Category: Uncategorised

CTO Insights Newsletter Edition 1

Posted on by Josh Mantle

Welcome to our first CTO Insights newsletter. The aim is to provide you with some insights into what I’m seeing from our customers, vendors and the general IT trends in the key technology areas that are challenging us all as CTOs in our businesses. 

In this first newsletter, I thought I’d go obvious with a couple of interesting articles and information across two of the hottest technology topics cybersecurity and generative AI (and I promise ChatGPT is not writing this newsletter). 

Generative AI 

The incredible popularity of ChatGPT (until the recent release of Threads, the quickest consumer technology to reach 100 million users, taking just two months, seven quicker than Tik Tok (Incredibly Threads did this in just six days!)) has taken the AI conversation from academic to one right into the heart of day-to-day use and of course day to day business. 

I recently recorded a Tech Takeaways podcast with our COO, Jason Fitzgerald, on this very topic as we discussed the ins and outs of the technology. What it means and importantly what the risks and potential rewards are, feel free to watch or listen here 

What does all this mean for us as a CTO and our business? 

When preparing for the podcast, I found a couple of useful resources that I wanted to share that provides a good overview into the rapidly evolving world of GenAI 

Firstly, is this article for McKinsey What every CEO should know about generative AI | McKinsey. The article discusses what we mean by Gen AI specifically. Some of the use cases you will see across an organisation and some of the responsibilities, this is particularly useful for a CTO, we have before introducing such tech to our business. 

For those who’d rather listen than read, I also find this podcast from an old friend of mine Yadin Porter de Leon who is at VMware, where he talks with Paul Roetzer, CEO of Marketing AI Institute, again, about the possibilities and potential risk. Including an interesting discussion on the impact on people. Find it here Generative AI: What CIOs Need to Know – with Paul Roetzer, CEO of Marketing AI Institute – CIO Exchange (vmware.com). They should provide you with a good overview of the space and what to consider. 

Gen AI is not going to go away; this is going to become an integral part of day-to-day business and life. As CTOs, it’s important to develop a position on the topic for our organisations, that doesn’t necessarily mean being an expert, but it is important to understand how we can use this to drive our business better and what we should be wary of. 

Cyber Security 

Always at the top of the priority list is cybersecurity, it’s of course a problem that continues to evolve, with threats and attack approaches continually changing (see above!) Tackling cybersecurity requires us to continually evolve our understanding of the problem and our approach to tackling it. 

With that in mind, I recently presented alongside Sophos at an event in Liverpool where we were outlining the latest trends. I Was joined by Sophos Technologist Jon Hope who also shared the latest Sophos Ransomware report (you can get a copy of that here – 2023 Ransomware Report: Sophos State of Ransomware).  

I also put together a blog post sharing some thoughts from the event you’ll find it here. 

While we are talking about events. I also attended Infosec Europe in London at the end of June. These are always interesting events and chances to hear from subject experts and by chatting with vendors to gain an understanding of strategic direction and trends in the cybersecurity space.  

It’s a big event and even across the two days I was there it was impossible to visit everyone, but I was lucky enough to get personal briefings from 8 different vendors as well. If you went to Infosec I’d like to hear your thoughts on what you saw, but if not – here’s a blog post I wrote with some of my key takeaways 

Cybersecurity is a multi-layered complex problem and needs us to consider security implications from core to edge. It’s about people, process and technology and balancing those three elements to ensure our security posture is strong and meets the needs of our organization. There’s no surprise that it’s likely to be a regular feature of future newsletters. 

And Finally 

Two bits of Microsoft news. Firstly, it recently made a number of announcements regarding its Entra platform. Entra is the name for Microsoft’s Identity security and access control tools. I’ll share more about this in the next newsletter, as there’s some interesting things in there. One thing I did want to share was the rebranding of Azure Active Directory to Entra ID. It does make sense in terms of the bigger picture of what they are doing, but thought It was worth giving a heads up, so if you see the name Entra ID and wonder what it is, then now you know. (BTW this does not impact Active Directory, just its Azure equivalent). 

Secondly, is the impending end of support coming on Windows 2012 R2, October 10th is the end data and then it will no longer receive updates, including security, bug fixes or technical support. So, if you are still running Windows 2012R2 in your environment, now’s the time to change. More details here from Microsoft.

For now, thanks for taking the time to read this. If there is anything you’d like me to cover, you can drop me a note at cto@gardnersystems.co.uk find me on LinkedIn or Twitter and Threads  @techstringy. 

If you’d like to book in a call, you can also do this here

CTO Insights Newsletter: Intro

Posted on by Josh Mantle

Welcome to the Gardner CTO Insights Newsletter

Welcome to our new CTO Newsletter, straight from the desk of our CTO, Paul Stringfellow, to yours. We aim to bring you concise summaries, expert opinions, and thought-provoking articles covering emerging technologies, industry trends, and best practices. And to provide you with a go-to source for the latest updates in enterprise IT.

Why a newsletter and why now?

Gardner Systems has been going through some rapid changes this year and one of those has been the evolution of roles for some of our team. This has included Paul’s move to CTO. Paul is well placed amongst the Gardner team with his experience and a broad range of industry contacts to help Gardner stay on the leading edge of technology and our customers understand how technology can help them in these challenging business times.

One of the things he has been keen to do is start to develop our CTO and IT leader community. This newsletter is part of that move, finding a way to efficiently keep our customers informed of technology trends, innovations, and best practices, as well as ways to engage and keep in touch.

What it will include?

As a CTO, your role demands staying on top of the latest technological advancements that can drive digital transformation, enhance operational efficiency, and enable business growth. Whether it’s cloud computing, artificial intelligence, cybersecurity, data analytics, or any other crucial aspect of enterprise technology we want to provide you with insights and analysis that can help you make informed decisions, identify opportunities, and overcome challenges.

An Intro to our CTO

Many of you would have met Paul during his time at Gardner’s. But for those that haven’t here’s a little about our new CTO. Paul studied Computing at Liverpool John Moore’s University. He got his first IT role at a pharmaceutical company in Liverpool, where he first met the Gardner Systems Team. He joined Gardner’s not long after and has worked across the business, from technical support to systems architect and today as CTO.

Paul has been one of the public faces of Gardner for some time, presenting at many of our events as well as at local and national business community and vendor events. In recent years, Paul’s experience also attracted U.S. IT analyst firm GigaOm with whom he now consults and carries out research, mainly focused on people-centric and data-centric security. These offer further Insights and relationships that can Paul can use to bring more value to Gardner customers.

These are exciting times at Gardner and Paul and the team is looking forward to continuing to offer great service to our customers, but also to be a local trusted source of advice and help for anyone who needs it. We hope you’ll find our newsletter a useful and valuable resource to help you in your role as a local IT leader. Alongside our newsletter, Gardner offers a range of other resources that can help you, including events and the Tech Takeaways podcast.

Also, If you’d like to meet with Paul to understand more about his role and what is happening at Gardner’s, book a call with him here.

Sign up for the CTO weekly newsletter right here

Unlocking the Secrets of Cybersecurity: Insights from our Cybersecurity Preparedness Event

Posted on by Josh Mantle

Unlocking the Secrets of Cybersecurity: Insights from our Cybersecurity Preparedness Event

Recently, alongside our colleagues at Pro Liverpool and Sophos we brought together two industry experts to share their cybersecurity insights and help our attendees unlock some of the secrets of effective cybersecurity. Gardner CTO Paul Stringfellow and Sophos’s Jon Hope shared their knowledge on the changing landscape, the latest data from Sophos’s annual State of Ransomware report and what you can do to prepare your business. 

The changing landscape 

Cybersecurity threats continue to evolve.  

Unlocking the Secrets of Cybersecurity  

The way we work 

Our workforce is more mobile, no longer just confined to the relative safety of our business IT infrastructure. It is mobile and wants to work from anywhere, with continuous access. These changes alone has altered the way we operate and introduce new opportunities for cybercriminals.  

Change in infrastructure 

To meet the needs of the changing workforce organizations have changed infrastructure. No longer is it just in the data centre. Now it incorporates SaaS solutions, the public cloud, co-location facilities and services delivered by third parties. Bringing more complex environments to manage and secure. 

Attack Service has Grown 

This changing environment and supporting infrastructure present new attack surfaces. Cybercriminals no longer need to try to target well secure enterprise data centres. Instead, they are looking for insecure devices, user credentials, poorly protected third-party services as much easier ways of breaching security for malicious purposes. 

New Technology 

Technology does not stand still; organizations are embracing operational tech such as IoT and increasingly generative AI like ChatGPT. All of which has changed and broadened the places a cyber attacker can target. 

The changing attacker 

It is not only us that has changed, but cyber-attackers have also changed with us. Attackers are professional criminal organisation who operate like any large money-making business. They sell their services to any bidder lowering the barrier to entry to build a cyber-attack.  Just like any growing business, they are also exploiting technology to be more efficient and effective. Using long-term reconnaissance to feed their own analytics engines to better understand how to craft attacks against targets. 

The Target 

Unlocking the Secrets of Cybersecurity

People: They target our people to steal credentials. Because as a way to gain access into an organisations system is so much easier than “hacking” their way in. 

Data: In most cases our data is the target. This maybe to make it inaccessible (Ransomware), to steal it (so it can be sold) or to do both.  

Money: the goal is often financial. Looking at ways to extort or “con” money from victims. 

The research  

The trends that were discussed are not hypothetical as we saw from Sophos’s research in their State of Ransomware report (you can request a copy from here).   

We can see that ransomware remains a huge issue, with all key numbers continuing to rise including the average incident recovery cost, now at $1.82m.  

Ransomware stats

Am I a Target?

In terms of targets criminals were indiscriminate in their attacks, with company size having little impact on whether organizations are hit or not. Although education did stand out with an increased level of targeting, this is mainly in recognition of the amount of “interesting data” that education holds and the reality that their cybersecurity funding and protection maybe less effective than the commercial sector.  

While organization size and industry made little difference, turnover did play a part in the likelihood of an attack. Companies with the highest turnovers (+$5bn) were more likely to be hit, with 72% of companies that size having had a ransomware attack, than those with lower turnovers. This did not mean there was no chance of being attacked in fact over half (58%) of those with turnover of less than $10m had seen at least one attack.  

Time to recover

Another interesting stat from Sophos’s research was how long it took to recover from an attack and whether recovering from backup or paying a ransom had much impact. For those who recovered in the first month after an attack, there was little difference in method used.  However, where companies tool longer than this to recovery, it was more likely they were having to recover through paying the ransom. 

 Unlocking the Secrets of Cybersecurity

It should also be noted however, that while backup versus ransom didn’t make a huge difference in time. It did make a difference in quality. Those paying ransoms were not guaranteed to recover all data and were more likely to suffer further attacks.  

Another concerning stat was that recovering from an attack did not mean the end of the incident. Sophos reported that 30% of attacks in 2022 were “double jeopardy” attacks, where not only was data encrypted it was also stolen. The logic here was that even if an organisation didn’t pay to decrypt data, that data could be either sold or ransomed again with the threat of leaking that data if ransoms were not paid. 

What to do 

Knowing the size of the problem is helpful, but steps can we take to reduce the cybersecurity threat. 

People, process, technology 

Unlocking the Secrets of Cybersecurity

There is no one magic button that fixes all cybersecurity issues. Rather to effectively deal with the challenge requires focus on three key areas. 

Process 

Having good processes around areas from acceptable use policies to cyber incident response will make a significant difference. For companies who have not worked through Cyber Essentials, this is a great starting point to help build some basic processes to improve security posture. 

People 

Not only are our people a risk but if we educate them and give them the right security focussed environment, they can become our most powerful defence. Educating users about threats, creating a supporting security environment and a security culture will help engage your people and significantly improve your cybersecurity defence. 

Technology 

This is probably the least important part of an effective cybersecurity posture because if the people and processes are wrong, technology can only do so much.  The right tools do play a part and will help identify risks and potentially stop threats before they cause to much damage. When choosing security technology organisations should consider. 

  • Tools that offer broad security coverage. 
  • That use intelligence and analytics to provide proactive protection and rapid response. 
  • If you don’t have internal security skills look at managed services. 

Be Prepared 

The cybersecurity threat is evolving as rapidly as ever, threats are constant and complex. But as Paul and Jon shared you can take steps to better prepare your business to deal with it and reduce the risk and impact of any potential cybersecurity attack. 

Want to learn more about cybersecurity and ever evolving world of technology? Checkout the tech takeaways podcast – Podcasts – Gardner Systems

Need some more information on if what you’re doing is keeping you safe online? Message us for a free audit call! – About Us – Gardner Systems

The secrets of cloud migration: Podcast Takeaway

Posted on by @deliverGardner

In our most recent Tech Takeaways podcast, we explored the key things businesses need to know about cloud migration. More and more businesses are planning to or have already started their moves to the cloud. However, a successful move to the cloud is not “a given” but there are some things businesses can do to stack the odds for a successful migration in their favour.  

Why are businesses thinking about cloud migration?

There are many reasons why businesses might want to migrate to the cloud.  

  • No longer want on-premises infrastructure: Businesses no longer want the “hassle” and risk that comes with running their own datacenters. 
  • Flexibility: Businesses today need to react more quickly than ever to changing demands. This is one of the clouds greatest strengths. 
  • CAPEX to OPEX: As the world has gotten used to buying things on subscription, from music to Software, many see the idea of buying their infrastructure as very attractive. Cloud allows them to do that. 

What to keep in mind when migrating to the cloud.

The cloud sounds great and has many benefits so let’s all jump in quickly. And that has been a problem for many when first making moves to the cloud. Their first move often was to lift and shift their existing data and approach into the cloud. But this often means that they end up unable to take advantage of the full capabilities of the cloud and more critically spending much more than they should.  

What are some simple steps you can take to make your cloud migration journey successful. 

  • Understand Why: A business should know why they want to move to the cloud and what their drivers are, is its flexibility, scale, cost optimisation, reducing their on-prem footprint. Knowing this is essential. 
  • What is success? Knowing why you are making the move to cloud is crucial, but understanding what a successful cloud migration looks like before you begin is equally so. 
  • Know your environment before you move? Before you move it is important to know what your environment is, but this is not just what virtual machines I have. While that is important, understanding services and how those services map together is essential. When doing this you can start to build an understanding of what your cloud infrastructure and costs will look like.
  • Resilience is still your job: Just moving to the cloud doesn’t mean you don’t have to consider resilience and availability. Building solutions that maintain availability in line with your business demands still has to be considered. Make sure you are aware of your cloud platforms resilience and how you need to architect your cloud infrastructure to meet your demands.
  • Plan to get out: Often forgotten is the consideration of what happens if you want to extract your information and systems from a cloud provider. Consider your exit plan, as odd as it sounds, should be a core part of your cloud migration plan. 

Key takeaways

In a nutshell, businesses should take three things away from this: 

  • Know the workload before starting cloud migration and think about how they can be adapted to maximise its features and capabilities. 
  • Fully understand the reasons why your business wants to migrate to the cloud.  
  • Build a cloud exit strategy into you plan. 

If you’re considering cloud migration and need advice and support, we can help. Our cloud migration services can smoothly guide you through the process and ensure the transition is as easy and efficient as possible for your business.   

Listen to the full Tech Takeaway podcast on cloud migration here or watch below!

Worth adding a contact link here too? 

Cyber Resilience: Why don’t you have a cyber resilience plan?

Posted on by @deliverGardner

On episode 5 of our Tech Takeaways, Paul, Jason and Wayne discuss the importance of cyber resilience. While cyber security is a significant concern for all businesses, few have specific plans to deal with the impact of a cyber-attack. A cyber resilience strategy is a key part of knowing how to react if a cyber-attack happens. Let’s go back through what was talked about in the episode and find out how you can build a good framework to protect your assets. 

What is Cyber Resilience?

Cyber resilience planning concerns what a business will do when/if its systems are breached. Where software and endpoint solutions work to mitigate attacks before they get inside a business’s systems, cyber resilience plans help defend against threats that fully manifest. It includes a response procedure, i.e. what will the business do, which individuals are involved in the response, and what are their roles.  

Investing in cyber security measures is still important. However, businesses should accept that cyber security measures cannot reduce threat risk to zero. Cyber resilience planning accounts for the event where the business’s other security measures fail.  

Advice for Being Cyber Resilient

Risk Assessment

Make a list of key systems that could be impacted by potential cyber-attacks. Ask yourself, ‘how does my business operate if this system goes down?’. Criminals are likely to target the most important systems to maximise the effect on the business. 

Define Recovery Plan

It should be clear who in the organisation is leading the response, which systems need to be recovered first, and what methods can be used. This creates a solid framework to get your business back online as quickly as possible. 

Employee Awareness

A business’s employees can be both a threat and the first line of defense. However, the latter can only be achieved through appropriate cyber resilience training. Ensure that all users possess an understanding of how cyber-attacks can manifest, along with the knowledge needed to prevent security risks. It’s subsequently a good idea to simulate cyber threats to allow teams of employees to practice.  

Conclusions

If your business doesn’t have a cyber resilience plan in place, a successful cyber-attack will be much more damaging and take much longer to recover from. On the other hand, having a comprehensive cyber resilience plan allows you respond to and recover from threats quickly. This lets your business maintain day-to-day operations despite outside influence. 

Checkout the full episode on our page here

Checkout our YouTube here or see the full episode below

Gardner Systems cyber security event

Posted on by @deliverGardner

On 26th April we hosted our hugely successful cyber security event on business preparedness at The Old Hall, Liverpool. Gardner CTO Paul Stringfellow was joined by Sophos cyber threat landscape expert Jonathan Hope. If you couldn’t make it down, don’t worry! We’ve summarised the event in this blog.

Jon has been at Sophos for over 11 years, during which time he’s enjoyed numerous roles in firewall, channel, and sales engineering. Like us, he’s committed to keep businesses and their users protected from online threats. His experiences and knowledge were a great boon to the event, offering attendees unique insights into how businesses can be better cyber-prepared.

Session 1 – Gardner Systems CTO Paul Stringfellow

To set the stage for deeper discussion, it’s first necessary to talk about the complexity of modern cyber-attacks. A major contributing factor is the growing professionalism of the hackers of today. It’s essentially a constant arms race between criminals and cyber security companies like Gardner and Sophos. As security software continues to be developed better and better, malware is created to counter the advances in business protection.

Security technology does continue to evolve to meet the speed and dynamism of the threat. Detection and response technologies are good examples whether that’s Endpoint (EDR) or eXtended (XDR) these tools are designed to simplify the process for overstretched businesses, by using analytics to more accurately identify threats and importantly automate their mitigation. However, these tools still require internal resources to manage them and that is a significant challenge for many. This has seen providers of these solutions increasingly offer managed versions of them (MDR). This allows businesses to add teams of dedicated security professionals to their cyber security efforts. Allowing them to react to security threats 24/7, because of course the reality is, it’s a 24×7 threat.

Session 2 – Sophos cyber threat landscape expert Jonathan Hope

In Jon’s session he shared how in the current cyber threat landscape, ransomware remains a top issue for businesses. The continued prevalence of the threat is driven by the changing threat landscape. Today, criminals have the option of purchasing as-a-service cyber-attacks. Buying readymade attack platforms or even contracting criminals to deliver the attack for them.

Because of the ever-lowering cost of carrying out attacks for the cyber-criminal this has seen an evolution in the types of organisations attacked. Unfortunately, this tends to be organisations that are unlikely to be able to pay the ransom, such as public sector organisations and SMEs. This in turn, means the landscape is broad and businesses from any sector can be affected.

Jon also shared some of the changing techniques used by cyber criminals. The social engineering vector is one that is constantly evolving. For instance, phishing emails might reference trending events to increase the likelihood a user clicks on content. He also outlined how Data exfiltration was increasingly parts of cyber-attacks, with attacked no longer satisfied with encrypting data, they are also stealing it.

Jon wrapped up by sharing some basic measures businesses should be taking to protect themselves, this included employee training and protection, server cover, and network firewalls.

Overview

With the cyber threat landscape constantly changing, organisations must come prepared to defend themselves. This includes threat detection software, endpoint protection, user training, and having a cyber-resilience response plan. The financial and reputational risks to businesses are simply too high to ignore cyber security. Gardner’s as IT service providers ourselves, we know this better than anyone.

Thank you again to Jonathan Hope and Sophos for coming out and talking with us. Be sure not to miss our next event!

Welcome to the new Gardner Systems

Posted on by @deliverGardner

Gardner Systems have been helping its customers solve business problems with IT since 1985. As you can imagine we have been through some changes in that time. As our business evolves it’s important that shows in everything we do, including our website and branding.   

The last few years have had some big changes for us, as it has for many of our customers. With that in mind we felt that our brand and website needed to reflect those changes. Some of you will have already seen those changes, but we thought it would a nice idea to share with you the changes we have made and the thinking behind them. 

Our goal was to create a new brand and website that would more clearly convey our message and values. Our new logo is in the form of a cloud. This seemed to make sense as the cloud is such a core part of today’s IT thinking. This made it an ideal fit as our logo, giving those who are new to us an insight into what we’re about before they learn anything else. 

We wanted the new website to be laid out in a way that would be easy and appealing for visitors to use and understand. The information has been split into small manageable chunks that tell visitors exactly what they need to know about each service without any unnecessary waffle. Our focus is always on the customer and how our services can support and benefit them throughout their business growth. No matter what IT service you need help with, whether it’s the cloud, security, data, or infrastructure, Gardner Systems can help. 

The team at Gardner Systems are very excited about the new website, branding and the new opportunities it will bring. Explore the site for yourself today and let us know what you think. You can contact us by phone or email if you have any other questions. 

Free Security Audit

Get a 1 hour FREE security audit!

Get in touch