The latest in the ever-evolving world of technology

Technology and Cybersecurity; The Trends and Predications for 2024

technology trends in 2024

Time waits for no man and the last 12 months have truly shown that neither can technology or cybersecurity. Tech will not be held back. Governments, companies and individuals cannot stop the march of technological progress. Therefore as I sat down to pen this article for the third year in a row it was very clear to me that the last 12 months have seen such a huge advancement in technology that my predictions might need to be a bit bigger for technology in 2024!

You can read the previous year’s articles HERE and HERE.

Artificial Intelligence (AI) in Cybersecurity

Artificial Intelligence is set to play a pivotal role in cybersecurity. In 2024, we can expect AI to be more sophisticated in identifying and mitigating cyber threats. Machine learning algorithms will continuously adapt to new attack vectors, providing a dynamic defence mechanism. The integration of AI in security operations will enhance threat detection, response times, and overall resilience against cyber attacks. Because of this as business we need to be aware of how the providers of your technology are using AI and how the bad actors will also be using this. It is also going to be critical in 2024 to review where and what data is being held and used to train these AI models inside of your cybersecurity products.

AI & Cybersecurity in 2024

Zero Trust Architecture

The concept of Zero Trust Architecture is gaining momentum as organizations recognize the need to move beyond traditional perimeter-based security. In 2024, expect more widespread adoption of Zero Trust principles, where trust is never assumed, and every user, device, and network interaction is thoroughly authenticated and authorized. This approach ensures a more robust defence against insider threats and external attacks. What this will really mean in 2024 is that the traditional edge and VPN systems many businesses have come to rely on since the pandemic will start to be replaced with ZTNA solutions.

 

Quantum-Safe Cryptography

With the advent of quantum computing, the cryptographic landscape is under threat. To counter this, 2024 will witness a surge in the implementation of quantum-safe cryptographic algorithms. Organizations will prioritize updating their cryptographic protocols to ensure that sensitive data remains secure even in the face of quantum advancements. This is a space to watch and an area of huge growth for security.

 

5G Security Challenges

As 5G networks become more prevalent, so do the security challenges associated with this technology. In 2024, expect a heightened focus on addressing the unique cybersecurity risks posed by 5G, including increased attack surfaces, potential for IoT vulnerabilities, and the need for robust encryption to protect data transmitted over these high-speed networks. Businesses that rely heavily on remote working and mobile working will need to be very aware of this and keep a close key on the risks in the area.

Ransomware Resilience

Ransomware attacks have been on the rise, and 2024 will be no exception. Organisations will increasingly invest in developing and implementing robust ransomware resilience strategies. This includes regular data backups, employee training programs, and the use of advanced threat intelligence to proactively identify and neutralize ransomware threats. For me there is only one answer to this and that will be that every business will need a full MDR (Manage Detection and Response) product in place looked after by a dedicated security team.

 

Biometric Authentication Advances

Biometric authentication is evolving beyond fingerprint and facial recognition. In 2024, we can anticipate advancements in behavioural biometrics, voice recognition, and other innovative authentication methods. These technologies offer a more secure and user-friendly approach to identity verification, reducing reliance on traditional password-based systems. This wont change the world in 2024, but will start to see the shift away from the standard passwords systems we are use to.

Regulatory Compliance and Privacy

With the growing emphasis on data privacy and protection, regulatory frameworks are continually evolving. In 2024, organizations will prioritize compliance with stringent data protection regulations. The focus will be on ensuring transparent data practices, implementing robust security measures, and demonstrating accountability in handling sensitive information.

Generative AI fuelled Social Engineering Attacks

When looking at looking at the risk profile of 2024, it is clear that the trajectory started in 2023 will continue with generative AI being used by bad actors to generate more believable , more dynamic and ultimately harder to detect social engineering attacks. It has been well documented that in 2023 around 80% of all attacks started with compromised identities and as we all continue to invest in better MFA technologies and drive brute force attacks from success the more we will see a direct pivot to using social engineering attacks to compromise the security practices we have in place.

Businesses must strive to educate their employees about the common ways to recognise they are being deceived, this cannot just happen once a year as a tick box exercise you need to be driving change with-in your business and adopting a clear training plan into 2024. Because of this it makes identity protection the most critical protection that companies should look to strengthen or invest in for 2024. Otherwise, adversaries will continually target and successfully comprise this weak spot.

Cost of Living and Financial Impacts on IT and Security Budget

We have seen some unpredictable and unprecedented global impacts over the last 4 years, these have all taken an impact on the global finances which in turn are now starting to reflect in the budgets of businesses across the UK and EMEA. Because of this in 2024 a trend we are all going to need to be aware of is the tightening on IT and Security budgets as the ever tightening purse strings will mean that businesses need to make better choices about where and how they spend money. In these scenarios you need to focus on how to make the most of what you have but also there will be a need to be strong on conveying the value to the wider business on investing or maintaining your IT and Security products and services.

Conclusion

As we step into 2024, the intersection of technology and cybersecurity promises both challenges and opportunities. Embracing innovative solutions, staying informed about emerging threats, and fostering a cybersecurity-conscious culture will be essential for individuals and organizations alike. By proactively addressing these trends, we can collectively build a safer and more resilient digital future.

If you want to talk to one of our experts about how we can help you with your planning for 2024 then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

2023 – Technology Winners & Losers

Amid widespread technological innovation as well as failuresLewis Kitchen

As usual for this time of year, we always think it’s a bit of fun to look back at the last 12 months and see how technology in 2023 has shaped up – who were the winners and who fell flat of expectations over the year.

Winners

AI

AI has made a huge impact in the year 2023. ChatGPT was released by OpenAI on the 30th of November 2022 and quickly took over the internet, receiving the most user signups out of all applications.

ChatGPT is a predictive language model. Although these existed before, OpenAI was the first to make it commercially available. Unlike other chatbots that are designed to perform specific tasks, ChatGPT is a conversational model that can respond to any query from its large database.

This caused a chain reaction among the big companies to push out their AI and gain some of the market share. AI will change the way we work next year with Microsoft CoPilot coming out for enterprise companies.

Cloud Adoption

As always, Microsoft and Amazon have been pushing for more control over the Public Cloud space. As a result, more companies have migrated services to the cloud or running Hybrid setups with it. At Planet IT we have seen a huge increase in growth for customers wanting Microsoft Azure to run their infrastructure. This will continue into 2024 and from 2025 we will expect to see more than 90% of businesses being cloud only.

Losers

Microsoft Windows Operating Systems

2023 saw the end of life for Windows Server 2012, this forced a lot of companies to upgrade their server or utilise Microsoft’s offering for extended 2012 support in Microsoft Azure. This will become a common occurrence as Microsoft looks to end its support for its aging operating systems such as 2016 and 2019 in favour of moving you to the Azure Cloud.

Twitter / X

Twitter was brought out by Elon Musk on the 27th of October. And depending on what side of the fence you sit on this, is either bad or good. The acquisition has been a topic of debate in the media. Some examples include Elon’s hostile takeover of Twitter; renaming Twitter to X; promising an open-sourced algorithm; banning bots and hypocrisy about free speech.

X has been under pressure from watchdogs and civic organisations. This is due to its inability to combat propaganda. For instance, spreading misleading information on the Russia-Ukraine war, the Israel-Hamas war, and the upcoming presidential election.

Securing Tomorrow: Navigating Cybersecurity in 2024 (Amidst the Rise of Generative AI)

AI & Cybersecurity in 2024

As we plunge deeper into the digital era, the evolution of technology continues to shape the landscape of cybersecurity. 2023 has been a landmark year for the uptake and integration of Artificial Intelligence into our business, lives and technologies. However, now it’s time to look at cybersecurity in 2024

2024 will mark a significant milestone. The widespread adoption of generative AI technologies propelling us into uncharted territories. Not only are we learning about how to use these technologies and leverage them to make our business more effective and our work lives that little bit easier, but at the same time we are trying to understand how this technology should be legislated, managed and secured. While these advancements bring unprecedented opportunities, they also usher in new challenges. Especially with the escalating risks posed by malicious actors utilising AI to launch smarter, more efficient cyber-attacks. In this article, we delve into the future of cybersecurity and explore crucial measures businesses should undertake to fortify their defences against AI-driven threats.

2023 has been a year of seismic change in the IT landscape. Most of this initial change has been driven in part by the wave of generative AI products that have come to the market. Starting with the introduction of ChatGPT from OpenAI and then the race to get GenAI into every business and every consumer as quickly as possible. This is not the only change that has dramatically affected the market but it is the starting point from which most of the other shifts have occurred.

Because of this, when looking at what 2024 looks like, we need to consider these rapid changes. We can’t just look at today’s landscape. We need to consider what is the risks of the following 12 months are going to look like

The Proliferation of Generative AI:

Generative AI technologies, fuelled by machine learning algorithms, have demonstrated remarkable capabilities in various domains, from content creation to problem-solving. However, with great power comes great responsibility (“Ben Parker – Spiderman (just before he dies [SPOLIERS]”), and in the realm of cybersecurity, the advent of generative AI presents a double-edged sword. While businesses and individuals can leverage GenAI to increase their productivity, remove manual tasks or understand complex situations, Cybercriminals are increasingly leveraging these technologies to automate and enhance the sophistication of their attacks.

AI Cybersecurity event

AI-Driven Threats: A New Frontier:

The integration of generative AI in cyber attacks introduces a new level of complexity and efficiency. AI-driven threats can adapt in real-time, learning from defensive measures and continuously evolving to exploit vulnerabilities. From intelligent phishing schemes to adaptive malware, businesses now face a formidable adversary that can circumvent traditional security protocols with unprecedented agility. This enables bad actors to push RaaS (Ransomware as a Service) and enable less skilled individuals to trigger and deploy increasingly complex attacks on businesses with little to no knowledge of what the attack does or how it is written.

So how do we move forward? As a business what should you be doing to protect yourselves, your staff and your business from the wave of GenAI that isn’t hear to help you out? I have collated Five steps that I called the Business Imperatives for Cybersecurity in 2024:

Investing in AI-Powered Defence Systems:

To counter the rising tide of AI-driven threats, businesses must invest in cutting-edge, AI-powered defence systems. These systems should not only detect known patterns but also employ advanced machine learning algorithms to identify anomalous behaviour indicative of potential attacks. Your £10 a year subscription to a nearly free Antivirus or Antimalware platform is no longer enough, the companies who are not innovating in this space and failing behind and they are doing so quickly. In 2024, EDR/XDR – Endpoint Detection and Response or (X)Extended Detection and Response are now a minimum, for nearly all businesses from SME/SMB to Blue Chip a managed SoC (Security Operations Centre) or Managed Detection and Response (MDR) service is a must. The level of protection on your client devices has never been more important especially as the edge of the network dissolves and users and businesses embrace remote working.

Continuous Training and Skill Development

The human element remains crucial in the fight against cyber threats. Regular training and skill development programs are imperative to equip cybersecurity teams with the knowledge and expertise needed to combat evolving AI-driven attacks effectively.

When looking at what we do moving forward we have to start with the human aspect of protection “The Human Firewall” as I like to call it. Training your end users has and always will be the most critical line of defence a business has. Now I have said this before and I will undoubtedly say it again in one of these articles or at a keynote. If you fail to train your end users to not only use the technology in front of them or understand the risks they pose as users to the data and information security of the business you will undoubtedly risk a catastrophic failure. Users are the most risky part of your business, they move, they are forgetful and they tend to be overly sharing even when you have specifically told them not to be. What we will need to do as we step into 2024 is train end users to understand the risks of AI, what it does/doesn’t/can/cannot do with data.

Once they understand this you will need to wrap true security awareness training around this. The training will need to be broad but also deep to ensure that users do not fall into the trap of not knowing the breadth of the risks but also don’t end up receiving such high-level input they never really understand how deep that rabbit hole can go.

microsoft intune

Zero-Trust Security Architecture

Adopting a zero-trust security architecture is paramount in the age of AI-driven threats. Rather than relying solely on perimeter defences, businesses should implement robust identity verification, continuous monitoring, and strict access controls to mitigate the risk of unauthorized access. We need to build systems, services and business with Zero Trust at the core. When my team is asked to work on a solution for a customer or migration to the cloud, this is where we begin the days of trusting the perimeter of the network to defend us are gone. We need robust Zero Trust across every system, platform and service. If you don’t have Zero Trust you have too much trust!

Collaboration and Information Sharing

Cybersecurity is a collective effort, and businesses should actively participate in information sharing and collaborative initiatives. At Planet IT, I make this a core of what we do with regular information-sharing sessions, events and webinars (including this blog!). Building a strong network of industry peers and sharing threat intelligence can enhance the collective ability to thwart sophisticated AI-driven attacks. If you don’t know where to start with this reach out to [email protected] and we will get you connected with like-minded individuals across the UK and EMEA and help you build your network of peers.

Regulatory Compliance and Ethical AI Usage

Beyond technological solutions, fostering a cybersecurity culture within an organisation is paramount. Employees should be educated about the potential risks associated with AI-driven threats and encouraged to adopt best practices, such as vigilant email scrutiny, regular password updates, and reporting suspicious activities promptly. This starts from the first day they join your business and should be a continued journey throughout their time with you. The days of training once worrying later are gone. We must be keeping our staff as up-to-date as we are, bringing the business with you is the hardest part of the battle with AI and Cyber Security in 2024.

As we stand on the precipice of a future dominated by generative AI, the importance of robust cybersecurity measures cannot be overstated. Businesses must proactively adapt to the evolving threat landscape by embracing advanced technologies, fostering a cybersecurity-conscious culture, and collaborating with the broader industry. By doing so, they can not only defend against the rising tide of AI-driven threats in 2024 but also pave the way for a more secure digital future. Just remember, AI is Amazing but if you fail to understand it, properly protect it or secure it then it’s a disaster waiting to happen!

If you want to talk to one of our experts about how we can help you with your security and understanding of AI then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

AI & Cybersecurity in 2024

 

How to create and implement a cloud strategy

How to Create and Implement a Cloud Strategy

Cloud-based solutions are helping organisations achieve greater agility, efficiency, and innovation, and even increasing end-user satisfaction. That said, moving to the cloud is not always just as simple as clicking a few boxes and pressing go. It can be a drawn-out or complex process. Any cloud migration strategy requires careful planning and execution to ensure a successful outcome and avoid the typical major pitfalls. 

In this article, we will explain what your cloud strategy should include, why you need one, and how to create and implement one for your organisation.  

We will also share some tips and best practices from our experience as a Microsoft Solutions Partner specialising in Microsoft Azure, Microsoft 365 and cloud migration specialist. 

 

What is a cloud strategy? 

A cloud strategy is a concise viewpoint on the role of cloud computing in your organisation. It defines what you want to achieve with the cloud, how you will get there, and how you will measure your progress and results. 

A cloud strategy is different from a cloud implementation plan, which offers the “how” rather than the “what” and “why”. A cloud implementation plan details the specific steps, actions, and resources needed to execute your cloud strategy. 

You need a cloud strategy because it helps you: 

  • Align your cloud solutions with your business goals and user needs. 
  • Communicate your vision and direction to your stakeholders and partners. 
  • Identify and mitigate the potential challenges and risks of cloud adoption. 
  • Optimise your costs and benefits of using the cloud. 
  • Monitor and evaluate your performance and outcomes. 

Cloud Strategy

What if you don’t prepare for the cloud properly? 

Without a clear and coherent cloud strategy, you may end up with: 

  • A complex and expensive technology estate that does not meet your expectations or requirements. 
  • A lack of coordination and collaboration among your teams and departments 
  • A loss of control and visibility over your data and processes 
  • A reduced ability to respond to changing market conditions and customer demands. 

So, where do you start? 

If you have to ask that question, then you probably need a helping hand.  

Feel free to call one of our Cloud Specialist Architects to get the plan rolling. Call 01235 433900 or email [email protected] and ask about a Free Cloud Readiness Assessment.  

WormGPT: Phishing-as-a-Service the Rise of AI lead Phishing Attacks

WormGPT

Have you been following my latest series of articles on AI and the moving threats of the AI lead wave? If you have, you will have heard me talk about the use of AI to generate content for cyber-attacks, especially their use to increase the effectiveness of Phishing attacks. But have you heard about WormGPT?

Almost as predicted a new AI-lead Phishing service has launched titled WormGPT. Its name is a homage to the AI service ChatGPT which it claims to mirror. The creators call it an equivalent to the natural language engine’s human-like answers to questions.

How does it work?

The way that WormGPT stands out is very simple. All the security measures and protections used to prevent the generation of malicious code or attacks in ChatGPT are removed. WormGPT actively encourages this behaviour. No wonder, it is developed by known hackers and actively promotes malware and other cybercrime on the page.

cybersecurity

WormGPT is a subscription-based service on the dark web. Like many of these services, it can be used to promote and enhance phishing attacks. It is another case of Phishing-as-a-service and will only lead to more complex and higher-risk cyberattacks hitting the public.

With this on the rise, all we can recommend is that you stay alert. Stay aware and have the right protections in place to prevent phishing attacks. You should have time-of-click protection enabled on all links in your business. If you need more guidance on this, you should reach out to your Planet IT account manager.

How our Cybersecurity experts can help…

Are you struggling to get your head around how AI affects cybersecurity? Then please call 01235 433900 or you can email [email protected]. Or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

What does AI Legislation Look Like?

AI legislation

We have all seen the rise of AI-based technologies and the fear-mongering around the existential risk to humanity and how AI will take over all jobs.

Before I get into it – this article was NOT written by ChatGPT, Google Bard or any other LLM. These are my own words – but of course that’s probably what I would said if AI did write this blog. 

Okay, back to the point, let’s put some cold water on that fire that AI is going to take your job.

Yes, AI will hugely revolutionise how we all work, how our employers interact and what they expect from us. But at the moment, AI cannot replace a human. Most of the improvement in AI in the last 12 months has come from Large Language Models, better known as LLMs, but their design models are built on learning from existing material fed into it from existing sources.

Human written and developed sources, from this data, can extrapolate, develop, modify and present a response to a natural language question from the data they have been taught, which needs to be closely monitored and checked to ensure integrity and verify its truthfulness.

One Big Flaw

This is where current AI draws its major flaw: it cannot distinguish fact from fiction – it only knows its data. This is why when you feed data back into AI from AI, the model degrades, and very quickly, you lose all sense of fact, and the results become conjecture or in some cases completely false. This is why, in the short term, AI cannot replace the human operating it because we all need to take the presented data and give it the once over and look at the text and say, “Does that really make sense, and is that really the truth or is it some biased opinion or even worse incorrect?”.

The same logic applies when you look at replacing human roles with AI; someone will need to be the gatekeeper to the operation, and someone will need to validate the output.

Some tasks are at risk

AI may well replace the roles that we currently spend hours on. For example, writing this article has consumed a good chunk of my time and is done by reading sources, digesting news and creating a written argument that pulls this together. In the future, AI will be the one writing this article, pulling from the latest data (This is important as current AI is using legacy data) to generate an article. This will then be checked over by myself and then a copywriter and published for you to consume. This won’t make the copywriter redundant, or me, but will change the expectations of our employer as to the expected deliverables of our roles. This is the key behind the headline that AI can’t replace humans in its current form. In future forms, it may well be able to alter many people’s working lives, but humans are still going to be a key part of the puzzle.

So how is it going to be regulated? 

To come onto the second point around control and legislation, we are seeing a continued wave of posturing by Governments and Big Tech about AI and how it needs to be controlled. Some of this is playing to the crowd. With the general public so concerned about AI and how it will affect them, legislators are looking to make sure they have a stance on it and try to control the headline.

That piece aside, there is a very important decision to be made by Governments and the global community about AI: Who sets the boundaries?

Is it going to be Big Tech like it was with the Social Media Revolution, where the world changed, and Governments spent ten years getting up to speed on the technology and how to control and police it? Or will the Governments of the world take control? Will they try to limit the development of AI, stunting its potential with overly controlling legislation which prevents Big Tech and start-ups from developing with AI and pushing the boundaries of what we currently know AI is capable of?

ChatGPT for business

What do I think?

Now, I see this as a very hard line to balance with some European countries’ swing for all-out AI bans before we have even got AI into our everyday workflows. It seems to be exactly what I mentioned before, stifling the development of those countries and the businesses that operate within them. That said, on the flip side, with no control and protection, we could see a world very quickly where AI not developed by us is being used to operate and control CCTV, Traffic light systems, and self-driving cars. This presents a very real risk to the citizens of a given country should the ability to control the AI fall into the wrong hands.

I believe that most regulation will come down to a risk vs reward model, where mainstream AI development is not prevented, but the integration of the technology too heavily into the core infrastructure or day-to-day safety of a country’s citizens will be restricted to prevent the risks I mention above. I don’t believe there is any silver bullet, and with any developing technology, you need to adapt and adjust to it. Businesses that are leveraging the technology need to be sensitive to the risks they present should their tool be leveraged by threat actors or hostile nations.

You shouldn’t fear AI in your business; you should also be aware that not all AI headlines are true to the nature of the risk. AI is amazing if used correctly, and if you ensure you understand the technology and put proper protection in place, it is a hugely powerful tool; when done incorrectly, you can easily put your business or your data at risk.

If you want to talk to one of our experts about how we can help you with your security and understanding of LLMs, then please call 01235 433900, or you can email [email protected], or if you would like to speak to me directly, you can reach out to me via DM or at [email protected].

Azure AD is becoming Microsoft Entra ID

Microsoft Entra ID

You may not yet be too familiar with Microsoft Entra, but it’s about to become a much bigger part of your Microsoft environment.

Microsoft Azure AD, the cloud-based identity and access management solution that powers millions of organisations, is becoming Microsoft Entra ID.

This change reflects Microsoft’s vision to provide a unified and comprehensive identity platform that helps you secure your organization, empower your employees, and enable your digital transformation.

With Microsoft Entra ID, you can benefit from the latest innovations in identity protection, governance, and management, as well as seamless integration with Microsoft 365, Azure, and other cloud services.

ID Protection: Prevent account compromise with machine learning.

ID Protection helps you detect and stop identity attacks in real time. It uses advanced machine learning to identify sign-in anomalies and user behaviour that indicate a risk of compromise. For example, it can trigger a Conditional Access policy that requires strong authentication methods for accessing sensitive resources. This way, you can protect your accounts from phishing, malware, and other threats.

Azure AD is becoming Microsoft Entra ID

ID Dashboard: Monitor your identity security posture with insights and recommendations.

ID Dashboard shows you the impact of your identity protections, the most common attack patterns, and your organisation’s risk exposure. You can view metric cards and attack graphs that show risk origins, security posture over time, and types of current attacks. You can also get recommendations based on best practices and industry standards. With these insights, you can further investigate your security posture in other tools and applications.

ID Governance: Automate access governance with workflows and self-service.

ID Governance helps you ensure that only the right identities have the right access at the right time. It automates the employee identity lifecycle to reduce manual work for IT and increase employee productivity. It also provides machine learning-based insights about identities and app entitlements. You can use workflows and self-service to grant and revoke access to cloud and on-premises apps from any provider and custom-built apps hosted in the public cloud or on-premises. This way, you can comply with organizational and regulatory security requirements.

Apple Software – Critical WebKit Vulnerability: CVE-2023-37450

Apple Vulnerability

Apple has recently released a number of security advisories to address a zero-day vulnerability in Safari, iOS, iPadOS, and macOS Ventura. An attacker could exploit this vulnerability (being tracked as CVE-2023-37450) to achieve remote code execution. It has been reported that this vulnerability is being actively exploited, which means that attackers are currently using this security flaw to gain unauthorised access to systems, potentially leading to data theft, system damage, or other malicious activities. It is therefore imperative that you check and apply these patches as soon as possible.

Apple Rapid Security Response

Apple has rolled out a new protocol, termed Rapid Security Responses, to expedite the release of critical security enhancements in between regular software updates for iOS, iPadOS, and macOS. This approach allows for a more immediate response to certain security issues such as this one. Upon the application of a Rapid Security Response, a letter is appended to the software version number, indicating that the update has been implemented.

Who and What is Affected?

The vulnerability affects all devices running: iOS, iPadOS, and macOS Ventura that have not been updated to the latest security patches. This includes iPhones, iPads, and Mac computers. The exploit could be triggered by a vulnerable browser processing specially crafted (malicious) web content, leading to remote code execution.

How Can Attackers Exploit This Vulnerability?

Attackers can exploit this vulnerability by creating a webpage or web content that includes malicious code designed to exploit the vulnerability in Apple WebKit. They then need to trick the victim into opening this malicious webpage. This could be done through a phishing email, a message, or by compromising a website that the victim trusts and visits often. Once the victim opens the malicious webpage on a vulnerable browser, the malicious code is executed.

 

What Could Happen If This Vulnerability Is Exploited?

With the ability to execute arbitrary code, an attacker could potentially gain control over the victim’s device. This could allow them to install malware, steal sensitive data, create backdoors for future access, and more. In essence, the attacker could gain the same access to the device as the user, leading to a significant breach of privacy and security.

How to Patch This Vulnerability?

Apple has addressed this issue with improved checks in their Rapid Security Response updates. The patches were initially released for macOS Ventura 13.4.1 (a), iOS 16.5.1 (a), iPadOS 16.5.1 (a), and Safari 16.5.2. However, due to a bug in Safari, some of the updates were pulled. Apple has since released new fixes to address this issue.

 

To patch this vulnerability, users should update their devices to the latest software versions:

iOS 16.5.1 (a) and iPadOS 16.5.1 (a), released on July 10, 2023.

iOS 16.5.1 (c) and iPadOS 16.5.1 (c), released on July 12, 2023.

macOS Ventura 13.4.1 (a), released on July 10, 2023.

To check for updates, go to the settings of your device, select ‘General’, and then ‘Software Update’. If an update is available, tap ‘Download and Install’.

Connect the Classroom: Funded Wi-Fi For Schools

Connect The Classroom, Government funding for schools

The Connect the Classroom scheme is a government-funded program that provides funding for schools in eligible areas to upgrade their wireless network infrastructure. This funding can be used to improve the speed, reliability, and coverage of a school’s Wi-Fi network.

Just some of the benefits of the Connect the Classroom scheme include:

Faster and more reliable internet access:

A faster and more reliable internet connection can help students to access online resources more quickly and easily, and can also help to reduce the number of dropped connections during online lessons.

Improved collaboration:

A better Wi-Fi network can make it easier for students to collaborate on projects, and can also help teachers to deliver lessons that require students to work together online.

Enhanced learning experiences:

A better Wi-Fi network can open up new possibilities for learning, such as the use of virtual reality and augmented reality.

Improved Security:

Install the latest, most robust Wi-Fi network allowing you to take advantage of the best security solutions.

How to use the Connect the Classroom scheme

A school must be located in an Education Investment Area to be eligible for the Connect the Classroom scheme. Schools can apply for funding by submitting a proposal to the Department for Education. The proposal should include information about the school’s current Wi-Fi network, planned improvements, and the benefits the school expects to achieve from the upgrade.

How do I know if my school is eligible?

You can talk to your Planet IT Account manager, and we will find out for you, but basically:

All state schools in Priority Education Investment Areas (EIAs) are eligible to apply for funding.

Priority EIAs are schools in:

Blackpool, Bradford, Derby, Doncaster, Fenlands and East Cambridgeshire, Halton, Hartlepool, Hastings, Ipswich, Knowsley, Liverpool, Middlesbrough, North Yorkshire Coast, Norwich, Nottingham, Oldham, Portsmouth, Rochdale, Salford, Sandwell, Stoke-on-Trent, Tameside, Walsall, West Somerset.

Schools in other EIAs with an Ofsted rating below ‘Good’ are also eligible to apply for funding.

Other EIAs are:

Bedford, Bolton, Bury, Cambridgeshire, Central Bedfordshire, Cornwall, County Durham, Coventry, Darlington, Derbyshire, Dorset, Dudley, East Sussex, Isle of Wight, Kirklees, Leeds, Lincolnshire, Luton, Manchester, Norfolk, North Northamptonshire, North Somerset, North Yorkshire, Nottinghamshire, Peterborough, Plymouth, Rotherham, Sefton, Somerset, South Gloucestershire, South Tyneside, St. Helens, Suffolk, Sunderland, Swindon, Wakefield, Wirral.

Priority Education Investment Areas (EIAs)

Map & detail source, click here.

So, what do you do now?

The Connect the Classroom scheme is a valuable resource for schools that are looking to improve their Wi-Fi network, as essential for modern learning. The Planet IT Education Specialists can walk you through the process.

Here are the steps you can take now.

  1. Talk to your Planet IT Account Manager to start the process and check if your school is eligible.
  2. Discuss the best Wi-fi solution for your school.
  3. Secure your quote to include with your proposal to the Department for Education.
  4. Once approved, install the upgrades.
  5. Enjoy the benefits of a faster, more reliable Wi-Fi network!

 

The Cloud: Your Ticket To Growth Or Your Ticket To Extinction?

The Cloud: Your Ticket To Growth Or Your Ticket To Extinction?

The cloud is no longer the future of IT. It is the now of IT. Businesses that don’t embrace cloud computing are putting themselves at a serious disadvantage.

Here are just a few of the reasons why your business will be left behind if you don’t embrace the cloud:

  • You’ll be less competitive. Cloud-based businesses can be more agile and responsive to change. They can also scale up or down their resources as needed, which gives them a significant advantage over businesses that are still using on-premise solutions.
  • You’ll lose customers. Customers are increasingly demanding cloud-based services. If your business doesn’t offer these services, you’ll lose out on potential customers.
  • You’ll be more vulnerable to security threats. Cloud providers have a team of security experts who are constantly monitoring their systems for threats. On-premise solutions, on the other hand, are often more vulnerable to security breaches.
  • You’ll spend more money. Cloud computing can be more cost-effective than on-premise solutions, especially over time. This is because you only pay for the resources you use.

If you’re still not convinced, consider this: a recent study by McKinsey found that businesses that adopt cloud computing are more likely to grow their revenue by 20% than businesses that don’t.

So, what are you waiting for? Embrace the cloud and start reaping the benefits today.

Here are some specific examples of how businesses in the UK are being left behind by not embracing the cloud:

  • A medium-sized business in Swindon is struggling to compete with larger businesses that are using cloud-based marketing and sales tools.
  • A manufacturing company in Reading is losing customers because it can’t offer cloud-based customer service.
  • A financial services company in Oxford is at risk of a security breach because it is still using on-premise servers.

These are just a few examples of the many businesses in the UK that are being left behind by not embracing the cloud. If you don’t want to be one of them, then it’s time to start planning your move to the cloud today.

Don’t miss out on the benefits of cloud computing. Embrace the cloud and start growing your business today. Contact me directly if you have any questions – [email protected] or DM me on LinkedIn

Microsoft Azure vs OnPrem

Looking for a technology partner?
Let’s talk

  • This field is for validation purposes and should be left unchanged.