Posts

URGENT ALERT: Papercut Vulnerabilities

PaperCut Vulnerability

Two vulnerability reports were recently made public regarding high/critical severity security issues in PaperCut MF/NG. (Latest update May 9th)

It has been observed that multiple threat actors including nation states are exploiting unpatched servers in the wild.

While initial attacks were targeting critical infrastructure (primarily in the US), current threat actor activity appears to be more opportunistic, affecting organisations across various sectors and geographies. We are aware that this has become a particular threat to the Education sector here in the UK.

The first vulnerability is a ‘Remote Code Execution vulnerability’.

This allows an unauthenticated attacker to get remote code execution on a PaperCut Application Server. This could be done remotely and without the need to log in.

papercut hack

The second vulnerability is a ‘User account data vulnerability’.

This allows an unauthenticated attacker to potentially pull information about a user stored within PaperCut MF or NG – including usernames, full names, email addresses, office/department info and any card numbers associated with the user. The attacker can also retrieve the hashed passwords for internal PaperCut-created users only (note that this does not include any password hashes for users sync’d from directory sources such as Microsoft 365 / Google Workspace / Active Directory and others). This could be done remotely and without the need to log in

As more threat actors begin to exploit these vulnerabilities in their attacks, organisations are strongly urged to prioritise applying the updates provided by PaperCut to reduce their attack surface:

URGENT | PaperCut MF/NG vulnerability bulletin (March 2023) | PaperCut

It is essential that you act on this immediately. If you’re not sure what to do, or if you think you may already be a victim, call the Planet IT security team now: 01235 433900

 

Can’t wait to integrate ChatGPT into your business processes? …actually, here’s exactly why you should wait!

ChatGPT for business

You can’t escape it. It’s all over the news and social media about this sudden wave of improvements in LLM (Large Language Models) or as most people know them at the moment Chat-GPT! 

Every large tech firm is rushing to integrate these technologies into their products with Microsoft launching co-pilot and Bing with Chat-GPT integration. Google is launching AI lead improvements to Workspace and Facebook accidentally leaked the source code to their LLM. 🤦‍♂️

With all of this going on you would expect that these products are at least secure and pose no risk to the users, businesses or the general public. And while I am wholly in favour of improvement to AI and ML, we must consider the risks these LLM pose as they begin to become part of everyday life. 

What are you talking about?

I should start by covering what an LLM is. Well in the words of Nvidia “A large language model, or LLM, is a deep learning algorithm that can recognise, summarise, translate, predict and generate text and other content based on knowledge gained from massive datasets.” To most of us what this means is that a system can take input in human language, not machine code or programming language and can then complete these instructions. Now, this can be as simple as how do you bake a cake. Or you can ask it to write an application that will convert files to pdf and upload them to an FTP server based on the IP address x.x.x.x and write an output file for me to show completion, in C++. The LLM will then go away, compute the question against the information it has been “taught” and will then come back with an answer.

chatgpt plus

 There are a few things we should all be aware of with LLMs as they stand today, these limitations are present but not always obvious. 

  • LLMs are driven by the dataset they have and may have complete blind spots to events if they occur post the data set provided, i.e Chat GPT (GPT-3) is based on a data set from 2021. So if you ask it about the F1 teams for 2023, it will either throw an error or will simply give you information it “generates” from the information it has been fed.
  • LLMs can therefore “hallucinate” facts and give you a completely incorrect answer if it doesn’t know the facts or if the algorithm works itself into a situation where it believes it has the right information.
  • LLMs are power-hungry. They need huge amounts of computing power and data to train and operate the systems.
  • LLMs can be very biased and can often be tricked into providing answers by using leading questions making them unreliable.
  • The largest risk is that they can be coxed into creating toxic content and are prone to injections actions.

Therefore the biggest question remains what is the risk of introducing an LLM into your business workflow? 

With the way that LLMs work they learn from data sets. Therefore, the potential risk is that your business data inside applications like Outlook, Word, Teams or Google Workspace is being used to help develop the LLM and you don’t have direct control over where the data goes. Now, this is bound to be addressed over time but these companies will 100% need access to your data to move these models forward so limiting its scope will have an impact on how they develop and grow. Microsoft and Google will want to get as much data as possible. 

As such you need to be careful to read the Terms of Use and Privacy Policy of any LLM you use. 

Other Risks

This one is scary, and it increases as more organisations introduce LLMs into the core workflow, is that queries stored online may be hacked, leaked, stolen or more likely accidentally made publicly accessible. Because of this, there is a huge risk of exposing potentially user-identifiable information or business-related information. 

We should be aware of the misuses risk that also comes from LLM with the chance they will be used to generate more convincing phishing emails, or even teach attackers better ways to convince users to enter into risky behaviour. 

openai

The final risk that we should be aware of is that the operator of the LLM is later acquired by a company that may be a direct rival to yours, or by an organisation with a different approach to privacy than when you signed up for the platform and therefore puts your business at risk. 

As such the NCSC recommends

  • not to include sensitive information in queries to public LLMs
  • not to submit queries to public LLMs that would lead to issues were they made public

At this point, Planet IT’s recommendation is not to integrate the new features from Microsoft and Google into your business workflow. Certainly not until proper security and data controls have been implemented by these companies and the risk of your business data being used as sample material to teach the LLMs is fully understood. These are emerging technologies, and as we continue to see change at Planet IT we are monitoring everything very carefully to understand how it will affect the security and data compliance of your business. 

More information from the NCSC can be found here : https://www.ncsc.gov.uk/blog-post/chatgpt-and-large-language-models-whats-the-risk

If you want to talk to one of our experts about how we can help you with your security and understanding of LLM then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

IMPORTANT!!

This article was NOT written by ChatGPT. It was written by this ChapJPD (James Peter Dell)

Cloud Security Assessment Checklist: Protecting Your Business in the Cloud

cloud security checklist

Just because your data is in the cloud, that doesn’t mean it’s secure.
What???

I know many people believe that because they use Microsoft Azure, AWS or GCP, and big tech have their own security measures in place, that means you are safe, right? It doesn’t!!

In order to protect your sensitive information and comply with industry regulations, you need to perform a comprehensive security assessment of your cloud infrastructure.

Here is our recommended cloud security assessment checklist to help you ensure that your cloud environment is secure:

Access Management

Access management is one of the most critical components of cloud security. You need to ensure that only authorized users have access to sensitive information and systems. This can be achieved through the implementation of strong authentication methods such as multi-factor authentication, the use of secure password policies and even better, biometric authentication.
Additionally, it’s important to regularly review and audit your access logs to detect any unauthorised access attempts.

MFA

Directory Service

Directory services play a crucial role in cloud security by providing centralised authentication and authorisation for your cloud environment. A robust directory service will allow you to manage user accounts, passwords, and permissions in a secure and scalable manner. Ensure that your directory service is properly configured and that it integrates seamlessly with your access management solution.

Data Loss Prevention and Backup Policies

Data loss prevention is critical in protecting your sensitive information in the cloud. Implement a comprehensive data loss prevention strategy that includes the use of encryption, data backups, and disaster recovery solutions. Ensure that your data backup policies are regularly tested and updated to ensure that your data can be recovered in the event of an unexpected outage or disaster.

Rely on a Security Team

This is key. A dedicated security team is essential for ensuring the security of your cloud environment. This team should be responsible for the implementation and management of your cloud security solutions, as well as for performing regular security assessments and audits. Whether in-house or outsourced, make sure that your security team has the necessary skills and experience to keep your cloud environment secure.

Encryption

Encryption is an essential component of cloud security. Encryption can protect your sensitive information from unauthorised access, even if it falls into the wrong hands. Ensure that your data is encrypted both at rest and in transit, and that your encryption keys are properly managed and protected.

security updates

Security Updates

Often overlooked, updates are critical for keeping your cloud environment secure. Regularly update your cloud infrastructure and security solutions to ensure that you are protected against the latest threats. Stay up-to-date with the latest security news and vulnerabilities to ensure that you are prepared for any potential security incidents.

Monitoring

Regularly monitor your cloud environment to detect any security incidents or threats. Ensure that you have the necessary tools and processes in place to quickly respond to any security incidents, and that your security team is properly trained and equipped to handle them.

In conclusion, the cloud is an essential component of modern business, but it also presents a unique set of security challenges. By following this cloud security assessment checklist, you can ensure that your cloud environment is secure and that your sensitive information is protected. Keep this checklist handy and regularly assess your cloud security to ensure that you are always protected.

Ignorance is not bliss. Why Are Some Businesses So Reluctant To Embrace The Cloud?

Why are businesses so reluctant to adopt the cloud?

Cloud computing is the future of business. I argue that it is very much the present too. The cloud benefits organisations to become more agile, efficient, and cost-effective.

But why are some companies still hesitant to join the party?

Is it the cost? Is it a lack of understanding?

Ok, Let’s call out the elephant in the room: security and privacy concerns.

Yes, security breaches make headlines, but the truth is that cloud providers have heavily invested in security measures.

This includes encryption, firewalls, and multi-factor authentication. However, many businesses are still sceptical about the effectiveness of these measures and worry that their data could be vulnerable to cyberattacks.

So, I’m going to call the cloud providers out on this. Just because your data is stored on the cloud, and despite their valiant efforts, the reality is that you still need 3 party security solutions in place to safeguard your business data. But any responsible IT manager or business leader will appreciate this is a modern business need anyway.

Another reason for the reluctance to adopt cloud computing is privacy. Many businesses are concerned about the privacy of their data, particularly in light of recent privacy scandals. They worry that their confidential information could be accessed by unauthorised third parties, either by accident or through malicious intent.

But it’s not just security and privacy holding companies back. Many simply don’t understand the cloud. And that’s understandable. But ignorance is not bliss in the digital age. The businesses that seize the cloud advantage will leave their competition in the dust. Access to cutting-edge tech, scalability, and improved collaboration – the benefits of the cloud are too good to pass up.

So, to the companies still on the fence about cloud computing: don’t be left behind. Embrace the future and take your business to the next level.

Cloud computing is the answer to your digital needs – embrace it and thrive.

The future of Cyber Security for… BUSINESS LEADERS

the future of cybersecurity for business leaders

The future of cyber threats impacts both IT managers and business leaders, but with different priorities and approaches. While both groups recognise the importance of securing their organisation’s digital assets, they have different perspectives on the impact of these threats on their respective roles.

I have written 2 articles. Both on the topic of looking at the future of the cybersecurity landscape, but this post is from the BUSINESS LEADERS, OWNERS, MANAGING AND FINANCE DIRECTORS  point of view.

If you’d like to see my take on what IT MANAGER or IT DIRECTOR‘s need to be aware of, then CLICK HERE.

The Future of Cybersecurity.

Cyber threats are becoming increasingly sophisticated and persistent, posing a significant risk to businesses of all sizes. Business owners, managing directors, CEOs, and financial directors, be Aware! It is crucial to understand the future of cyber threats and take the necessary steps to protect their organisations from devastating cyber attacks.

  1. Cost of a Cyber Attack. A successful cyber attack can have devastating consequences for a business. This includes loss of sensitive information, damage to brand reputation, and financial losses. The cost of a cyber attack can run into hundreds of thousands or even millions of pounds. In many cases, even force a business to close its doors permanently.
  2. Targeted Attacks. Businesses are increasingly becoming targets of cyber criminals who are looking to exploit vulnerabilities in their systems for financial gain. These targeted attacks are becoming more sophisticated, and businesses must be proactive in their approach to cybersecurity to stay ahead of the threat. The naive days of “Why would they want to hack us?” are long gone. Any business is a target. 
  3. Cloud Computing. The widespread adoption of cloud computing is changing the way businesses operate. It also presents new challenges in terms of cybersecurity. Businesses must ensure that their cloud environments are secure, and that sensitive data is protected from cyber threats.
  4. Human Error. Now this is a big one! Human error is a leading cause of cyber attacks. Your people are and are always likely to be your weakest link. It is crucial for business owners to educate their employees about the importance of cybersecurity and best practices for keeping their systems and data safe.

In conclusion,

The future of cyber threats and cybersecurity is uncertain, and businesses must take proactive steps to protect themselves. From the cost of a cyber attack to the risks posed by cloud computing and human error, it is crucial for business owners to understand the potential consequences and take the necessary steps to secure their organisations. By implementing robust security measures and staying informed about the latest threats and trends, businesses can mitigate their risk and protect themselves from the devastating consequences of a cyber attack.

The future of Cyber Security for… IT MANAGERS

the future of cybersecurity for it managers

The future of cyber threats impacts both IT managers and business leaders, but with different priorities and approaches. While both groups recognise the importance of securing their organisation’s digital assets, they have different perspectives on the impact of these threats on their respective roles.

I have written 2 articles. Both on the topic of looking at the future of the cybersecurity landscape, but this post is from the IT MANAGER or IT DIRECTOR‘s point of view.

If you’d like to see my take on what BUSINESS LEADERS, OWNERS, MANAGING AND FINANCE DIRECTORS need to be aware of, then CLICK HERE.

The Future of Cyber Threats for IT Managers

Cybersecurity has become a critical issue for companies and organisations of all sizes. Obviously, it is essential for IT managers to stay informed about the latest threats and trends in the field. In the coming years, the landscape of cybersecurity will continue to evolve, and IT managers must prepare to face new and emerging challenges.

Here are some of the key trends and predictions IT Managers and Directors need to know for the future of cyber threats.

  1. Artificial Intelligence (AI) and Machine Learning (ML). AI and ML technologies are becoming increasingly popular, and these technologies will also be used by cybercriminals to carry out attacks. AI-powered malware and bots will become more sophisticated and difficult to detect, making it crucial for IT managers to implement advanced security measures and stay up-to-date with the latest developments in AI and ML security.
  2. The Internet of Things (IoT). The widespread adoption of IoT devices will continue to grow, but the security of these devices is a major concern. Cybercriminals will target IoT devices to gain access to networks and sensitive data, and IT managers must take steps to secure these devices and ensure they are not vulnerable to attack.
  3. Cloud Computing. Cloud computing is becoming more prevalent, we know that. And as a result, cloud security will become a top priority for IT managers. Cloud-based systems and data are vulnerable to attack, and it will be crucial for IT managers to implement robust security measures to protect their cloud environments.
  4. Ransomware. Ransomware will continue to be a major threat, and the number of ransomware attacks is expected to increase. IT managers must take steps to protect their systems and data from ransomware attacks, and also have a plan in place for responding to and recovering from an attack.

In conclusion,

The future of cyber threats is uncertain, but IT managers can prepare themselves by staying informed and implementing the latest security measures. The use of AI, IoT devices, cloud computing, and ransomware will continue to present new challenges for IT managers, and it is crucial that they stay ahead of the curve to protect their organisations and data.

2022 – The Big Technology Winners & Losers

technology winners

As some of you might know, once December comes around, I sit down and take a lookahead at the at the technology that I believe will shape our year.

That article will be released the first week of January so watch this space…

Before that though, I always think it’s a bit of fun to look back at the last 12 months and see how right or wrong my predictions last year actually were.

In a change from previous years, 2022 technology landscape wasn’t as dominated by COVID-19. Instead, we were impacted by other unforeseen challenges such as the war in Ukraine, disaster mini-budgets and the loss of our head of state.

Because of this, some of our forecasts were slightly delayed, but overall, our predictions were pretty spot on. I won’t go into the detail again, but if you want to review our 2022 predictions, click here.

But now, using the powerful tool of hindsight, who exactly were the winners and losers of 2022?

 

Winners

 

Public Cloud

Once again, it has been a huge year for all things cloud technology. IaaS, SaaS, PaaS have, as predicted, accelerated to a new high, despite the critics in the market saying they are unaffordable.

Our customers have moved to the cloud in mass. The key for everyone has been looking at the workload and refining it to be cloud ready. If this is achieved, then workloads are streamlined, and the cloud is undoubtably a success.

The other interesting side effect of the success of public cloud is that the big server producers are all coming out with Hybrid cloud products. This is focused on keeping them in the game for a few more years, with products that allow easy workload migration to the cloud, cross scaling and targeted cloud leverage.

This will only continue in 2023, but my takeaway from it all is that the writing in now on the wall for the traditional server and storage world. HCI and owned equipment for servers is not far behind it.

cloud computing

 

Working From Home

The big companies of the world (mainly in finance) tried to tell us working from home was going to die off in 2022. Did they really believe people would flood back to the office?

This of course did not happen. WFH is here and it’s here to stay, with the focus for IT being on flexibility. The modern employee wants the chance to work where suits them. We are now able to tap into a globally connected market of extremely talented people who have previously been excluded from roles due to geographic location.

With Teams, Zoom, Slack and all the other tools at our fingertips, there is now no reason to not allow complete working flexibility and allow a better work life balance.

This is something that we at Planet IT have openly adopted. Without a doubt, this has seen an increase in people’s overall wellbeing and general approach to work has only gone from strength to strength.

Linux in the Mainstream

Stop right there! STOP!

Before all the IT people of the world lynch me and say “Linux has always been…..” or “Linux is the greatest operating system…..” I am in no way saying that Linux hasn’t been a very viable business operating system for the last 10 years.

Ubuntu as a distribution has been very user friendly and, for a while, even companies like Dell thought it was the future of the desktop consumer OS. Then ChromeOS came along and diverted their attention.

What I am saying is that in 2022, we saw the release of hardware running dedicated builds of Linux which are finally disrupting the market. One of these devices was the Valve Steam Deck, which was so popular this year that pre order took 11 months to fulfil.

However, the key for me is the story behind the hardware which is an operating system free from license costs. This overcomes some of the core challenges Linux has had in the past, compatibility. With this move and Apple’s move in opposite direction, 2023 looks set to be the year more business adopt the platform.

Let’s be honest, most cloud platforms are built around Linux anyway, so it only makes sense!

 

 

Losers

 

Private Datacenters

Déjà vu?

Last year, I said the coffin was ready and that we were about to hold the final goodbye for the private DC. I was pretty spot-on in fairness.

Even though a few hold outs tried to sell a revolutionary approach to private cloud, the final nail in the coffin was the energy crisis. Costs increased and private datacenters had to increase charges to customers. Meanwhile, AWS, Google and Microsoft simply swallowed most of the cost. This left most customers the choice between turning kit off or moving away.

There will always be a place for niche private datacenters for specific use cases, but for 95% of business’ the cloud is the future.

 

Meta

Having an extensional crisis about what the Metaverse is and what their products mean, Meta (previously Facebook) have struggled this year. Loosing revenue from adverts, losing ground to other platforms and heavily investing in Quest and the Metaverse which most people remain skeptical about anyway.

This shift has seen the company slip in its standing and become a bit of an outlier. This alongside a shift by Gen X and Y to TikTok and other faster social platforms is leaving Facebook and Instagram looking dated and doomed to be the next Bebo or MySpace (Sorry Tom!).

Many will say this is a good thing. The power in the hands of these super tech giants with everyone’s data makes governments and individuals nervous. So maybe a few of them shrinking may not upset too many.

P.S I won’t talk about Twitter in this section … because by the time you read anything I put about Twitter, Elon will have made huge changes, maybe renamed or deleted the platform and it will certainly be out of date! 🙂

SaaS Security

Surprised to see this in the technology loser section?

Security, is so important. It is even more important when you’re a company like Last Pass who recently suffered a data breach. They are the last in a long line of companies whose platforms have been compromised in 2022. Therefore, we cannot but think that maybe these big companies need to take platform or software security a little more seriously. This is a common trend and definitely hits my loser list because it shows how even the biggest companies can faulter.

Do better next year big tech, please!

 

The Lightning port

Why!!!??!

Its 2022! Why am I still talking about a micro connector that replaced a 30 pin USB 1 standard?

I will tell you why… because finally the EU has stood up to Apple and told them to get rid! 2022 will be the last year that a £1,400 device comes with a connector which cannot provide fast charging, cannot offer fast data transfer and is proprietary!

Long live USB C or well USB 3.2 or USB4 or Thunderbolt 3 or 4, whatever the standard, just use the same port for a couple of years. This will certainly allow me to cut down on the number of cables I hold onto!

lightening port

Conclusion

2022, like 2021, and 2020, was a year of change. Technology moves at a lightening pace (except, erm, the lightening port). We had some big winners, some little winners but overall, tech developments are moving quicker than ever. While Moore’s law may be starting to fail, the ability of technology companies to innovate is not.

Do you agree with our technology winners and losers list? What tech impressed you this year? Or what did you see crash and burn?

Comment on my post or DM me on LinkedIn, or email me directly on [email protected] if you would like to debate our choices or even talk about how the Planet experts can help you in 2023

 

WEBINAR RECAP: Ransomware in the real world. Is your IT Department ready to be attacked?

Ransomware in the real world

Last week, we hosted a Webinar to ask businesses if their IT department is really ready for a ransomware attack.

Over 50% of businesses will be victim of Ransomware in 2022, and the average bill to rectify an attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more… will be over £1.3m!

Did you miss it? Or would you like to watch it again? Well, the good news is that we recorded it and you can check it out here:

 

Your Questions, Answered.

A sign of a good webinar is the quality of the questions asked at the end. We had too many questions to be able to answer them all in the time allowed so James and Kosta have answered anything we didn’t have time for during the session.

Remember, if you you would like to find out more about Sophos MTR, have any questions around cybersecurity or need advice for your IT team, please reach out to James directly, [email protected], or call one of the team 01235 433900

 

What about false positives within Powershell and ps1 files, repositories like PSGet, NuGet etc – these constantly get flagged in our org with Defender Endpoint!

We would suggest if these are trusted internal tools they should be excluded from Scanning based on their HASH values or path. If these are dynamic libraries then in Sophos central we would create a policy for staff allowed to use these system tools and restrict all other user access to these tools.

 

How much Sophos will be responsible in case of a Ransomware attack?

If your business only has the Sophos Endpoint products, firewalls or email products in the case of an attack Sophos will provide remote support but hold no responsibility as the configuration and management of the platform is the responsibility of the business. However if the MTR service is in use then the business does have a level of protection from Sophos and the remediation services are covered under your contract.

 

How do we get the board to take cybersecurity seriously? We’ve covered the basics in terms of controls, but anytime I try to increase budget to add additional controls – it gets pushed back.

The best option to get senior management / board to take ownership of cyber security and cyber insurance is to use the scare factor of examples like our cyber victim where all senior management, directors and the board where removed from their posts under gross negligence as part of the work that took place to recover the business. Many of these have struggled to get new roles following the merger of the business because of the legacy association with such a large scale failure.

Michael Davey

What are the biggest cybersecurity threats right now?

The biggest threat remains ransomware and this continues to appear in different forms and flavours but ultimately the goal remains the same and that is to disrupt system usage.

 

Am I spending enough, appropriately on information security-related tools and controls? (Is there a network security or information security tool I should buy?)

There is no golden figure for how much to spend on protection but what you need to do is take a risk based assessment on what protection you have in place and make sure you are covering the full stack and have a solution in place for every risk in the system.

 

Not convinced that cyber insurance provides any real cover

Cyber Insurance is only going to work for you and your business if you have the right tools in place to protect the business in the first place as with car insurance they wont pay out if you are negligent , it is up to you and your business to make sure you have the correct protection in place.

 

Who would you recommend in terms of cyber security insurance providers?

We don’t directly recommend providers.

Cybersecurity health check

If you have someone in your team who is a disgruntled Employee and may be leaving the company and they leave a logic bomb on your network without you knowing it would Cyber Security Insurance cover this or would it then be void as its happened within your own team? What would be the legal response to this?

This is a very loaded question. In most cases, Cybersecurity Insurance will protect against this provided you have all other requirements in place. If however this disgruntled employee was part of your security team, that may raise questions around your employee vetting process and you may need to lean on your employee terms and conditions, specifically your computer misuse act should you need to follow up with legal proceedings.

 

Is the standard Sophos Endpoint not enough either?

We would recommend Sophos Intercept X as a minimum for protection in 2022.

 

Are there any courses that you would recommend for Cyber Security specialisation?

We would recommend you look at CISSP and then anything linked to business solutions you have in place.

 

Are the MTR team UK based?

Sophos MTR is a global follow the sun team. There is a UK team as part of this but to enable truly 24/7 support this is covered by a global team.

 

How do we get the board to take cybersecurity seriously? We’ve covered the basics in terms of controls, but anytime I try to increase budget to add additional controls – it gets pushed back.

The best option to get senior management / board to take ownership of cyber security and cyber insurance is to use the scare factor of examples like our cyber victim where all senior management, directors and the board where removed from their posts under gross negligence as part of the work that took place to recover the business. Many of these have struggled to get new roles following the merger of the business because of the legacy association with such a large scale failure

 

For us, the major deficiency we see today is not with attacks via known end points or servers but the chances of unknown devices being attached to our networks. This is an area which I feel very few companies or vendors are addressing well and cost effectively so I’d love to know if this is an area you guys both Planet and Sophos are investigating/investing in?

There are a number of NAC product’s that have surfaced over the years to try and fill this gap. What we are seeing the the solution for most business now is to terminate all VLAN’s on the firewall and use the synchronised security aspects of the Sophos XGS firewall to remove unwanted network traffic in controlled sectors, with only trusted devices being able to route traffic.

 

Is webinar recorded?

Yes, you can watch it here: https://youtu.be/qLPPw4kndy4

 

 

Please don’t tell me it’s Window’s Defender!

windows defender

Cyber-attacks happen and are increasing in frequency. Certain sectors are naturally susceptible to these attacks; banking, government, healthcare, and energy sectors will always be targets due to the nature of what they do. But did you know that the Education sector is also very high up the list?

Around 20% of all educational institutions have been specifically targeted by cyber criminals, and a MASSIVE 83% of UK schools had experienced at least one cyber security incident. There are many other scary statistics that can be quoted, and you would think that with this information being readily available for review, schools and other institutions would take cyber security seriously; you would think wrong.

 

It’s just not good enough

Here at Planet IT, we have many dealings with the education sector, whether that be providing fully managed support, running security health checks or just the facilitating the procurement of specific classroom hardware, we have seen how vulnerable a lot of school environments are. We talk to schools daily and something that keeps coming up is the widespread use of Microsoft Windows Defender as the sole endpoint security solution. Something else that keeps being apparent on most calls we join is that the on-site IT team are too busy being reactive and fighting fires to spend the time being proactive and looking at the bigger picture.

Microsoft Windows Defender is a consumer-grade antivirus that is native to Windows 10 and comes preconfigured. There is an anti-ransomware element to it, but the testing we have done in the past shows that it is not capable of detecting most live ransomware threats:

education Vulnerabilities Found

So, what should you do?

Well, you should start with an industry-leading endpoint / server security solution such as Sophos Intercept X Advanced which will detect ANY Ransomware attack using the CryptoGuard element (this detects any file encryption attempts and rolls them back using Windows Shadow Copy if any encryption has started by the time it is stopped). This combined with the award-winning Endpoint Protection / Server Protection means that your endpoints and servers would enjoy a very high level of cyber security protection.

With any good security solution should come a good EDR product. EDR stands for Endpoint Detection & Response. This provides additional reporting and threat mitigation tools for your environment.

 

But does this really happen?

A real-world example that I have seen first-hand – we have a large private school as a customer. They were hit by ransomware which took down some critical file servers AND compromised the backups. With Sophos Intercept X Advanced with XDR (Sophos’ EDR offering), we were able to see that not only did Windows Defender not stop the ransomware from running but didn’t even detect it as a threat.

Also, with the recent Log4j vulnerabilities, and further back the Hafnium vulnerability, XDR was a requirement to investigate customers’ environments to easily check if they were open to attack due to these vulnerabilities. With Hafnium, XDR could report what hosts were vulnerable but also if they had been compromised and the location of the remote consoles that had been deployed by the bad actors. We at Planet IT saw at least 2 instances of Microsoft Exchange servers that had been compromised, and our job was made easier with XDR.

 

What if my team just don’t have the time to manage XDR.

The downside of adding XDR to Sophos Intercept X Advanced is that you need the resources to respond and investigate detected threats. Sure, Sophos Intercept X Advanced will of course detect and block any threats it comes across, but any advanced solution like this requires the time to configure and monitor to ensure you get the value from the product.

This is where MTR comes in; MTR (or Managed Threat Response) is a managed SOC (Security Operations Centre) provided by Sophos themselves, and will give 24/7 threat detection and activity reporting among many other benefits that are essential for any security conscious educational institution. With the Sophos MTR service, you can focus your time on ensuring your local infrastructure is running well safe in the knowledge that your Sophos environment is being looked after competently.

Planet IT recommends Sophos Intercept X Advanced with XDR and MTR Standard as the minimum level of protection for any educational institution.

Why the move to an OPEX budget model in education might be driving your business manager up the wall

Education OPEX Budget

For the longest time IT in education has been on a hamster wheel of improvements tied to the yearly capital bids cycle. IT managers rush to get improvement plans and strategy budgets in for their cut off, knowing all too well that 50%+ will be dropped before they even make it to governors. The other 50% won’t make it through the process.

This capital expense programme is built from the necessities of the past. IT infrastructure had typically been the second most expensive item on a schools books after the building itself. No school, college or academy in the past could afford to stretch it’s upgrades over the operational spend of the business unless they committed to long terms lease agreements or payment plans. While good intentioned, these plans often leave the organisation dragging upgrade cycles to 5 years plus rather than their natural 3 years.

With all the changes that 2020 and 2021 have brought, this model has to change, and the main reason for that is the cloud.

The Time For The Cloud Is Now

Now this is not some fantasy of a cloud lead future. This is the reality of a world leaving behind the need for a private datacentre or server room and pushing for the convenience, security and integrity of managed public cloud.

This however leaves a challenge for all of those who are in financial roles in educational establishments. The model of spend once, wait 5 years before investing again, will not and cannot continue to work. Modern IT is mostly based around the per month or per usage model. Think Microsoft 365 and Azure, one is based on your user count or usage count per month and the other is based on the real-world usage of the last 30 days.

 

education servers

But we used to spread the cost..?

Now on legacy, I will grant that you could have purchased Microsoft services on a campus agreement. However, that is asking you to look into your magic 8 ball and hope you guess the right amount of usage for the next 12 months and then pre purchase Azure credits to cover that. This is a massively inefficient approach and misses the key benefit of cloud services – flexibility.

In a real world example you would expect an educational providers usage on a cloud based IaaS (Infrastructure as a service) to look something like:
• September – December (Mild Usage)
• Jan – Mar (High Usage)
• April – July (Diminishing usage as students slowly drop off timetable)
• then late July – Aug (Very low usage)
Now if you are paying for this upfront you need to work out what your average monthly spend should be and then try and guess how much you need to cover this.

This just won’t work, you will either hit your campus agreement renewal needing to pay overages or hit the renewal with hundreds if not thousands of wasted pounds. With Monthly flexible billing you don’t have this issue, you get a bill for what you actually use, now if it’s a critical system you can reserve the instance and gain some savings, but you have the flexibility.

 

This is a new approach for us. How best to do it?

Back to the question in hand and how does your organisation cover these costs?
Well to start with, your business manager needs to change how IT is funded in the budget. Moving the value that would have been placed on an infrastructure refresh into operational spend. They then need to find a way to increase this pot by 5-15% a year to cover cost increases. Now there is still a need for the capital bid, but these should be used for laptops, switches and firewalls and not servers and server licensing. With this shift IT becomes less of a burden as the spend is predictable and you are not looking at £500k investments every 5 years, but instead £80k a year spend on cloud services.

education budget
I often get asked how we work with our education customers to move to the cloud and for me the approach is simple; it’s about understanding. So many business managers have endured years of the CAPEX process and are used to the funding model. What our job is as technical professionals is to illustrate the savings in cooling, powers, facilitates and security that a move to the operational model brings and then work from there to deliver the best experience for the organisation.

If you are an IT manager today about to enter capital bids season, then think like this; bid for the money for your big server replacement but don’t propose legacy equipment and designs. Engage with Planet IT and we can support you in submitting a CAPEX to OPEX bid a support your move to the cloud.

 

Need more help to get it right?

2022 will be the year that most businesses make a major jump to the cloud. Don’t allow your educational establishment to be left behind and looking for answers, we have successfully worked with a large number of educational providers over the last 18 years to modernise and improve their IT for the better, we can do that for you too.

If you want to talk to one of our educational team about how we can help you with your capital bids or moving to the cloud, then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

Looking for a technology partner?
Let’s talk

  • This field is for validation purposes and should be left unchanged.