Posts

Meet Emma Kerin, MSP Account Manager

(Reader, brace yourself 😬!!)

Emma, can you explain your Planet IT journey…?

My journey at Planet IT started in 2009 when I had just come out of college studying IT. Back then my job role was telemarketer, generating leads and writing them down on paper, Yes paper !!

6 months later and unfortunately the job just wasn’t for me, I say it was a mutual decision to leave, but Gav and Sean might think otherwise!

After going into various IT support roles, in 2015 I approached Planet IT as they were starting up their IT support department and I joined to onboard all new clients. Back then there was Mike, Sam B, Nick, Stefan and Rob in our fish bowl. Things were very different in those days, with fewer clients and far fewer staff staff! But it’s great to know I was part of that!

Planet IT were then awarded the contract to replace every device at Buckingham Palace, Windsor Castle and Kensington Palace and it was such a honour to be considered for this role.

I have always been passionate about customer experience and making sure clients are listened to and understood. Now, 9 years later I’m a MSP account manager which has allowed me to take all the knowledge and experience I’ve had over the last 9 years and really deliver the best service possible for our clients.

Planet IT Awards

You are excelling in your current role. Why do you think it suits you so well?

As I mentioned, I think it’s the variety of roles I’ve had and the touch points I’ve had with all the MSP clients.

A key part for me is having a partnership with my clients, I thrive on delivering and working together to get the best outcome.

What sort of clients do you like working with?

I like working with all types of clients, having a partnership and not just being their IT company. I like to have conversations and understand what makes them tick and not just talk about IT.

 

What technologies are making the most impact to your clients businesses?

Right now, Azure, Intune and sharepoint are making the biggest impact.

Emma and the Planet team in Dubai

What challenges do you face in your role?

I wouldn’t say there are many challenges, but the industry is constantly changing and sometimes it’s hard to keep up and make sure we are giving the client the right advice.

What is it like to work at Planet IT?

Planet IT is full of opportunities and there are always different paths to take if you show how passionate you are.

When things don’t go to plan we all work together to get through it.

 

You’ve been here quite a while, what is your favourite Planet memory?

Iceland Christmas party, I would never have experienced what I did without Planet IT.

Planet IT Support Team in Iceland

What makes you tick outside work?

Going to the gym, holidays and walking.

I also love having a good time and a drink or two…

 

If you were to give advice to a young person thinking of entering the world of IT – what would it be?

Do it! There are so many different areas and opportunities within IT. You don’t have to be in one role forever.

The Onion Approach to Cyber Security – Data Security Defence in Depth

Shrek image on the abstract onion background.

In Shrek’s words (Well, sort of), “Onions have layers. “Cyber Security” has layers… You get it? They both have layers.” He has a point!   

You may have heard of the term Defence-In-Depth. The principle is that the more “layers” of security, the better protected it will be from the threat actors who seek to affect your business, damage your workflow and disrupt your profitability. In the cyber security space, we often liken this approach to an onion, and I cannot liken anything to an Onion without seeing Donkey’s face as Shrek explains the principle of having layers! 

In this article, we’ll peel back the layers (pun intended) to understand why having multiple security measures is crucial for safeguarding our valuable data. Most importantly, how and why your business, regardless of size, needs to be taking the onion seriously and ensuring you’re not leaving yourself woefully underprepared.  

Having worked in the IT and Cyber Security space for over 15 years, I have seen first-hand the devastation, disruption and loss of business caused by a failure to take a layered approach to protection, so much so that I have even had the unfortunate pleasure of seeing well-established companies fold due to their lack of investment in cyber security.  

The “defence in depth” strategy emphasises creating multiple layers of security around various components in your IT environment. Let’s explore these layers and understand their significance. 

The Onion Approach To Cyber Security

Imagine an onion: it has concentric layers that wrap around its heart. Similarly, our data needs layers of protection. In this scenario, our data, our intellectual property, and our customers are the heart of our onion! However, we should consider the outside layers first, as they are the most vulnerable to the first attack. 

Planet IT and Sophos AI Cybersecurity event

People, The Human Layer (AKA The Human Firewall)  

In any business, the most significant risk to your data security is always your people. We are all human, we all make mistakes, and therefore, we all need the training to understand how to reduce the risk you pose to the business and how best to protect the system you use every day. I call this the Human Firewall, the largest surface and the easiest to harden and develop. However, this is usually the most underdeveloped across all the businesses you see that have suffered a cyber attack. To build this layer, you should; 

Implement strong Security Policies: Educate users about best practices, how the business expects them to interact with the systems and data and what could go wrong if they don’t. 

Have strong Business Conduct Guidelines: Promote security awareness by giving the staff all the training to correctly use the system and strong guidelines on what happens when you fail to adhere to the expectations. 

End User Training and Test: Test your users every month, train them every six months and don’t always use the same training and testing. You should have strong Phishing training, cyber security and data protection training in place that should involve regular assessments, training and re-evaluation. Don’t allow complacency. 

Comply with Local Regulations: Ensure that your staff know the regulations and expectations of your operational locations, be that EU, UK, US or any other regional regulation; now, knowing is not a justification! 

Physical Access: Locked Rooms and Restricted Areas  

It goes without saying that the physical protection afforded to any office, data centre, server room, or workspace is critical to the implementation of reasonable security standards. It is also critical when we think about how we stop the bad actors from gaining entry to well-digitally protected systems. This is often an area where IT teams pass off the reasonability to facilitate or disregard interest in site management, but this should never be the case. 

Secure physical spaces prevent unauthorised entry. You need to ensure that every server room door is locked, that all data centres have restricted access, and that access control mechanisms are deployed around your business with the correct level of entry and authority for all users, roles and responsibilities. This should be paired with CCTV and a valid security system. 

Pharma IT Support

Network Security: Fortifying the Digital Perimeter  

This usually is where most IT professionals and business owners think cyber security starts and ends. This is simply not true. This is a big part of the puzzle, but at this point, we have already broken through two layers of the onion, and we are dangerously close to risking it all.  

You need to consider the breadth of the solutions you choose when it comes to this layer, as we need to cover all points of ingress or lateral movement and not just consider the edge of the network. We will often see people think about the edge too much, forgetting the dissolving edge following the pandemic and moving to remote and hybrid work. 

Local Area Networks (LANs): Secure switches, routers, and firewalls; this is the physical network. I would expect to see a robust firewall or SASE solution tied into a single well-respected vendor for switching with your internet provider in most cases offering you a robust router which is secure and outside of your DMZ and the direct risk profile of your business. 

Wireless Networks: WIFI, it is all about Implementing strong encryption and access controls. You need to ensure that your WIFI does not allow access to business systems or devices that are not trusted. In this regard, you should use a well-known vendor, have at least user-based authentication, separate SSIDs for staff and guests, and have appropriate ACLs in place backed by your LAN. 

Intrusion Prevention Systems (IPS): In most cases, this will sit on your firewall and detect and block suspicious network activity. However, when you move into the medical, pharma or bio-medical space then, you need to consider that you may require IPS internally in your network also to prevent insider lateral spread. 

Remote Access Servers: There is always a case where someone needs to gain access to the system for legitimate reasons from outside your business. Implementing a tool like Azure Virtual Desktop or Windows 365 to provide secure and controlled access is critical. 

Network Operating Systems (OS): If you want to be protected, you need to keep them updated and hardened. It goes without saying that if you are an ISO 27001, Cyber Essentials or CE Plus certified business, then this should be second nature to you. Once a device loses support from a vendor, this is a risk and must be removed from the system. There is no excuse for running a legacy operation system in 2024; you can use tools to virtualise legacy platforms, isolate them from the network and remove the underlying OS risk. 

Voice Security: Protecting Communication Channels 

This is often forgotten about. IT professionals on legacy will have passed the phone system to a 3rd party or another team. However, with the integration into tools like Teams, this becomes a thing of the past. 

Private Branch Exchange (PBX), Voice Gateways and Voice Mail Services: Secure legacy phone systems by removing them from your core network and placing them on ACL-controlled VLANs with restricted access and locked-down ports. Using a solid network that uses Voice VLANS can go a long way to removing this risk. If your phone provider doesn’t know about this or how to do this, then they are stuck in the past. Security is key. All of this still applies if your phone system is hosted or running on someone else’s physical kit. 

Unified Communication: Secure real-time communication with relevant user controls, physical restrictions and tools like conditional access and multi-factor authentication (MFA/2FA). You do not want a bad actor making calls from your platform and tricking your customers into thinking it’s you. 

Endpoint Device Security: Covering All Devices  

One of the most significant devices you own will be lower risk. Most, if not all, will have a strong Anti-virus and Anti-malware product in place that contains a Zero Trust approach and offers real-time protection. But this goes beyond simply slapping anti-virus products onto your laptops. 

Printers, Scanners, Desktops, Laptops, Tablets, and Smartphones – each device needs protection; this should be two-fold. It should be enrolled into an MDM, restricted on the network in terms of its access and then protected by your AV tools and, if you can, protected by a 24/7 Managed Detection and Response service.  

Planet IT Cybersecurity Team

Server Security: Safeguarding the Heart of IT 

Then we get to the core of it, where your data sits and where the risk is highest. This applies if you are on-premise, in a data centre or in the cloud. You need to manage the risk and ensure that the core functions and protection and that you maintain good heart health! 

Operating Systems (OS): Regular patches and security configurations. As I said above, this goes without saying. You need to have the protection in place, and this starts with regular patching. Even a 24/7 business needs to have downtime windows to ensure systems and patches are up to date. If you can’t do this then the architecture of your environment is wrong, and you need to look at role load balancing and expanding your operational system to allow for proper updates and patching. 

Applications: You need to know not only what you are running but also who it is from, and when developing internally, use secure coding practices. Applications tend to be the weak link on a server and often are the gateways that threat actors use to enter a system. Having a regular patching cadence and reviewing who you are buying applications from is critical. 

Databases: If you are storing data, it should have encryption, access controls, and auditing as a minimum, with the protection that is afforded to the data being as high as it can be without implementing tooling that prevents data access. 

Why the Onion Approach Matters 

Hardening the Target: By forcing intruders to navigate multiple security controls, we make it harder for them to reach our data. This will prevent them from getting the easy win. The more we can build breadth and depth in our defence, the less risk you have. 

Risk Management: Balancing both security and performance is crucial. Too restrictive security affects flexibility, while leniency invites risks. However, no one has stood following a breach and said, “We had enough protection”, so look at the risk profile and really understand if you think you can accept a risk and how likely it is that a threat actor will see that risk as an open door. 

Acceptable Risk Level: Evaluate the impact of vulnerabilities and the probability of events. The onion approach helps find the right balance but is not the complete answer. You will need to review, access, develop and grow your business. 

In the complex realm of IT security, thinking of cyber security like an onion can guide you. Look to build layer by layer to develop a robust defence strategy and ensure your data remains safe. 

So, embrace the onion approach—because cybersecurity is complex, just like Ogres, and at the end of the day, it’s for protecting what matters most. 

Remember, security is a journey, not a destination, so keep building those layers! 

If you want to talk to one of our experts about how we can help your business secure itself and the benefits the Onion approach could have for you, please call 01235 433900 or email [email protected]. If you want to speak to me directly, you can contact me via DM or at [email protected]. 

The Cyber Observe Orient Decide OODA and Act Framework

HOW TO FIND YOUR 365’S DATA RESIDENCY AND WHY IT IS IMPORTANT

Data imagePlanet IT

As digital transformation continues to reshape every industry, it’s important to understand the often-overlooked concept of Data Residency as it has wide-ranging implications for any business.

Data Residency refers to the physical or geographic location where an organisation’s data is stored at rest. The location of an organisation’s data presents certain legal and compliance implications. For this reason, it is essential to have a clear understanding of the concept to ensure the privacy, compliance and security of personal and business data.

Businesses must comply with regulations and failing these regulations can cost hefty fines, a loss of reputation and customer trust.

What is Data Residency?

As mentioned, data residency is a physical and/or geographical location where an organisation’s data is stored. This includes on-premises, in the cloud or in a remote data centre which poses certain legal and compliance implications. Below is an explanation of Microsoft Cloud location storage.

Microsoft separates your Office 365 Data into seven categories, detailed below:

Separated Office 365 Data into seven categories,

Microsoft separates your Office 365 Data into seven categories.

When possible, Microsoft will store your Office 365 Data within the country of your business’s operation. If Microsoft does not operate in that country, it will be stored in the closest Microsoft data centre available.

Most Microsoft 365 customers will be eligible to purchase the “Advanced Data Residency(“ADR) add-on which allows greater control and flexibility of your DR. This will allow you to store data in set regional data centres such as UK West, Instead of UK South. The main feature of this add-on is the ability to control purview-controlled data and its data residency location. You can mark data through sensitive labels and determine the location of its storage. It is a great feature for businesses operating in the UK and the EU!

Where is your 365 Data stored?

To see your current DR you will need to access the Microsoft 365 Admin Portal (Admin.Microsoft.com). On the left-hand pane select “Show more” then drop down the “Settings” option. Select “Org Settings” and on the top row “Organization Profile” then select Data Location.

Where is your data stored?

Dashboard of Microsoft 365 Admin

Where is your Microsoft Exchange Mailbox Data Residency stored?

Different user Mailboxes can be stored on different exchange servers. For example, your Exchange DR might be in the United Kingdom, but your mailboxes will be spread between UK South and UK West Data centres. To view individual mailboxes you will need to use the PowerShell command:

Get-OrganizationConfig | Select -ExpandProperty AllowedMailboxRegions | Format-Table

This will return all mailboxes broken down by Mailbox Region which can be exported as a CSV.

 

If you’re looking for greater control of your Microsoft 365 Data Residency or are interested in the ADR license, please get in touch with Planet IT!

 

Book to meet with me

How IT Can Save Your Business Money and Make It Work Better

How IT Can save your business money

Technology is an essential part of any modern business, but it can also be a source of frustration, inefficiency, and risk if not managed properly. You need a reliable, trustworthy IT partner to help create and implement a strategic IT roadmap that aligns with your business goals and needs.

We know that IT is essential for modern work, to communicate via email, messaging, video conferencing and apps such as Excel, Adobe and others to enable our businesses. But an IT roadmap is so much more than that. It can allow your business to improve, drive forward, and save you money while doing it.

Let’s explore how…

AI

Artificial intelligence (AI) is the ability of machines to perform tasks that usually require human intelligence, such as reasoning, learning, and decision-making. AI can help your business improve productivity, quality, and customer satisfaction by automating repetitive and complex tasks, enhancing data analysis and insights, and providing personalised and intelligent services. For example, you can use AI to:

Streamline your workflows and processes. 

Use chatbots, virtual assistants, and robotic process automation (RPA) to handle customer inquiries, bookings, invoices, and other administrative tasks.

Optimise your operations and performance. 

Utilise machine learning, deep learning, and natural language processing (NLP) to analyse large and diverse data sets, generate forecasts and recommendations, and detect anomalies and patterns.

Innovate your products and services. 

Tools such as computer vision, speech recognition, and natural language generation (NLG) to create interactive and engaging experiences, such as face recognition, voice assistants, and content creation.

Used correctly and responsibly, AI can save your business money by reducing labour costs, increasing efficiency, and minimising errors. It can also make your business better by enabling you to offer faster, more innovative, and more personalised solutions to your customers and stakeholders.

The next big thing in AI? – Microsoft Copilot. Those lucky enough to use it this early have already seen how it can revolutionise our work. And this is just the start. Copilot is just going to get better.

 

Cloud Technology

Cloud technology delivers computing services, such as servers, storage, databases, networking, software, analytics, and intelligence, over the internet (the cloud). The Cloud can help your business improve scalability, flexibility, and collaboration by allowing you to access and share resources on demand, from anywhere, and on any device. For example, you can use cloud technology to:

Expand your capacity and capabilities. 

Use cloud infrastructure, platform, and software as a service (IaaS, PaaS, and SaaS) to host your applications, data, and systems on the cloud without investing in and maintaining your hardware and software.

Enhance your agility and responsiveness. 

Cloud orchestration, automation, and integration can help manage and coordinate your cloud resources, workflows, and processes and adapt to changing business needs and demands.

Empower your team and partners.

By using cloud collaboration, communication, and productivity tools, you can work together, exchange information, and deliver results regardless of location, time zone, and device.

Cloud technology can save your business money by reducing capital and operational expenses, optimising resource utilisation, and leveraging economies of scale. It can also improve your business by enabling you to access and leverage the latest technologies, innovations, and best practices in the cloud.

Our cloud platform of choice is Microsoft Azure. Azure provides 1000’s of products and cloud services, including the latest in AI. This allows businesses to choose the tools and frameworks that best fit their needs. Whether developing new applications, managing existing workloads, or exploring cutting-edge technologies, Azure offers a flexible cloud-based ecosystem.

 

IT can save you money

Cybersecurity

Cybersecurity can help your business improve reliability, reputation, and compliance by ensuring your IT assets and information’s confidentiality, integrity, and availability.

The right protection can save your business money by avoiding or reducing the costs and losses associated with cyberattacks, such as downtime, data breaches, fines, lawsuits, and reputational damage. It can also improve your business by enabling you to build and maintain trust and confidence with your customers and stakeholders.

A 24/7/365 Managed Detection and Response (MDR) service covering your organisation keeps you protected by a team of experienced threat hunters and saves you the cost of hiring your own managed Security Operation Centre (SOC). As a bonus, your Cyber insurance costs will be dramatically reduced as MDR satisfies many of their policy requirements.

 

Unified Endpoint Management (UEM)

UEM or Device management is the administration and control of your IT devices, such as laptops, tablets, smartphones, and printers, used by your staff and users to access and use your IT resources and services. UEM can help your business improve security, efficiency, and user experience by ensuring your IT devices’ proper configuration, maintenance, and support. For example, you can use device management to:

  • Secure and protect your devices using encryption, remote wipe, and lock to prevent unauthorised access and data loss in case of theft, loss, or compromise.
  • Manage and update your devices using inventory, provisioning, and patching to keep track of your device assets. You can assign and distribute devices to your staff and users and install and update software and firmware.
  • Support and troubleshoot your devices by using device monitoring, diagnostics, and helpdesk to monitor the performance and status of your devices, identify and resolve issues and problems, and provide assistance and guidance to your staff and users.

Device management can save your business money by reducing device downtime, waste, and theft and optimising device performance and lifespan. It can also make your business better by enabling you to provide a consistent and seamless device experience to your staff and users.

At Planet IT, we use Intune to manage our devices and recommend them to most clients. If you want to know more about Unified Device Management, check out our detailed article here: https://www.planet-it.net/uem-unified-endpoint-management/ 

IT Strategy

Software Licensing Management

Software licensing management can help your business improve compliance, quality, and value by ensuring the proper acquisition, deployment, and usage of your software assets and solutions.

Comply with software laws and regulations. 

Software license management can make auditing and reporting easier by verifying and documenting your software entitlements, installations, and consumptions and avoiding software piracy, infringement, and penalties.

Optimise your software investments.

Use software licensing to optimise, consolidate, and negotiate. Evaluate and select the best software license models, types, and terms for your business needs and budget to reduce software costs and complexity.

Enhance your software capabilities.

Managing complex software license subscriptions, renewals, and upgrades is a fine art. You can access and benefit from the latest software features, functions, and improvements and maintain software compatibility and interoperability.

Software licensing can save your business money by avoiding or reducing software over-licensing, under-licensing, and non-compliance and maximising software utilisation and value. Furthermore, it can improve your business by enabling you to leverage the best software solutions for your business processes and outcomes.

By working with a high-level partner like Planet IT, we can secure you better licensing pricing than most other IT companies.

 

IT processes, systems and methodology can save your business money and improve it in many ways. However, managing IT can be challenging and complex, especially in today’s dynamic and competitive business environment. That’s why you need a trusted and experienced IT support provider to help create and implement a strategic IT roadmap that aligns with your business goals and needs.

Speak with James Dell today to find out how we can help you transform your business with IT – [email protected] or reach out on LinkedIn: https://www.linkedin.com/in/delljames/

Meet Maciej Owsiany. What exactly is a Principal Technical Architect?

Technical Architect

Let’s start with an easy one… what exactly is a Principal Technical Architect?

Well… I’ll do my best to describe that title as we all know it is comprehensive and contains many small bits and pieces.

In a few words, a Technical Architect helps businesses understand how the technology works that they might commit to buying and implementing within their company.

There are a few types of Technical Architect. One is a pre-sale Technical Architect, which is precisely what I do in my role. I often engage in conversations with businesses before the sales process. In the typical jargon, I use simple terminology to speak to executives about existing or new technologies. I often change technical language to something more straightforward for the client to understand so they can more comfortably decide to implement a solution within their organisation.

A big part of my role as Principal Technical Architect is to create IT roadmaps, where we look at the overall existing infrastructure for the business and project changes within a specific timeline to achieve better outcomes, essentially acting as your IT Director or CTO, providing that long-term technical vision for the business.

How does that fit within the Managed IT Support Area of Planet IT?

Within the MSP business, the Technical Architect role is a glue between a client and the infrastructure team. That’s looking after that business on a day-to-day basis. We all try to work together to achieve one goal, and that is, first of all, to make the client’s life easier by implementing technology which works for them first but at the same time makes the infrastructure team happy as they will have to then look after that solution and support the client after it has all been implemented.

A big part of my experience that massively helped me within my role was being a technical liaison. I was a part of the helpdesk and onsite team, assisting clients within the MSP business for over ten years. I saw the major struggles that companies were going through and often had to work under pressure to resolve those problems. I always say that I have been on the other side of the fence and not only seeing technical issues from one side of the monitor 😊.

 

What sort of clients do you like working with?

In our role here at Planet IT, we help over 90 support clients from various sectors, such as pharmaceutical, manufacturing, and consulting. We also manage highly demanding organisations like schools, hospitals, and critical care businesses, where technology has to be delivered on point as those clients are highly dependent on it. Working with companies with a straight mission and vision for their business is much easier as we can focus on longer-term goals rather than short patches. Those kinds of companies often stick to the plan and implement changes that Technical Architects put in the IT Strategies.

 

What technologies do you like working with?

This might sound like a broken tape, and as we hear more about the security solutions, most of us probably think…. oh, not again!

Unfortunately, the world we live in has pushed us to focus even more on the security aspect of every business.

We often work in a hybrid mode, which always makes technical departments very busy, and every aspect of security behind the hybrid working solution requires addressing accordingly.

I am not even sure where to start, as we can talk about it for hours, but mainly these days, we do not work from one secure parameter, such as the office. We do not use only one device to access business data. As everybody knows, and I am sure that most of you agree, we tend to use many devices, such as laptops, mobile phones, and tablets, to access our data.

From a technical perspective, it is our main goal here at Planet IT, and I am sure many other companies, too, secure that data and the devices from which it is accessible. In the technical department, we regularly speak about new technologies that can help secure the data and make sure that in the event of losing a single device, which, let’s face it, is not really hard these days, mitigating the risk of accessing it by someone who should not is achievable as quick as possible.

Using the right technologies, such as Microsoft Intune, is something that we work on daily here at Planet IT, and I can happily say that it makes me almost very proud that many businesses are deciding to make the right move and shift towards it.

 

What technologies are you looking forward to seeing in the future?

Virtual reality and all the AI-facing technologies that we can hear about are things that everybody is talking about at the moment. Many big companies are introducing solutions that can help us with our daily tasks, whether at work or at home, and some of them we might have seen in futuristic movies a long time ago. We all know for a fact that this is happening. We are testing some of these solutions here in Planet IT that might help businesses internally.

 

What challenges do you face in your role?

As I have mentioned, in participating in the Security Summit conversation regarding bridging gaps between technology professionals and executives, the challenge often is to try to convince the senior management team to invest in IT. I have been on many calls when I heard someone saying my system is not broken, so why must we make those changes?

Our job is to ensure that clients understand the importance and often the urgency of the changes that need to be made. Surprisingly, today, we still see many businesses that have not moved from their onsite server operating system, which is not supported anymore, and that is just one example. That may be because they are using bespoke and legacy applications, and the migration might not be that easy, but as long as there is someone who is willing to start a conversation with us and is open to a change, I call it a success as we can then have a discussion and try to face and resolve the current situation.

 

You were recently named the Planet IT MVP – Tell us about that. How did it feel?

That is a huge privilege, and I have to say that I am very grateful to be chosen by Planet IT team and voted for an MVP award, which I think stands for the most valuable player (I have been watching those basketball playoffs for a long time, and I know what that is 😉).

This all happened while I was climbing Kilimanjaro. I remember that my friend happened to catch the internet signal in the middle of nowhere for just 1 hour during our 7-day trip! I wanted to see what happened in the big world, and when I found out about winning…!! We then lost internet access, so I could not even say how happy I was. I feel like this is a team achievement, and although I was lucky enough to get awarded the MVP title, I cannot thank the entire Planet IT team who stands behind it enough!!!

 

What makes you tick outside work?

I love overall physical activity, whether walking, hiking, or training… I love it all!!! Why…? It is probably because during those, I don’t have to think about anything else, and I don’t need to analyse any solutions 😉.

 

The Cyber OODA Loop Explained: Enhancing Cyber Defence with Rapid Decision-Making

The Cyber Observe Orient Decide OODA and Act Framework

If you follow the world of Jocko Willink or listen to his podcast, especially the one with Andrew Huberman, then you will have heard about the Observe, Orient, Decide and Act (OODA) loop.  

Willink used this model during his time in the Navy Seals to help him overcome challenges. This article explores how the OODA loop can be utilised in cyber response, especially in highly stressful situations, to enable you to see the woods from the trees. 

What is the OODA loop? 

Observe

The first step in the OODA loop is observation. In the context of cybersecurity, this involves actively monitoring our network, systems, and external threat intelligence sources. Key activities include: 

Security Bulletins and Advisories: Regularly track security bulletins and advisories from trusted sources. Stay informed about vulnerabilities and emerging threats. 

Threat Intelligence: Gather information on adversary tactics, techniques, and procedures (TTPs). Understand their modus operandi to anticipate their moves. 

Incident Detection: Implement robust detection mechanisms, including network intrusion detection systems (NIDS), firewall logs, and user behaviour analytics.

Orient

Orientation is about making sense of the observed data. Here’s how it applies to cyber defence: 

Assess Applicability: Evaluate how the observed threats align with your organisation’s assets and operations—Prioritise based on criticality. 

Operational Issues: Consider operational constraints, resource availability, and potential impact. What can realistically be addressed? 

Risk Assessment: Quantify the risk associated with each threat. Understand the potential consequences of inaction.

Decide

Decisiveness is crucial in the face of cyber threats. Make informed decisions: 

Prioritise Remediation: Decide which vulnerabilities or incidents require immediate attention based on your risk assessment. Create a remediation strategy. 

“Duelling” OODAs: Recognise that adversaries also operate within their own OODA loops. Act swiftly to disrupt their plans.

Act

Execution is where the rubber meets the road: 

Rollout and Monitor: Deploy patches, updates, and security controls. Continuously monitor for any “breakage” caused by changes. 

Active Defences: Implement active defences such as honeypots, sinkholes, and application whitelisting. Deceive, degrade, and disrupt adversary actions. 

Continuous Cyber Loop

Remember that the OODA loop is iterative. As you act, new observations emerge, leading to further orientation, decisions, and actions. Adaptability and agility are essential. 

Organisations face an ongoing battle to protect their digital assets in the volatile landscape of cyber threats. Initially developed by military strategist Colonel John Boyd, the OODA loop provides a robust framework for decision-making and response. Let’s explore how this loop can be applied to enhance our defences against cyber-attacks. 

In an outbreak or live cyber-attack, it can be challenging to remain calm whilst taking the first steps to deal with the situation and do the right thing. We recommend taking time to run an OODA loop model in your mind. In doing so, you can find a better, more effective way to tackle the challenges.  

Those of us who are often in a position where a decision needs to be made fast, risk missing alternative more effective ways due to time pressure. However, this model will give you the best chance to see a clearer picture, so you can make more informed decisions.  

Application Of the Loop in Cyber Security

The first step is to observe the incident and analyse your data:  

  1. What has happened?  
  2. Calmly analyse the facts and the unknown.
  3. Assess the worst possible scenario and the potential impact on your business.
  4. Think of your next steps.  

Once facts have been established, decide on the action and how you will proceed with the informed decision. Hopefully, the decision stemmed from the Observe and Orient model. 

The Act is the last step which puts the plan into action. At this point, you should also be planning to perform another OODA loop to cover the previous loop; sometimes, you may even be running multiple loops at once. The ability to place a cognitive weight on having time to make the right decision is key in a high-pressure scenario. 

If you are looking for further reading, then you can also look at the following: 

Mandiant APT1 Model: Map control implementations to the adversary model. Identify opportunities to detect, deny, and disrupt attacks. 

MITRE ATT&CK Matrix: Align techniques with tactics. Understand where defences are effective and where gaps exist. 

By embracing the Cyber OODA loop, organisations can transform reactive responses into proactive defences. Rapid decision-making, continuous adaptation, and a deep understanding of the threat landscape empower us to stay ahead of cyber adversaries. Remember: in cyberspace, surprise favours the prepared mind. 

If you want to talk to Planet IT experts about how we can help you with your cyber security, planning and innovation, then please call 01235 433900, or you can email [email protected], or if you would like to speak to me directly, you can reach out to me via DM or at [email protected]. 

 

Securing Tomorrow: Navigating Cybersecurity in 2024 (Amidst the Rise of Generative AI)

AI & Cybersecurity in 2024

As we plunge deeper into the digital era, the evolution of technology continues to shape the landscape of cybersecurity. 2023 has been a landmark year for the uptake and integration of Artificial Intelligence into our business, lives and technologies. However, now it’s time to look at cybersecurity in 2024

2024 will mark a significant milestone. The widespread adoption of generative AI technologies propelling us into uncharted territories. Not only are we learning about how to use these technologies and leverage them to make our business more effective and our work lives that little bit easier, but at the same time we are trying to understand how this technology should be legislated, managed and secured. While these advancements bring unprecedented opportunities, they also usher in new challenges. Especially with the escalating risks posed by malicious actors utilising AI to launch smarter, more efficient cyber-attacks. In this article, we delve into the future of cybersecurity and explore crucial measures businesses should undertake to fortify their defences against AI-driven threats.

2023 has been a year of seismic change in the IT landscape. Most of this initial change has been driven in part by the wave of generative AI products that have come to the market. Starting with the introduction of ChatGPT from OpenAI and then the race to get GenAI into every business and every consumer as quickly as possible. This is not the only change that has dramatically affected the market but it is the starting point from which most of the other shifts have occurred.

Because of this, when looking at what 2024 looks like, we need to consider these rapid changes. We can’t just look at today’s landscape. We need to consider what is the risks of the following 12 months are going to look like

The Proliferation of Generative AI:

Generative AI technologies, fuelled by machine learning algorithms, have demonstrated remarkable capabilities in various domains, from content creation to problem-solving. However, with great power comes great responsibility (“Ben Parker – Spiderman (just before he dies [SPOLIERS]”), and in the realm of cybersecurity, the advent of generative AI presents a double-edged sword. While businesses and individuals can leverage GenAI to increase their productivity, remove manual tasks or understand complex situations, Cybercriminals are increasingly leveraging these technologies to automate and enhance the sophistication of their attacks.

AI Cybersecurity event

AI-Driven Threats: A New Frontier:

The integration of generative AI in cyber attacks introduces a new level of complexity and efficiency. AI-driven threats can adapt in real-time, learning from defensive measures and continuously evolving to exploit vulnerabilities. From intelligent phishing schemes to adaptive malware, businesses now face a formidable adversary that can circumvent traditional security protocols with unprecedented agility. This enables bad actors to push RaaS (Ransomware as a Service) and enable less skilled individuals to trigger and deploy increasingly complex attacks on businesses with little to no knowledge of what the attack does or how it is written.

So how do we move forward? As a business what should you be doing to protect yourselves, your staff and your business from the wave of GenAI that isn’t hear to help you out? I have collated Five steps that I called the Business Imperatives for Cybersecurity in 2024:

Investing in AI-Powered Defence Systems:

To counter the rising tide of AI-driven threats, businesses must invest in cutting-edge, AI-powered defence systems. These systems should not only detect known patterns but also employ advanced machine learning algorithms to identify anomalous behaviour indicative of potential attacks. Your £10 a year subscription to a nearly free Antivirus or Antimalware platform is no longer enough, the companies who are not innovating in this space and failing behind and they are doing so quickly. In 2024, EDR/XDR – Endpoint Detection and Response or (X)Extended Detection and Response are now a minimum, for nearly all businesses from SME/SMB to Blue Chip a managed SoC (Security Operations Centre) or Managed Detection and Response (MDR) service is a must. The level of protection on your client devices has never been more important especially as the edge of the network dissolves and users and businesses embrace remote working.

Continuous Training and Skill Development

The human element remains crucial in the fight against cyber threats. Regular training and skill development programs are imperative to equip cybersecurity teams with the knowledge and expertise needed to combat evolving AI-driven attacks effectively.

When looking at what we do moving forward we have to start with the human aspect of protection “The Human Firewall” as I like to call it. Training your end users has and always will be the most critical line of defence a business has. Now I have said this before and I will undoubtedly say it again in one of these articles or at a keynote. If you fail to train your end users to not only use the technology in front of them or understand the risks they pose as users to the data and information security of the business you will undoubtedly risk a catastrophic failure. Users are the most risky part of your business, they move, they are forgetful and they tend to be overly sharing even when you have specifically told them not to be. What we will need to do as we step into 2024 is train end users to understand the risks of AI, what it does/doesn’t/can/cannot do with data.

Once they understand this you will need to wrap true security awareness training around this. The training will need to be broad but also deep to ensure that users do not fall into the trap of not knowing the breadth of the risks but also don’t end up receiving such high-level input they never really understand how deep that rabbit hole can go.

microsoft intune

Zero-Trust Security Architecture

Adopting a zero-trust security architecture is paramount in the age of AI-driven threats. Rather than relying solely on perimeter defences, businesses should implement robust identity verification, continuous monitoring, and strict access controls to mitigate the risk of unauthorized access. We need to build systems, services and business with Zero Trust at the core. When my team is asked to work on a solution for a customer or migration to the cloud, this is where we begin the days of trusting the perimeter of the network to defend us are gone. We need robust Zero Trust across every system, platform and service. If you don’t have Zero Trust you have too much trust!

Collaboration and Information Sharing

Cybersecurity is a collective effort, and businesses should actively participate in information sharing and collaborative initiatives. At Planet IT, I make this a core of what we do with regular information-sharing sessions, events and webinars (including this blog!). Building a strong network of industry peers and sharing threat intelligence can enhance the collective ability to thwart sophisticated AI-driven attacks. If you don’t know where to start with this reach out to [email protected] and we will get you connected with like-minded individuals across the UK and EMEA and help you build your network of peers.

Regulatory Compliance and Ethical AI Usage

Beyond technological solutions, fostering a cybersecurity culture within an organisation is paramount. Employees should be educated about the potential risks associated with AI-driven threats and encouraged to adopt best practices, such as vigilant email scrutiny, regular password updates, and reporting suspicious activities promptly. This starts from the first day they join your business and should be a continued journey throughout their time with you. The days of training once worrying later are gone. We must be keeping our staff as up-to-date as we are, bringing the business with you is the hardest part of the battle with AI and Cyber Security in 2024.

As we stand on the precipice of a future dominated by generative AI, the importance of robust cybersecurity measures cannot be overstated. Businesses must proactively adapt to the evolving threat landscape by embracing advanced technologies, fostering a cybersecurity-conscious culture, and collaborating with the broader industry. By doing so, they can not only defend against the rising tide of AI-driven threats in 2024 but also pave the way for a more secure digital future. Just remember, AI is Amazing but if you fail to understand it, properly protect it or secure it then it’s a disaster waiting to happen!

If you want to talk to one of our experts about how we can help you with your security and understanding of AI then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

AI & Cybersecurity in 2024

 

How to create and implement a cloud strategy

How to Create and Implement a Cloud Strategy

Cloud-based solutions are helping organisations achieve greater agility, efficiency, and innovation, and even increasing end-user satisfaction. That said, moving to the cloud is not always just as simple as clicking a few boxes and pressing go. It can be a drawn-out or complex process. Any cloud migration strategy requires careful planning and execution to ensure a successful outcome and avoid the typical major pitfalls. 

In this article, we will explain what your cloud strategy should include, why you need one, and how to create and implement one for your organisation.  

We will also share some tips and best practices from our experience as a Microsoft Solutions Partner specialising in Microsoft Azure, Microsoft 365 and cloud migration specialist. 

 

What is a cloud strategy? 

A cloud strategy is a concise viewpoint on the role of cloud computing in your organisation. It defines what you want to achieve with the cloud, how you will get there, and how you will measure your progress and results. 

A cloud strategy is different from a cloud implementation plan, which offers the “how” rather than the “what” and “why”. A cloud implementation plan details the specific steps, actions, and resources needed to execute your cloud strategy. 

You need a cloud strategy because it helps you: 

  • Align your cloud solutions with your business goals and user needs. 
  • Communicate your vision and direction to your stakeholders and partners. 
  • Identify and mitigate the potential challenges and risks of cloud adoption. 
  • Optimise your costs and benefits of using the cloud. 
  • Monitor and evaluate your performance and outcomes. 

Cloud Strategy

What if you don’t prepare for the cloud properly? 

Without a clear and coherent cloud strategy, you may end up with: 

  • A complex and expensive technology estate that does not meet your expectations or requirements. 
  • A lack of coordination and collaboration among your teams and departments 
  • A loss of control and visibility over your data and processes 
  • A reduced ability to respond to changing market conditions and customer demands. 

So, where do you start? 

If you have to ask that question, then you probably need a helping hand.  

Feel free to call one of our Cloud Specialist Architects to get the plan rolling. Call 01235 433900 or email [email protected] and ask about a Free Cloud Readiness Assessment.  

WormGPT: Phishing-as-a-Service the Rise of AI lead Phishing Attacks

WormGPT

Have you been following my latest series of articles on AI and the moving threats of the AI lead wave? If you have, you will have heard me talk about the use of AI to generate content for cyber-attacks, especially their use to increase the effectiveness of Phishing attacks. But have you heard about WormGPT?

Almost as predicted a new AI-lead Phishing service has launched titled WormGPT. Its name is a homage to the AI service ChatGPT which it claims to mirror. The creators call it an equivalent to the natural language engine’s human-like answers to questions.

How does it work?

The way that WormGPT stands out is very simple. All the security measures and protections used to prevent the generation of malicious code or attacks in ChatGPT are removed. WormGPT actively encourages this behaviour. No wonder, it is developed by known hackers and actively promotes malware and other cybercrime on the page.

cybersecurity

WormGPT is a subscription-based service on the dark web. Like many of these services, it can be used to promote and enhance phishing attacks. It is another case of Phishing-as-a-service and will only lead to more complex and higher-risk cyberattacks hitting the public.

With this on the rise, all we can recommend is that you stay alert. Stay aware and have the right protections in place to prevent phishing attacks. You should have time-of-click protection enabled on all links in your business. If you need more guidance on this, you should reach out to your Planet IT account manager.

How our Cybersecurity experts can help…

Are you struggling to get your head around how AI affects cybersecurity? Then please call 01235 433900 or you can email [email protected]. Or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

Windows Server 2012 R2 End Of Support – Act Now Or Face The Consequences!

Windows Server 2012 R2 End of Support

If you are an IT professional running Windows Server 2012 or Windows Server 2012 R2 server, you need to be aware that support for these products will end on October 10, 2023. This means that regular security updates, non-security updates, bug fixes, technical support, and online technical content updates will no longer be provided by Microsoft.

This poses a serious risk to your business. You will be exposed to potential security breaches, compliance issues, and performance problems. Alongside several key vendors dropping support for their products as soon as this platform leaves standard support with Microsoft.

You will also miss out on the latest features and innovations that newer versions of Windows Server offer. This includes improved security, scalability, reliability, and efficiency.

Therefore, you need to act now and plan your migration strategy before it is too late. You have two real options and one really bad idea to choose from.

Embrace The Cloud and get all the benefits

Migrate to Microsoft Azure and receive free Extended Security Updates (ESUs) for three years after the end of support. You can move your applications and databases to Azure Virtual Machines and benefit from the cloud’s flexibility, scalability, and cost-effectiveness.

You can also use Azure Arc to manage your hybrid environment and receive automated/scheduled ESU updates and installation. This can simply be a lift and shift for now. Use the three years to get prepared for a newer operating system.

Upgrade your Windows Server

Upgrade to Windows Server 2022 or purchase ESUs for Windows Server 2012. If you prefer to stay on-premises, you can upgrade to the latest version of Windows Server. This will offer enhanced security, performance, and innovation. Alternatively, you can purchase ESUs for Windows Server 2012, which will provide security updates only for up to three years after the end of support. This can only be done if you are on an Enterprise Agreement with Microsoft. For most businesses, this won’t be an option.

Or….

…and you’d be really stupid to do this!

Do nothing and wait to join over 50% of UK-based businesses that suffer a major cyber incident each year. With an unsupported product, it will only be a matter of weeks before a major attack is launched by a threat actor against an operating system using unpatched vulnerabilities.

Whichever option you choose, you need to start preparing now and avoid the risks of running unsupported software.

Don’t know which way to turn…. Then reach out to the Technical Architecture team and we will help you understand your options and support you in the drive to move away from 2012 R2.

We are an IT company based in the UK that advises thousands of businesses, IT managers and leaders on all things Tech. We can help you with your migration plan and ensure a smooth transition to the latest Windows Server solutions. Contact us today and let us help you secure your future.

Windows Server 2012 R2 End of Support

Looking for a technology partner?
Let’s talk

  • This field is for validation purposes and should be left unchanged.