Integrating Generative AI

Integrating Generative AI, Machine Learning and AI

In the dynamic landscape of technology, integrating Generative AI, Machine Learning (ML), and Artificial Intelligence (AI) has become imperative for businesses to stay competitive and innovative.

 

Not since the dot.com era have we seen such a dramatic shift in technology, which has become a part of our everyday lives. 

 

Businesses must adapt and integrate AI, ML and GenAI into their short and long-term IT strategies. To enable employees to access AI tools from their workstations, mobiles and any web-enabled device. 

 

More than ever, IT professionals ought to be committed to developing robust strategies that leverage these technologies to enhance operational efficiency, customer experiences and overall business outcomes. This article will explore key considerations and recommendations for incorporating Generative AI, Machine Learning, and AI into your IT strategies in 2024.

Understanding the Business Objectives:

 

As IT leaders, you must align the adoption of Generative AI, ML, and AI with the broader business objectives.

 

Due to a lack of consideration for your business’s strategic objectives, the improper use and implementation of these technologies may have little or no effect on achieving organisational objectives. In other words, these tools should be complementary and continuously aligned with the organisational strategy. For instance, some technologies may not necessarily support the direction of the business. The same principle applies to the implementation of strategic IT decisions.

 

Conversely, the judicious use of AI can elevate customer service satisfaction and increase operational efficiency, which can lead to gaining a competitive advantage in some shape or form.

 

Crafting an effective IT strategy based on individual business merits will help choose technologies tailored to individual needs that will support development and growth.

 

Talent Acquisition and Skill Development:

 

Investing in talent is crucial for successful implementation. IT leaders should assess the existing skill set within their teams and identify the gaps. This is crucially important as well as your current team’s skill including knowledge of working with IA set vs. AI delivery services.  

Hiring or upskilling employees in areas like data science, machine learning, and deep learning ensures that the organisation has the expertise to drive AI initiatives. Not only focusing on the team who will support it, but your IT strategy must also focus on how you train end users to understand, leverage and validate where AI is used.

 

Establishing a Data-Driven Culture:

 

Generative AI and ML rely heavily on data. IT leaders must foster a data-driven culture within the organisation, emphasising the importance of high-quality, relevant data. It has always been a challenge for businesses to hold data regardless of its quality, relevance, or ability to be reused, ingested, or understood by a system. With AI, both structured and unstructured data can be used, but the data still needs to be relevant if you implement a system to reduce the amount of time your business spends on answering customer queries based on previous fixes but don’t check the previous fixes for validity you are likely to suggest non-solutions and harbour distrust in the system. This involves implementing data governance practices, ensuring data security, and promoting collaboration between IT and business units to derive meaningful insights. Tools like Microsoft Purview are a great place to start when looking into your data and its governance.

 

Creating a Robust Infrastructure:

 

IT leaders need to invest in a robust and scalable infrastructure to support the increased computational demands of AI applications. For most, this will mean looking at a transparent Cloud and edge computing strategy, moving away from private and co-located data centres on dedicated hardware to pooled and shared, scalable solutions like Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform (GCP). This becomes critical when you consider that for some AI workloads, you will need specialised hardware such as GPUs, which may be essential IT infrastructure components to ensure optimal performance or gain the results your business requires. For those who want to remain on-premises, then your strategy needs to directly reflect a hybrid cloud approach as you will not be able to run many of these tools in your environment and will instead need to run the toolset where it is best suited be that with the vendor or on a public cloud instance.

 

Implementing Explainable AI:

 

As your strategy reflects how your business increasingly relies on AI-driven decisions, you must ensure that your business, customers, and staff can maintain faith in the solution; therefore, transparency becomes critical. As IT leaders, you should prioritise adopting Explainable AI models that provide clear insights into how AI algorithms arrive at specific conclusions. This transparency builds trust both internally and externally. This is easier said than done with some of the current Generative AI toolings, and therefore, your IT Strategy should reflect how you will tackle this when selecting the tools you will work with.

 

Security and Compliance:

 

Ensuring the security of AI systems is paramount. As an IT leader, you must integrate AI technologies in compliance with industry regulations and standards. Now, most of these AI tools currently take little consideration for the regulations and standards your business might have to reach, be that HIPPA, PCI-DSS, or ISO. Therefore, it will fall to you and your strategic approach to ensure that safeguards are put in place and that you remain in control of your data, its sovereignty and how it is being used. Additionally, implementing robust cybersecurity measures is essential to protect sensitive data and maintain the integrity of AI applications; this does not stop with just placing anti-virus on a system; you will need to think beyond this and engage with the right security partners.

 

Continuous Monitoring and Improvement:

 

AI models require ongoing monitoring and refinement. IT leaders should establish mechanisms for continuous evaluation of AI systems, identifying areas for improvement and adapting strategies based on real-world performance. Regular updates and adjustments ensure that AI applications remain effective and aligned with evolving business goals. Remember that even though a model is good today, it will still be better in 6 months or a year. Also, the data set will age out on models, therefore, you need to ensure you understand how and when this will be updated to support your business. 

 

Collaboration and Communication:

 

Successful AI implementation requires effective collaboration between IT and all business units. IT leaders should facilitate communication, break down silos, and encourage cross-functional collaboration to ensure that AI initiatives align with the overall business strategy. No man is an island, and if you make your safe in this landscape, you will quickly fall behind. While implementing your IT strategy, you engage a cross-business group and work with them to support you in understanding how to engage the wider business and provide training, support, and guidance to maximise uptake and effectively communicate the changes coming.

 

In 2024, the strategic integration of Generative AI, Machine Learning, and AI into IT strategies is critical to business success. IT leaders must align these technologies with business objectives, invest in talent and infrastructure, foster a data-driven culture, prioritise security and compliance, and ensure continuous monitoring and improvement. By adopting a holistic approach, you, as an IT professional, can position your organisations at the forefront of technological innovation, driving sustainable growth and competitive advantage in the ever-evolving digital landscape.

 

If you want to talk to one of our experts about how we can help you with your IT strategy or implementing AI into your business, then please call 01235 433900, or you can email [email protected], or if you would like to speak to me directly, you can reach out to me via DM or at [email protected].

Securing Tomorrow: Navigating Cybersecurity in 2024 (Amidst the Rise of Generative AI)

AI & Cybersecurity in 2024

As we plunge deeper into the digital era, the evolution of technology continues to shape the landscape of cybersecurity. 2023 has been a landmark year for the uptake and integration of Artificial Intelligence into our business, lives and technologies. However, now it’s time to look at cybersecurity in 2024

2024 will mark a significant milestone. The widespread adoption of generative AI technologies propelling us into uncharted territories. Not only are we learning about how to use these technologies and leverage them to make our business more effective and our work lives that little bit easier, but at the same time we are trying to understand how this technology should be legislated, managed and secured. While these advancements bring unprecedented opportunities, they also usher in new challenges. Especially with the escalating risks posed by malicious actors utilising AI to launch smarter, more efficient cyber-attacks. In this article, we delve into the future of cybersecurity and explore crucial measures businesses should undertake to fortify their defences against AI-driven threats.

2023 has been a year of seismic change in the IT landscape. Most of this initial change has been driven in part by the wave of generative AI products that have come to the market. Starting with the introduction of ChatGPT from OpenAI and then the race to get GenAI into every business and every consumer as quickly as possible. This is not the only change that has dramatically affected the market but it is the starting point from which most of the other shifts have occurred.

Because of this, when looking at what 2024 looks like, we need to consider these rapid changes. We can’t just look at today’s landscape. We need to consider what is the risks of the following 12 months are going to look like

The Proliferation of Generative AI:

Generative AI technologies, fuelled by machine learning algorithms, have demonstrated remarkable capabilities in various domains, from content creation to problem-solving. However, with great power comes great responsibility (“Ben Parker – Spiderman (just before he dies [SPOLIERS]”), and in the realm of cybersecurity, the advent of generative AI presents a double-edged sword. While businesses and individuals can leverage GenAI to increase their productivity, remove manual tasks or understand complex situations, Cybercriminals are increasingly leveraging these technologies to automate and enhance the sophistication of their attacks.

AI Cybersecurity event

AI-Driven Threats: A New Frontier:

The integration of generative AI in cyber attacks introduces a new level of complexity and efficiency. AI-driven threats can adapt in real-time, learning from defensive measures and continuously evolving to exploit vulnerabilities. From intelligent phishing schemes to adaptive malware, businesses now face a formidable adversary that can circumvent traditional security protocols with unprecedented agility. This enables bad actors to push RaaS (Ransomware as a Service) and enable less skilled individuals to trigger and deploy increasingly complex attacks on businesses with little to no knowledge of what the attack does or how it is written.

So how do we move forward? As a business what should you be doing to protect yourselves, your staff and your business from the wave of GenAI that isn’t hear to help you out? I have collated Five steps that I called the Business Imperatives for Cybersecurity in 2024:

Investing in AI-Powered Defence Systems:

To counter the rising tide of AI-driven threats, businesses must invest in cutting-edge, AI-powered defence systems. These systems should not only detect known patterns but also employ advanced machine learning algorithms to identify anomalous behaviour indicative of potential attacks. Your £10 a year subscription to a nearly free Antivirus or Antimalware platform is no longer enough, the companies who are not innovating in this space and failing behind and they are doing so quickly. In 2024, EDR/XDR – Endpoint Detection and Response or (X)Extended Detection and Response are now a minimum, for nearly all businesses from SME/SMB to Blue Chip a managed SoC (Security Operations Centre) or Managed Detection and Response (MDR) service is a must. The level of protection on your client devices has never been more important especially as the edge of the network dissolves and users and businesses embrace remote working.

Continuous Training and Skill Development

The human element remains crucial in the fight against cyber threats. Regular training and skill development programs are imperative to equip cybersecurity teams with the knowledge and expertise needed to combat evolving AI-driven attacks effectively.

When looking at what we do moving forward we have to start with the human aspect of protection “The Human Firewall” as I like to call it. Training your end users has and always will be the most critical line of defence a business has. Now I have said this before and I will undoubtedly say it again in one of these articles or at a keynote. If you fail to train your end users to not only use the technology in front of them or understand the risks they pose as users to the data and information security of the business you will undoubtedly risk a catastrophic failure. Users are the most risky part of your business, they move, they are forgetful and they tend to be overly sharing even when you have specifically told them not to be. What we will need to do as we step into 2024 is train end users to understand the risks of AI, what it does/doesn’t/can/cannot do with data.

Once they understand this you will need to wrap true security awareness training around this. The training will need to be broad but also deep to ensure that users do not fall into the trap of not knowing the breadth of the risks but also don’t end up receiving such high-level input they never really understand how deep that rabbit hole can go.

microsoft intune

Zero-Trust Security Architecture

Adopting a zero-trust security architecture is paramount in the age of AI-driven threats. Rather than relying solely on perimeter defences, businesses should implement robust identity verification, continuous monitoring, and strict access controls to mitigate the risk of unauthorized access. We need to build systems, services and business with Zero Trust at the core. When my team is asked to work on a solution for a customer or migration to the cloud, this is where we begin the days of trusting the perimeter of the network to defend us are gone. We need robust Zero Trust across every system, platform and service. If you don’t have Zero Trust you have too much trust!

Collaboration and Information Sharing

Cybersecurity is a collective effort, and businesses should actively participate in information sharing and collaborative initiatives. At Planet IT, I make this a core of what we do with regular information-sharing sessions, events and webinars (including this blog!). Building a strong network of industry peers and sharing threat intelligence can enhance the collective ability to thwart sophisticated AI-driven attacks. If you don’t know where to start with this reach out to [email protected] and we will get you connected with like-minded individuals across the UK and EMEA and help you build your network of peers.

Regulatory Compliance and Ethical AI Usage

Beyond technological solutions, fostering a cybersecurity culture within an organisation is paramount. Employees should be educated about the potential risks associated with AI-driven threats and encouraged to adopt best practices, such as vigilant email scrutiny, regular password updates, and reporting suspicious activities promptly. This starts from the first day they join your business and should be a continued journey throughout their time with you. The days of training once worrying later are gone. We must be keeping our staff as up-to-date as we are, bringing the business with you is the hardest part of the battle with AI and Cyber Security in 2024.

As we stand on the precipice of a future dominated by generative AI, the importance of robust cybersecurity measures cannot be overstated. Businesses must proactively adapt to the evolving threat landscape by embracing advanced technologies, fostering a cybersecurity-conscious culture, and collaborating with the broader industry. By doing so, they can not only defend against the rising tide of AI-driven threats in 2024 but also pave the way for a more secure digital future. Just remember, AI is Amazing but if you fail to understand it, properly protect it or secure it then it’s a disaster waiting to happen!

If you want to talk to one of our experts about how we can help you with your security and understanding of AI then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

AI & Cybersecurity in 2024

 

How to create and implement a cloud strategy

How to Create and Implement a Cloud Strategy

Cloud-based solutions are helping organisations achieve greater agility, efficiency, and innovation, and even increasing end-user satisfaction. That said, moving to the cloud is not always just as simple as clicking a few boxes and pressing go. It can be a drawn-out or complex process. Any cloud migration strategy requires careful planning and execution to ensure a successful outcome and avoid the typical major pitfalls. 

In this article, we will explain what your cloud strategy should include, why you need one, and how to create and implement one for your organisation.  

We will also share some tips and best practices from our experience as a Microsoft Solutions Partner specialising in Microsoft Azure, Microsoft 365 and cloud migration specialist. 

 

What is a cloud strategy? 

A cloud strategy is a concise viewpoint on the role of cloud computing in your organisation. It defines what you want to achieve with the cloud, how you will get there, and how you will measure your progress and results. 

A cloud strategy is different from a cloud implementation plan, which offers the “how” rather than the “what” and “why”. A cloud implementation plan details the specific steps, actions, and resources needed to execute your cloud strategy. 

You need a cloud strategy because it helps you: 

  • Align your cloud solutions with your business goals and user needs. 
  • Communicate your vision and direction to your stakeholders and partners. 
  • Identify and mitigate the potential challenges and risks of cloud adoption. 
  • Optimise your costs and benefits of using the cloud. 
  • Monitor and evaluate your performance and outcomes. 

Cloud Strategy

What if you don’t prepare for the cloud properly? 

Without a clear and coherent cloud strategy, you may end up with: 

  • A complex and expensive technology estate that does not meet your expectations or requirements. 
  • A lack of coordination and collaboration among your teams and departments 
  • A loss of control and visibility over your data and processes 
  • A reduced ability to respond to changing market conditions and customer demands. 

So, where do you start? 

If you have to ask that question, then you probably need a helping hand.  

Feel free to call one of our Cloud Specialist Architects to get the plan rolling. Call 01235 433900 or email [email protected] and ask about a Free Cloud Readiness Assessment.  

WormGPT: Phishing-as-a-Service the Rise of AI lead Phishing Attacks

WormGPT

Have you been following my latest series of articles on AI and the moving threats of the AI lead wave? If you have, you will have heard me talk about the use of AI to generate content for cyber-attacks, especially their use to increase the effectiveness of Phishing attacks. But have you heard about WormGPT?

Almost as predicted a new AI-lead Phishing service has launched titled WormGPT. Its name is a homage to the AI service ChatGPT which it claims to mirror. The creators call it an equivalent to the natural language engine’s human-like answers to questions.

How does it work?

The way that WormGPT stands out is very simple. All the security measures and protections used to prevent the generation of malicious code or attacks in ChatGPT are removed. WormGPT actively encourages this behaviour. No wonder, it is developed by known hackers and actively promotes malware and other cybercrime on the page.

cybersecurity

WormGPT is a subscription-based service on the dark web. Like many of these services, it can be used to promote and enhance phishing attacks. It is another case of Phishing-as-a-service and will only lead to more complex and higher-risk cyberattacks hitting the public.

With this on the rise, all we can recommend is that you stay alert. Stay aware and have the right protections in place to prevent phishing attacks. You should have time-of-click protection enabled on all links in your business. If you need more guidance on this, you should reach out to your Planet IT account manager.

How our Cybersecurity experts can help…

Are you struggling to get your head around how AI affects cybersecurity? Then please call 01235 433900 or you can email [email protected]. Or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

What does AI Legislation Look Like?

AI legislation

We have all seen the rise of AI-based technologies and the fear-mongering around the existential risk to humanity and how AI will take over all jobs.

Before I get into it – this article was NOT written by ChatGPT, Google Bard or any other LLM. These are my own words – but of course that’s probably what I would said if AI did write this blog. 

Okay, back to the point, let’s put some cold water on that fire that AI is going to take your job.

Yes, AI will hugely revolutionise how we all work, how our employers interact and what they expect from us. But at the moment, AI cannot replace a human. Most of the improvement in AI in the last 12 months has come from Large Language Models, better known as LLMs, but their design models are built on learning from existing material fed into it from existing sources.

Human written and developed sources, from this data, can extrapolate, develop, modify and present a response to a natural language question from the data they have been taught, which needs to be closely monitored and checked to ensure integrity and verify its truthfulness.

One Big Flaw

This is where current AI draws its major flaw: it cannot distinguish fact from fiction – it only knows its data. This is why when you feed data back into AI from AI, the model degrades, and very quickly, you lose all sense of fact, and the results become conjecture or in some cases completely false. This is why, in the short term, AI cannot replace the human operating it because we all need to take the presented data and give it the once over and look at the text and say, “Does that really make sense, and is that really the truth or is it some biased opinion or even worse incorrect?”.

The same logic applies when you look at replacing human roles with AI; someone will need to be the gatekeeper to the operation, and someone will need to validate the output.

Some tasks are at risk

AI may well replace the roles that we currently spend hours on. For example, writing this article has consumed a good chunk of my time and is done by reading sources, digesting news and creating a written argument that pulls this together. In the future, AI will be the one writing this article, pulling from the latest data (This is important as current AI is using legacy data) to generate an article. This will then be checked over by myself and then a copywriter and published for you to consume. This won’t make the copywriter redundant, or me, but will change the expectations of our employer as to the expected deliverables of our roles. This is the key behind the headline that AI can’t replace humans in its current form. In future forms, it may well be able to alter many people’s working lives, but humans are still going to be a key part of the puzzle.

So how is it going to be regulated? 

To come onto the second point around control and legislation, we are seeing a continued wave of posturing by Governments and Big Tech about AI and how it needs to be controlled. Some of this is playing to the crowd. With the general public so concerned about AI and how it will affect them, legislators are looking to make sure they have a stance on it and try to control the headline.

That piece aside, there is a very important decision to be made by Governments and the global community about AI: Who sets the boundaries?

Is it going to be Big Tech like it was with the Social Media Revolution, where the world changed, and Governments spent ten years getting up to speed on the technology and how to control and police it? Or will the Governments of the world take control? Will they try to limit the development of AI, stunting its potential with overly controlling legislation which prevents Big Tech and start-ups from developing with AI and pushing the boundaries of what we currently know AI is capable of?

ChatGPT for business

What do I think?

Now, I see this as a very hard line to balance with some European countries’ swing for all-out AI bans before we have even got AI into our everyday workflows. It seems to be exactly what I mentioned before, stifling the development of those countries and the businesses that operate within them. That said, on the flip side, with no control and protection, we could see a world very quickly where AI not developed by us is being used to operate and control CCTV, Traffic light systems, and self-driving cars. This presents a very real risk to the citizens of a given country should the ability to control the AI fall into the wrong hands.

I believe that most regulation will come down to a risk vs reward model, where mainstream AI development is not prevented, but the integration of the technology too heavily into the core infrastructure or day-to-day safety of a country’s citizens will be restricted to prevent the risks I mention above. I don’t believe there is any silver bullet, and with any developing technology, you need to adapt and adjust to it. Businesses that are leveraging the technology need to be sensitive to the risks they present should their tool be leveraged by threat actors or hostile nations.

You shouldn’t fear AI in your business; you should also be aware that not all AI headlines are true to the nature of the risk. AI is amazing if used correctly, and if you ensure you understand the technology and put proper protection in place, it is a hugely powerful tool; when done incorrectly, you can easily put your business or your data at risk.

If you want to talk to one of our experts about how we can help you with your security and understanding of LLMs, then please call 01235 433900, or you can email [email protected], or if you would like to speak to me directly, you can reach out to me via DM or at [email protected].

Windows Server 2012 R2 End Of Support – Act Now Or Face The Consequences!

Windows Server 2012 R2 End of Support

If you are an IT professional running Windows Server 2012 or Windows Server 2012 R2 server, you need to be aware that support for these products will end on October 10, 2023. This means that regular security updates, non-security updates, bug fixes, technical support, and online technical content updates will no longer be provided by Microsoft.

This poses a serious risk to your business. You will be exposed to potential security breaches, compliance issues, and performance problems. Alongside several key vendors dropping support for their products as soon as this platform leaves standard support with Microsoft.

You will also miss out on the latest features and innovations that newer versions of Windows Server offer. This includes improved security, scalability, reliability, and efficiency.

Therefore, you need to act now and plan your migration strategy before it is too late. You have two real options and one really bad idea to choose from.

Embrace The Cloud and get all the benefits

Migrate to Microsoft Azure and receive free Extended Security Updates (ESUs) for three years after the end of support. You can move your applications and databases to Azure Virtual Machines and benefit from the cloud’s flexibility, scalability, and cost-effectiveness.

You can also use Azure Arc to manage your hybrid environment and receive automated/scheduled ESU updates and installation. This can simply be a lift and shift for now. Use the three years to get prepared for a newer operating system.

Upgrade your Windows Server

Upgrade to Windows Server 2022 or purchase ESUs for Windows Server 2012. If you prefer to stay on-premises, you can upgrade to the latest version of Windows Server. This will offer enhanced security, performance, and innovation. Alternatively, you can purchase ESUs for Windows Server 2012, which will provide security updates only for up to three years after the end of support. This can only be done if you are on an Enterprise Agreement with Microsoft. For most businesses, this won’t be an option.

Or….

…and you’d be really stupid to do this!

Do nothing and wait to join over 50% of UK-based businesses that suffer a major cyber incident each year. With an unsupported product, it will only be a matter of weeks before a major attack is launched by a threat actor against an operating system using unpatched vulnerabilities.

Whichever option you choose, you need to start preparing now and avoid the risks of running unsupported software.

Don’t know which way to turn…. Then reach out to the Technical Architecture team and we will help you understand your options and support you in the drive to move away from 2012 R2.

We are an IT company based in the UK that advises thousands of businesses, IT managers and leaders on all things Tech. We can help you with your migration plan and ensure a smooth transition to the latest Windows Server solutions. Contact us today and let us help you secure your future.

Windows Server 2012 R2 End of Support

Azure AD is becoming Microsoft Entra ID

Microsoft Entra ID

You may not yet be too familiar with Microsoft Entra, but it’s about to become a much bigger part of your Microsoft environment.

Microsoft Azure AD, the cloud-based identity and access management solution that powers millions of organisations, is becoming Microsoft Entra ID.

This change reflects Microsoft’s vision to provide a unified and comprehensive identity platform that helps you secure your organization, empower your employees, and enable your digital transformation.

With Microsoft Entra ID, you can benefit from the latest innovations in identity protection, governance, and management, as well as seamless integration with Microsoft 365, Azure, and other cloud services.

ID Protection: Prevent account compromise with machine learning.

ID Protection helps you detect and stop identity attacks in real time. It uses advanced machine learning to identify sign-in anomalies and user behaviour that indicate a risk of compromise. For example, it can trigger a Conditional Access policy that requires strong authentication methods for accessing sensitive resources. This way, you can protect your accounts from phishing, malware, and other threats.

Azure AD is becoming Microsoft Entra ID

ID Dashboard: Monitor your identity security posture with insights and recommendations.

ID Dashboard shows you the impact of your identity protections, the most common attack patterns, and your organisation’s risk exposure. You can view metric cards and attack graphs that show risk origins, security posture over time, and types of current attacks. You can also get recommendations based on best practices and industry standards. With these insights, you can further investigate your security posture in other tools and applications.

ID Governance: Automate access governance with workflows and self-service.

ID Governance helps you ensure that only the right identities have the right access at the right time. It automates the employee identity lifecycle to reduce manual work for IT and increase employee productivity. It also provides machine learning-based insights about identities and app entitlements. You can use workflows and self-service to grant and revoke access to cloud and on-premises apps from any provider and custom-built apps hosted in the public cloud or on-premises. This way, you can comply with organizational and regulatory security requirements.

Apple Software – Critical WebKit Vulnerability: CVE-2023-37450

Apple Vulnerability

Apple has recently released a number of security advisories to address a zero-day vulnerability in Safari, iOS, iPadOS, and macOS Ventura. An attacker could exploit this vulnerability (being tracked as CVE-2023-37450) to achieve remote code execution. It has been reported that this vulnerability is being actively exploited, which means that attackers are currently using this security flaw to gain unauthorised access to systems, potentially leading to data theft, system damage, or other malicious activities. It is therefore imperative that you check and apply these patches as soon as possible.

Apple Rapid Security Response

Apple has rolled out a new protocol, termed Rapid Security Responses, to expedite the release of critical security enhancements in between regular software updates for iOS, iPadOS, and macOS. This approach allows for a more immediate response to certain security issues such as this one. Upon the application of a Rapid Security Response, a letter is appended to the software version number, indicating that the update has been implemented.

Who and What is Affected?

The vulnerability affects all devices running: iOS, iPadOS, and macOS Ventura that have not been updated to the latest security patches. This includes iPhones, iPads, and Mac computers. The exploit could be triggered by a vulnerable browser processing specially crafted (malicious) web content, leading to remote code execution.

How Can Attackers Exploit This Vulnerability?

Attackers can exploit this vulnerability by creating a webpage or web content that includes malicious code designed to exploit the vulnerability in Apple WebKit. They then need to trick the victim into opening this malicious webpage. This could be done through a phishing email, a message, or by compromising a website that the victim trusts and visits often. Once the victim opens the malicious webpage on a vulnerable browser, the malicious code is executed.

 

What Could Happen If This Vulnerability Is Exploited?

With the ability to execute arbitrary code, an attacker could potentially gain control over the victim’s device. This could allow them to install malware, steal sensitive data, create backdoors for future access, and more. In essence, the attacker could gain the same access to the device as the user, leading to a significant breach of privacy and security.

How to Patch This Vulnerability?

Apple has addressed this issue with improved checks in their Rapid Security Response updates. The patches were initially released for macOS Ventura 13.4.1 (a), iOS 16.5.1 (a), iPadOS 16.5.1 (a), and Safari 16.5.2. However, due to a bug in Safari, some of the updates were pulled. Apple has since released new fixes to address this issue.

 

To patch this vulnerability, users should update their devices to the latest software versions:

iOS 16.5.1 (a) and iPadOS 16.5.1 (a), released on July 10, 2023.

iOS 16.5.1 (c) and iPadOS 16.5.1 (c), released on July 12, 2023.

macOS Ventura 13.4.1 (a), released on July 10, 2023.

To check for updates, go to the settings of your device, select ‘General’, and then ‘Software Update’. If an update is available, tap ‘Download and Install’.

Connect the Classroom: Funded Wi-Fi For Schools

Connect The Classroom, Government funding for schools

The Connect the Classroom scheme is a government-funded program that provides funding for schools in eligible areas to upgrade their wireless network infrastructure. This funding can be used to improve the speed, reliability, and coverage of a school’s Wi-Fi network.

Just some of the benefits of the Connect the Classroom scheme include:

Faster and more reliable internet access:

A faster and more reliable internet connection can help students to access online resources more quickly and easily, and can also help to reduce the number of dropped connections during online lessons.

Improved collaboration:

A better Wi-Fi network can make it easier for students to collaborate on projects, and can also help teachers to deliver lessons that require students to work together online.

Enhanced learning experiences:

A better Wi-Fi network can open up new possibilities for learning, such as the use of virtual reality and augmented reality.

Improved Security:

Install the latest, most robust Wi-Fi network allowing you to take advantage of the best security solutions.

How to use the Connect the Classroom scheme

A school must be located in an Education Investment Area to be eligible for the Connect the Classroom scheme. Schools can apply for funding by submitting a proposal to the Department for Education. The proposal should include information about the school’s current Wi-Fi network, planned improvements, and the benefits the school expects to achieve from the upgrade.

How do I know if my school is eligible?

You can talk to your Planet IT Account manager, and we will find out for you, but basically:

All state schools in Priority Education Investment Areas (EIAs) are eligible to apply for funding.

Priority EIAs are schools in:

Blackpool, Bradford, Derby, Doncaster, Fenlands and East Cambridgeshire, Halton, Hartlepool, Hastings, Ipswich, Knowsley, Liverpool, Middlesbrough, North Yorkshire Coast, Norwich, Nottingham, Oldham, Portsmouth, Rochdale, Salford, Sandwell, Stoke-on-Trent, Tameside, Walsall, West Somerset.

Schools in other EIAs with an Ofsted rating below ‘Good’ are also eligible to apply for funding.

Other EIAs are:

Bedford, Bolton, Bury, Cambridgeshire, Central Bedfordshire, Cornwall, County Durham, Coventry, Darlington, Derbyshire, Dorset, Dudley, East Sussex, Isle of Wight, Kirklees, Leeds, Lincolnshire, Luton, Manchester, Norfolk, North Northamptonshire, North Somerset, North Yorkshire, Nottinghamshire, Peterborough, Plymouth, Rotherham, Sefton, Somerset, South Gloucestershire, South Tyneside, St. Helens, Suffolk, Sunderland, Swindon, Wakefield, Wirral.

Priority Education Investment Areas (EIAs)

Map & detail source, click here.

So, what do you do now?

The Connect the Classroom scheme is a valuable resource for schools that are looking to improve their Wi-Fi network, as essential for modern learning. The Planet IT Education Specialists can walk you through the process.

Here are the steps you can take now.

  1. Talk to your Planet IT Account Manager to start the process and check if your school is eligible.
  2. Discuss the best Wi-fi solution for your school.
  3. Secure your quote to include with your proposal to the Department for Education.
  4. Once approved, install the upgrades.
  5. Enjoy the benefits of a faster, more reliable Wi-Fi network!

 

The Cloud: Your Ticket To Growth Or Your Ticket To Extinction?

The Cloud: Your Ticket To Growth Or Your Ticket To Extinction?

The cloud is no longer the future of IT. It is the now of IT. Businesses that don’t embrace cloud computing are putting themselves at a serious disadvantage.

Here are just a few of the reasons why your business will be left behind if you don’t embrace the cloud:

  • You’ll be less competitive. Cloud-based businesses can be more agile and responsive to change. They can also scale up or down their resources as needed, which gives them a significant advantage over businesses that are still using on-premise solutions.
  • You’ll lose customers. Customers are increasingly demanding cloud-based services. If your business doesn’t offer these services, you’ll lose out on potential customers.
  • You’ll be more vulnerable to security threats. Cloud providers have a team of security experts who are constantly monitoring their systems for threats. On-premise solutions, on the other hand, are often more vulnerable to security breaches.
  • You’ll spend more money. Cloud computing can be more cost-effective than on-premise solutions, especially over time. This is because you only pay for the resources you use.

If you’re still not convinced, consider this: a recent study by McKinsey found that businesses that adopt cloud computing are more likely to grow their revenue by 20% than businesses that don’t.

So, what are you waiting for? Embrace the cloud and start reaping the benefits today.

Here are some specific examples of how businesses in the UK are being left behind by not embracing the cloud:

  • A medium-sized business in Swindon is struggling to compete with larger businesses that are using cloud-based marketing and sales tools.
  • A manufacturing company in Reading is losing customers because it can’t offer cloud-based customer service.
  • A financial services company in Oxford is at risk of a security breach because it is still using on-premise servers.

These are just a few examples of the many businesses in the UK that are being left behind by not embracing the cloud. If you don’t want to be one of them, then it’s time to start planning your move to the cloud today.

Don’t miss out on the benefits of cloud computing. Embrace the cloud and start growing your business today. Contact me directly if you have any questions – [email protected] or DM me on LinkedIn

Microsoft Azure vs OnPrem

Looking for a technology partner?
Let’s talk

  • This field is for validation purposes and should be left unchanged.