solutions and harbour distrust in the system. This involves implementing data governance practices, ensuring data security, and promoting collaboration between IT and business units to derive meaningful insights. Tools like Microsoft Purview are a great place to start when looking into your data and its governance.

 

Creating a Robust Infrastructure:

 

IT leaders need to invest in a robust and scalable infrastructure to support the increased computational demands of AI applications. For most, this will mean looking at a transparent Cloud and edge computing strategy, moving away from private and co-located data centres on dedicated hardware to pooled and shared, scalable solutions like Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform (GCP). This becomes critical when you consider that for some AI workloads, you will need specialised hardware such as GPUs, which may be essential IT infrastructure components to ensure optimal performance or gain the results your business requires. For those who want to remain on-premises, then your strategy needs to directly reflect a hybrid cloud approach as you will not be able to run many of these tools in your environment and will instead need to run the toolset where it is best suited be that with the vendor or on a public cloud instance.

 

Implementing Explainable AI:

 

As your strategy reflects how your business increasingly relies on AI-driven decisions, you must ensure that your business, customers, and staff can maintain faith in the solution; therefore, transparency becomes critical. As IT leaders, you should prioritise adopting Explainable AI models that provide clear insights into how AI algorithms arrive at specific conclusions. This transparency builds trust both internally and externally. This is easier said than done with some of the current Generative AI toolings, and therefore, your IT Strategy should reflect how you will tackle this when selecting the tools you will work with.

 

Security and Compliance:

 

Ensuring the security of AI systems is paramount. As an IT leader, you must integrate AI technologies in compliance with industry regulations and standards. Now, most of these AI tools currently take little consideration for the regulations and standards your business might have to reach, be that HIPPA, PCI-DSS, or ISO. Therefore, it will fall to you and your strategic approach to ensure that safeguards are put in place and that you remain in control of your data, its sovereignty and how it is being used. Additionally, implementing robust cybersecurity measures is essential to protect sensitive data and maintain the integrity of AI applications; this does not stop with just placing anti-virus on a system; you will need to think beyond this and engage with the right security partners.

 

Continuous Monitoring and Improvement:

 

AI models require ongoing monitoring and refinement. IT leaders should establish mechanisms for continuous evaluation of AI systems, identifying areas for improvement and adapting strategies based on real-world performance. Regular updates and adjustments ensure that AI applications remain effective and aligned with evolving business goals. Remember that even though a model is good today, it will still be better in 6 months or a year. Also, the data set will age out on models, therefore, you need to ensure you understand how and when this will be updated to support your business. 

 

Collaboration and Communication:

 

Successful AI implementation requires effective collaboration between IT and all business units. IT leaders should facilitate communication, break down silos, and encourage cross-functional collaboration to ensure that AI initiatives align with the overall business strategy. No man is an island, and if you make your safe in this landscape, you will quickly fall behind. While implementing your IT strategy, you engage a cross-business group and work with them to support you in understanding how to engage the wider business and provide training, support, and guidance to maximise uptake and effectively communicate the changes coming.

 

In 2024, the strategic integration of Generative AI, Machine Learning, and AI into IT strategies is critical to business success. IT leaders must align these technologies with business objectives, invest in talent and infrastructure, foster a data-driven culture, prioritise security and compliance, and ensure continuous monitoring and improvement. By adopting a holistic approach, you, as an IT professional, can position your organisations at the forefront of technological innovation, driving sustainable growth and competitive advantage in the ever-evolving digital landscape.

 

If you want to talk to one of our experts about how we can help you with your IT strategy or implementing AI into your business, then please call 01235 433900, or you can email [email protected], or if you would like to speak to me directly, you can reach out to me via DM or at [email protected].

Technology and Cybersecurity; The Trends and Predications for 2024

technology trends in 2024

Time waits for no man and the last 12 months have truly shown that neither can technology or cybersecurity. Tech will not be held back. Governments, companies and individuals cannot stop the march of technological progress. Therefore as I sat down to pen this article for the third year in a row it was very clear to me that the last 12 months have seen such a huge advancement in technology that my predictions might need to be a bit bigger for technology in 2024!

You can read the previous year’s articles HERE and HERE.

Artificial Intelligence (AI) in Cybersecurity

Artificial Intelligence is set to play a pivotal role in cybersecurity. In 2024, we can expect AI to be more sophisticated in identifying and mitigating cyber threats. Machine learning algorithms will continuously adapt to new attack vectors, providing a dynamic defence mechanism. The integration of AI in security operations will enhance threat detection, response times, and overall resilience against cyber attacks. Because of this as business we need to be aware of how the providers of your technology are using AI and how the bad actors will also be using this. It is also going to be critical in 2024 to review where and what data is being held and used to train these AI models inside of your cybersecurity products.

AI & Cybersecurity in 2024

Zero Trust Architecture

The concept of Zero Trust Architecture is gaining momentum as organizations recognize the need to move beyond traditional perimeter-based security. In 2024, expect more widespread adoption of Zero Trust principles, where trust is never assumed, and every user, device, and network interaction is thoroughly authenticated and authorized. This approach ensures a more robust defence against insider threats and external attacks. What this will really mean in 2024 is that the traditional edge and VPN systems many businesses have come to rely on since the pandemic will start to be replaced with ZTNA solutions.

 

Quantum-Safe Cryptography

With the advent of quantum computing, the cryptographic landscape is under threat. To counter this, 2024 will witness a surge in the implementation of quantum-safe cryptographic algorithms. Organizations will prioritize updating their cryptographic protocols to ensure that sensitive data remains secure even in the face of quantum advancements. This is a space to watch and an area of huge growth for security.

 

5G Security Challenges

As 5G networks become more prevalent, so do the security challenges associated with this technology. In 2024, expect a heightened focus on addressing the unique cybersecurity risks posed by 5G, including increased attack surfaces, potential for IoT vulnerabilities, and the need for robust encryption to protect data transmitted over these high-speed networks. Businesses that rely heavily on remote working and mobile working will need to be very aware of this and keep a close key on the risks in the area.

Ransomware Resilience

Ransomware attacks have been on the rise, and 2024 will be no exception. Organisations will increasingly invest in developing and implementing robust ransomware resilience strategies. This includes regular data backups, employee training programs, and the use of advanced threat intelligence to proactively identify and neutralize ransomware threats. For me there is only one answer to this and that will be that every business will need a full MDR (Manage Detection and Response) product in place looked after by a dedicated security team.

 

Biometric Authentication Advances

Biometric authentication is evolving beyond fingerprint and facial recognition. In 2024, we can anticipate advancements in behavioural biometrics, voice recognition, and other innovative authentication methods. These technologies offer a more secure and user-friendly approach to identity verification, reducing reliance on traditional password-based systems. This wont change the world in 2024, but will start to see the shift away from the standard passwords systems we are use to.

Regulatory Compliance and Privacy

With the growing emphasis on data privacy and protection, regulatory frameworks are continually evolving. In 2024, organizations will prioritize compliance with stringent data protection regulations. The focus will be on ensuring transparent data practices, implementing robust security measures, and demonstrating accountability in handling sensitive information.

Generative AI fuelled Social Engineering Attacks

When looking at looking at the risk profile of 2024, it is clear that the trajectory started in 2023 will continue with generative AI being used by bad actors to generate more believable , more dynamic and ultimately harder to detect social engineering attacks. It has been well documented that in 2023 around 80% of all attacks started with compromised identities and as we all continue to invest in better MFA technologies and drive brute force attacks from success the more we will see a direct pivot to using social engineering attacks to compromise the security practices we have in place.

Businesses must strive to educate their employees about the common ways to recognise they are being deceived, this cannot just happen once a year as a tick box exercise you need to be driving change with-in your business and adopting a clear training plan into 2024. Because of this it makes identity protection the most critical protection that companies should look to strengthen or invest in for 2024. Otherwise, adversaries will continually target and successfully comprise this weak spot.

Cost of Living and Financial Impacts on IT and Security Budget

We have seen some unpredictable and unprecedented global impacts over the last 4 years, these have all taken an impact on the global finances which in turn are now starting to reflect in the budgets of businesses across the UK and EMEA. Because of this in 2024 a trend we are all going to need to be aware of is the tightening on IT and Security budgets as the ever tightening purse strings will mean that businesses need to make better choices about where and how they spend money. In these scenarios you need to focus on how to make the most of what you have but also there will be a need to be strong on conveying the value to the wider business on investing or maintaining your IT and Security products and services.

Conclusion

As we step into 2024, the intersection of technology and cybersecurity promises both challenges and opportunities. Embracing innovative solutions, staying informed about emerging threats, and fostering a cybersecurity-conscious culture will be essential for individuals and organizations alike. By proactively addressing these trends, we can collectively build a safer and more resilient digital future.

If you want to talk to one of our experts about how we can help you with your planning for 2024 then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

2023 – Technology Winners & Losers

Amid widespread technological innovation as well as failuresLewis Kitchen

As usual for this time of year, we always think it’s a bit of fun to look back at the last 12 months and see how technology in 2023 has shaped up – who were the winners and who fell flat of expectations over the year.

Winners

AI

AI has made a huge impact in the year 2023. ChatGPT was released by OpenAI on the 30th of November 2022 and quickly took over the internet, receiving the most user signups out of all applications.

ChatGPT is a predictive language model. Although these existed before, OpenAI was the first to make it commercially available. Unlike other chatbots that are designed to perform specific tasks, ChatGPT is a conversational model that can respond to any query from its large database.

This caused a chain reaction among the big companies to push out their AI and gain some of the market share. AI will change the way we work next year with Microsoft CoPilot coming out for enterprise companies.

Cloud Adoption

As always, Microsoft and Amazon have been pushing for more control over the Public Cloud space. As a result, more companies have migrated services to the cloud or running Hybrid setups with it. At Planet IT we have seen a huge increase in growth for customers wanting Microsoft Azure to run their infrastructure. This will continue into 2024 and from 2025 we will expect to see more than 90% of businesses being cloud only.

Losers

Microsoft Windows Operating Systems

2023 saw the end of life for Windows Server 2012, this forced a lot of companies to upgrade their server or utilise Microsoft’s offering for extended 2012 support in Microsoft Azure. This will become a common occurrence as Microsoft looks to end its support for its aging operating systems such as 2016 and 2019 in favour of moving you to the Azure Cloud.

Twitter / X

Twitter was brought out by Elon Musk on the 27th of October. And depending on what side of the fence you sit on this, is either bad or good. The acquisition has been a topic of debate in the media. Some examples include Elon’s hostile takeover of Twitter; renaming Twitter to X; promising an open-sourced algorithm; banning bots and hypocrisy about free speech.

X has been under pressure from watchdogs and civic organisations. This is due to its inability to combat propaganda. For instance, spreading misleading information on the Russia-Ukraine war, the Israel-Hamas war, and the upcoming presidential election.

Securing Tomorrow: Navigating Cybersecurity in 2024 (Amidst the Rise of Generative AI)

AI & Cybersecurity in 2024

As we plunge deeper into the digital era, the evolution of technology continues to shape the landscape of cybersecurity. 2023 has been a landmark year for the uptake and integration of Artificial Intelligence into our business, lives and technologies. However, now it’s time to look at cybersecurity in 2024

2024 will mark a significant milestone. The widespread adoption of generative AI technologies propelling us into uncharted territories. Not only are we learning about how to use these technologies and leverage them to make our business more effective and our work lives that little bit easier, but at the same time we are trying to understand how this technology should be legislated, managed and secured. While these advancements bring unprecedented opportunities, they also usher in new challenges. Especially with the escalating risks posed by malicious actors utilising AI to launch smarter, more efficient cyber-attacks. In this article, we delve into the future of cybersecurity and explore crucial measures businesses should undertake to fortify their defences against AI-driven threats.

2023 has been a year of seismic change in the IT landscape. Most of this initial change has been driven in part by the wave of generative AI products that have come to the market. Starting with the introduction of ChatGPT from OpenAI and then the race to get GenAI into every business and every consumer as quickly as possible. This is not the only change that has dramatically affected the market but it is the starting point from which most of the other shifts have occurred.

Because of this, when looking at what 2024 looks like, we need to consider these rapid changes. We can’t just look at today’s landscape. We need to consider what is the risks of the following 12 months are going to look like

The Proliferation of Generative AI:

Generative AI technologies, fuelled by machine learning algorithms, have demonstrated remarkable capabilities in various domains, from content creation to problem-solving. However, with great power comes great responsibility (“Ben Parker – Spiderman (just before he dies [SPOLIERS]”), and in the realm of cybersecurity, the advent of generative AI presents a double-edged sword. While businesses and individuals can leverage GenAI to increase their productivity, remove manual tasks or understand complex situations, Cybercriminals are increasingly leveraging these technologies to automate and enhance the sophistication of their attacks.

AI Cybersecurity event

AI-Driven Threats: A New Frontier:

The integration of generative AI in cyber attacks introduces a new level of complexity and efficiency. AI-driven threats can adapt in real-time, learning from defensive measures and continuously evolving to exploit vulnerabilities. From intelligent phishing schemes to adaptive malware, businesses now face a formidable adversary that can circumvent traditional security protocols with unprecedented agility. This enables bad actors to push RaaS (Ransomware as a Service) and enable less skilled individuals to trigger and deploy increasingly complex attacks on businesses with little to no knowledge of what the attack does or how it is written.

So how do we move forward? As a business what should you be doing to protect yourselves, your staff and your business from the wave of GenAI that isn’t hear to help you out? I have collated Five steps that I called the Business Imperatives for Cybersecurity in 2024:

Investing in AI-Powered Defence Systems:

To counter the rising tide of AI-driven threats, businesses must invest in cutting-edge, AI-powered defence systems. These systems should not only detect known patterns but also employ advanced machine learning algorithms to identify anomalous behaviour indicative of potential attacks. Your £10 a year subscription to a nearly free Antivirus or Antimalware platform is no longer enough, the companies who are not innovating in this space and failing behind and they are doing so quickly. In 2024, EDR/XDR – Endpoint Detection and Response or (X)Extended Detection and Response are now a minimum, for nearly all businesses from SME/SMB to Blue Chip a managed SoC (Security Operations Centre) or Managed Detection and Response (MDR) service is a must. The level of protection on your client devices has never been more important especially as the edge of the network dissolves and users and businesses embrace remote working.

Continuous Training and Skill Development

The human element remains crucial in the fight against cyber threats. Regular training and skill development programs are imperative to equip cybersecurity teams with the knowledge and expertise needed to combat evolving AI-driven attacks effectively.

When looking at what we do moving forward we have to start with the human aspect of protection “The Human Firewall” as I like to call it. Training your end users has and always will be the most critical line of defence a business has. Now I have said this before and I will undoubtedly say it again in one of these articles or at a keynote. If you fail to train your end users to not only use the technology in front of them or understand the risks they pose as users to the data and information security of the business you will undoubtedly risk a catastrophic failure. Users are the most risky part of your business, they move, they are forgetful and they tend to be overly sharing even when you have specifically told them not to be. What we will need to do as we step into 2024 is train end users to understand the risks of AI, what it does/doesn’t/can/cannot do with data.

Once they understand this you will need to wrap true security awareness training around this. The training will need to be broad but also deep to ensure that users do not fall into the trap of not knowing the breadth of the risks but also don’t end up receiving such high-level input they never really understand how deep that rabbit hole can go.

microsoft intune

Zero-Trust Security Architecture

Adopting a zero-trust security architecture is paramount in the age of AI-driven threats. Rather than relying solely on perimeter defences, businesses should implement robust identity verification, continuous monitoring, and strict access controls to mitigate the risk of unauthorized access. We need to build systems, services and business with Zero Trust at the core. When my team is asked to work on a solution for a customer or migration to the cloud, this is where we begin the days of trusting the perimeter of the network to defend us are gone. We need robust Zero Trust across every system, platform and service. If you don’t have Zero Trust you have too much trust!

Collaboration and Information Sharing

Cybersecurity is a collective effort, and businesses should actively participate in information sharing and collaborative initiatives. At Planet IT, I make this a core of what we do with regular information-sharing sessions, events and webinars (including this blog!). Building a strong network of industry peers and sharing threat intelligence can enhance the collective ability to thwart sophisticated AI-driven attacks. If you don’t know where to start with this reach out to [email protected] and we will get you connected with like-minded individuals across the UK and EMEA and help you build your network of peers.

Regulatory Compliance and Ethical AI Usage

Beyond technological solutions, fostering a cybersecurity culture within an organisation is paramount. Employees should be educated about the potential risks associated with AI-driven threats and encouraged to adopt best practices, such as vigilant email scrutiny, regular password updates, and reporting suspicious activities promptly. This starts from the first day they join your business and should be a continued journey throughout their time with you. The days of training once worrying later are gone. We must be keeping our staff as up-to-date as we are, bringing the business with you is the hardest part of the battle with AI and Cyber Security in 2024.

As we stand on the precipice of a future dominated by generative AI, the importance of robust cybersecurity measures cannot be overstated. Businesses must proactively adapt to the evolving threat landscape by embracing advanced technologies, fostering a cybersecurity-conscious culture, and collaborating with the broader industry. By doing so, they can not only defend against the rising tide of AI-driven threats in 2024 but also pave the way for a more secure digital future. Just remember, AI is Amazing but if you fail to understand it, properly protect it or secure it then it’s a disaster waiting to happen!

If you want to talk to one of our experts about how we can help you with your security and understanding of AI then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

AI & Cybersecurity in 2024

 

How to create and implement a cloud strategy

How to Create and Implement a Cloud Strategy

Cloud-based solutions are helping organisations achieve greater agility, efficiency, and innovation, and even increasing end-user satisfaction. That said, moving to the cloud is not always just as simple as clicking a few boxes and pressing go. It can be a drawn-out or complex process. Any cloud migration strategy requires careful planning and execution to ensure a successful outcome and avoid the typical major pitfalls. 

In this article, we will explain what your cloud strategy should include, why you need one, and how to create and implement one for your organisation.  

We will also share some tips and best practices from our experience as a Microsoft Solutions Partner specialising in Microsoft Azure, Microsoft 365 and cloud migration specialist. 

 

What is a cloud strategy? 

A cloud strategy is a concise viewpoint on the role of cloud computing in your organisation. It defines what you want to achieve with the cloud, how you will get there, and how you will measure your progress and results. 

A cloud strategy is different from a cloud implementation plan, which offers the “how” rather than the “what” and “why”. A cloud implementation plan details the specific steps, actions, and resources needed to execute your cloud strategy. 

You need a cloud strategy because it helps you: 

  • Align your cloud solutions with your business goals and user needs. 
  • Communicate your vision and direction to your stakeholders and partners. 
  • Identify and mitigate the potential challenges and risks of cloud adoption. 
  • Optimise your costs and benefits of using the cloud. 
  • Monitor and evaluate your performance and outcomes. 

Cloud Strategy

What if you don’t prepare for the cloud properly? 

Without a clear and coherent cloud strategy, you may end up with: 

  • A complex and expensive technology estate that does not meet your expectations or requirements. 
  • A lack of coordination and collaboration among your teams and departments 
  • A loss of control and visibility over your data and processes 
  • A reduced ability to respond to changing market conditions and customer demands. 

So, where do you start? 

If you have to ask that question, then you probably need a helping hand.  

Feel free to call one of our Cloud Specialist Architects to get the plan rolling. Call 01235 433900 or email [email protected] and ask about a Free Cloud Readiness Assessment.  

WormGPT: Phishing-as-a-Service the Rise of AI lead Phishing Attacks

WormGPT

Have you been following my latest series of articles on AI and the moving threats of the AI lead wave? If you have, you will have heard me talk about the use of AI to generate content for cyber-attacks, especially their use to increase the effectiveness of Phishing attacks. But have you heard about WormGPT?

Almost as predicted a new AI-lead Phishing service has launched titled WormGPT. Its name is a homage to the AI service ChatGPT which it claims to mirror. The creators call it an equivalent to the natural language engine’s human-like answers to questions.

How does it work?

The way that WormGPT stands out is very simple. All the security measures and protections used to prevent the generation of malicious code or attacks in ChatGPT are removed. WormGPT actively encourages this behaviour. No wonder, it is developed by known hackers and actively promotes malware and other cybercrime on the page.

cybersecurity

WormGPT is a subscription-based service on the dark web. Like many of these services, it can be used to promote and enhance phishing attacks. It is another case of Phishing-as-a-service and will only lead to more complex and higher-risk cyberattacks hitting the public.

With this on the rise, all we can recommend is that you stay alert. Stay aware and have the right protections in place to prevent phishing attacks. You should have time-of-click protection enabled on all links in your business. If you need more guidance on this, you should reach out to your Planet IT account manager.

How our Cybersecurity experts can help…

Are you struggling to get your head around how AI affects cybersecurity? Then please call 01235 433900 or you can email [email protected]. Or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

Windows Server 2012 R2 End Of Support – Act Now Or Face The Consequences!

Windows Server 2012 R2 End of Support

If you are an IT professional running Windows Server 2012 or Windows Server 2012 R2 server, you need to be aware that support for these products will end on October 10, 2023. This means that regular security updates, non-security updates, bug fixes, technical support, and online technical content updates will no longer be provided by Microsoft.

This poses a serious risk to your business. You will be exposed to potential security breaches, compliance issues, and performance problems. Alongside several key vendors dropping support for their products as soon as this platform leaves standard support with Microsoft.

You will also miss out on the latest features and innovations that newer versions of Windows Server offer. This includes improved security, scalability, reliability, and efficiency.

Therefore, you need to act now and plan your migration strategy before it is too late. You have two real options and one really bad idea to choose from.

Embrace The Cloud and get all the benefits

Migrate to Microsoft Azure and receive free Extended Security Updates (ESUs) for three years after the end of support. You can move your applications and databases to Azure Virtual Machines and benefit from the cloud’s flexibility, scalability, and cost-effectiveness.

You can also use Azure Arc to manage your hybrid environment and receive automated/scheduled ESU updates and installation. This can simply be a lift and shift for now. Use the three years to get prepared for a newer operating system.

Upgrade your Windows Server

Upgrade to Windows Server 2022 or purchase ESUs for Windows Server 2012. If you prefer to stay on-premises, you can upgrade to the latest version of Windows Server. This will offer enhanced security, performance, and innovation. Alternatively, you can purchase ESUs for Windows Server 2012, which will provide security updates only for up to three years after the end of support. This can only be done if you are on an Enterprise Agreement with Microsoft. For most businesses, this won’t be an option.

Or….

…and you’d be really stupid to do this!

Do nothing and wait to join over 50% of UK-based businesses that suffer a major cyber incident each year. With an unsupported product, it will only be a matter of weeks before a major attack is launched by a threat actor against an operating system using unpatched vulnerabilities.

Whichever option you choose, you need to start preparing now and avoid the risks of running unsupported software.

Don’t know which way to turn…. Then reach out to the Technical Architecture team and we will help you understand your options and support you in the drive to move away from 2012 R2.

We are an IT company based in the UK that advises thousands of businesses, IT managers and leaders on all things Tech. We can help you with your migration plan and ensure a smooth transition to the latest Windows Server solutions. Contact us today and let us help you secure your future.

Windows Server 2012 R2 End of Support

Azure AD is becoming Microsoft Entra ID

Microsoft Entra ID

You may not yet be too familiar with Microsoft Entra, but it’s about to become a much bigger part of your Microsoft environment.

Microsoft Azure AD, the cloud-based identity and access management solution that powers millions of organisations, is becoming Microsoft Entra ID.

This change reflects Microsoft’s vision to provide a unified and comprehensive identity platform that helps you secure your organization, empower your employees, and enable your digital transformation.

With Microsoft Entra ID, you can benefit from the latest innovations in identity protection, governance, and management, as well as seamless integration with Microsoft 365, Azure, and other cloud services.

ID Protection: Prevent account compromise with machine learning.

ID Protection helps you detect and stop identity attacks in real time. It uses advanced machine learning to identify sign-in anomalies and user behaviour that indicate a risk of compromise. For example, it can trigger a Conditional Access policy that requires strong authentication methods for accessing sensitive resources. This way, you can protect your accounts from phishing, malware, and other threats.

Azure AD is becoming Microsoft Entra ID

ID Dashboard: Monitor your identity security posture with insights and recommendations.

ID Dashboard shows you the impact of your identity protections, the most common attack patterns, and your organisation’s risk exposure. You can view metric cards and attack graphs that show risk origins, security posture over time, and types of current attacks. You can also get recommendations based on best practices and industry standards. With these insights, you can further investigate your security posture in other tools and applications.

ID Governance: Automate access governance with workflows and self-service.

ID Governance helps you ensure that only the right identities have the right access at the right time. It automates the employee identity lifecycle to reduce manual work for IT and increase employee productivity. It also provides machine learning-based insights about identities and app entitlements. You can use workflows and self-service to grant and revoke access to cloud and on-premises apps from any provider and custom-built apps hosted in the public cloud or on-premises. This way, you can comply with organizational and regulatory security requirements.

Apple Software – Critical WebKit Vulnerability: CVE-2023-37450

Apple Vulnerability

Apple has recently released a number of security advisories to address a zero-day vulnerability in Safari, iOS, iPadOS, and macOS Ventura. An attacker could exploit this vulnerability (being tracked as CVE-2023-37450) to achieve remote code execution. It has been reported that this vulnerability is being actively exploited, which means that attackers are currently using this security flaw to gain unauthorised access to systems, potentially leading to data theft, system damage, or other malicious activities. It is therefore imperative that you check and apply these patches as soon as possible.

Apple Rapid Security Response

Apple has rolled out a new protocol, termed Rapid Security Responses, to expedite the release of critical security enhancements in between regular software updates for iOS, iPadOS, and macOS. This approach allows for a more immediate response to certain security issues such as this one. Upon the application of a Rapid Security Response, a letter is appended to the software version number, indicating that the update has been implemented.

Who and What is Affected?

The vulnerability affects all devices running: iOS, iPadOS, and macOS Ventura that have not been updated to the latest security patches. This includes iPhones, iPads, and Mac computers. The exploit could be triggered by a vulnerable browser processing specially crafted (malicious) web content, leading to remote code execution.

How Can Attackers Exploit This Vulnerability?

Attackers can exploit this vulnerability by creating a webpage or web content that includes malicious code designed to exploit the vulnerability in Apple WebKit. They then need to trick the victim into opening this malicious webpage. This could be done through a phishing email, a message, or by compromising a website that the victim trusts and visits often. Once the victim opens the malicious webpage on a vulnerable browser, the malicious code is executed.

 

What Could Happen If This Vulnerability Is Exploited?

With the ability to execute arbitrary code, an attacker could potentially gain control over the victim’s device. This could allow them to install malware, steal sensitive data, create backdoors for future access, and more. In essence, the attacker could gain the same access to the device as the user, leading to a significant breach of privacy and security.

How to Patch This Vulnerability?

Apple has addressed this issue with improved checks in their Rapid Security Response updates. The patches were initially released for macOS Ventura 13.4.1 (a), iOS 16.5.1 (a), iPadOS 16.5.1 (a), and Safari 16.5.2. However, due to a bug in Safari, some of the updates were pulled. Apple has since released new fixes to address this issue.

 

To patch this vulnerability, users should update their devices to the latest software versions:

iOS 16.5.1 (a) and iPadOS 16.5.1 (a), released on July 10, 2023.

iOS 16.5.1 (c) and iPadOS 16.5.1 (c), released on July 12, 2023.

macOS Ventura 13.4.1 (a), released on July 10, 2023.

To check for updates, go to the settings of your device, select ‘General’, and then ‘Software Update’. If an update is available, tap ‘Download and Install’.

Connect the Classroom: Funded Wi-Fi For Schools

Connect The Classroom, Government funding for schools

The Connect the Classroom scheme is a government-funded program that provides funding for schools in eligible areas to upgrade their wireless network infrastructure. This funding can be used to improve the speed, reliability, and coverage of a school’s Wi-Fi network.

Just some of the benefits of the Connect the Classroom scheme include:

Faster and more reliable internet access:

A faster and more reliable internet connection can help students to access online resources more quickly and easily, and can also help to reduce the number of dropped connections during online lessons.

Improved collaboration:

A better Wi-Fi network can make it easier for students to collaborate on projects, and can also help teachers to deliver lessons that require students to work together online.

Enhanced learning experiences:

A better Wi-Fi network can open up new possibilities for learning, such as the use of virtual reality and augmented reality.

Improved Security:

Install the latest, most robust Wi-Fi network allowing you to take advantage of the best security solutions.

How to use the Connect the Classroom scheme

A school must be located in an Education Investment Area to be eligible for the Connect the Classroom scheme. Schools can apply for funding by submitting a proposal to the Department for Education. The proposal should include information about the school’s current Wi-Fi network, planned improvements, and the benefits the school expects to achieve from the upgrade.

How do I know if my school is eligible?

You can talk to your Planet IT Account manager, and we will find out for you, but basically:

All state schools in Priority Education Investment Areas (EIAs) are eligible to apply for funding.

Priority EIAs are schools in:

Blackpool, Bradford, Derby, Doncaster, Fenlands and East Cambridgeshire, Halton, Hartlepool, Hastings, Ipswich, Knowsley, Liverpool, Middlesbrough, North Yorkshire Coast, Norwich, Nottingham, Oldham, Portsmouth, Rochdale, Salford, Sandwell, Stoke-on-Trent, Tameside, Walsall, West Somerset.

Schools in other EIAs with an Ofsted rating below ‘Good’ are also eligible to apply for funding.

Other EIAs are:

Bedford, Bolton, Bury, Cambridgeshire, Central Bedfordshire, Cornwall, County Durham, Coventry, Darlington, Derbyshire, Dorset, Dudley, East Sussex, Isle of Wight, Kirklees, Leeds, Lincolnshire, Luton, Manchester, Norfolk, North Northamptonshire, North Somerset, North Yorkshire, Nottinghamshire, Peterborough, Plymouth, Rotherham, Sefton, Somerset, South Gloucestershire, South Tyneside, St. Helens, Suffolk, Sunderland, Swindon, Wakefield, Wirral.

Priority Education Investment Areas (EIAs)

Map & detail source, click here.

So, what do you do now?

The Connect the Classroom scheme is a valuable resource for schools that are looking to improve their Wi-Fi network, as essential for modern learning. The Planet IT Education Specialists can walk you through the process.

Here are the steps you can take now.

  1. Talk to your Planet IT Account Manager to start the process and check if your school is eligible.
  2. Discuss the best Wi-fi solution for your school.
  3. Secure your quote to include with your proposal to the Department for Education.
  4. Once approved, install the upgrades.
  5. Enjoy the benefits of a faster, more reliable Wi-Fi network!

 

Looking for a technology partner?
Let’s talk

  • This field is for validation purposes and should be left unchanged.