CTO Insights January Newsletter

CTO Insights January 2024  

A new year, a new set of technology challenges and opportunities to tackle in 2024. As always with a new year, it’s a chance to look forward. This being IT let’s not look too far forward though! What’s likely to be challenging us in the first part of 2024? 

No escaping the AI beast 

The use of AI will continue to dominate business IT conversations. Microsoft’s co-pilot, OpenAI, Google etc are all continuing to push driving these technologies into every area of our lives. Co-Pilot is a particularly interesting one, with Microsoft already including it as an app in Windows 11, free as part of its Bing Chat service, and of course as an increasing presence across Microsoft 365.   

It’s not just here though. At the recent Consumer Electronics Show (CES2024) AI was front and centre. This included the intriguing Rabbit R1 which is an AI-powered “pocket companion”, imagine a smartphone with an AI interface. Techradar also ran a story from CES about Volkswagen being the latest car manufacturer to build ChatGPT into their cars, although I’m not sure I’m quite ready for that, it shows how AI will continue to become ever more pervasive. 

As IT business leaders we do need to prepare for this and have the appropriate controls in place to protect to ensure we use AI appropriately in both business and personal settings. 

The Cybersecurity threat isn’t going anywhere 

No surprise here as cybersecurity is never going to be done. A friend of, Kirk Ryan, recently posted this blog regarding cybersecurity trends in 2024.  Two tips caught my attention. His “AI Arms Race” pointed towards the cyber security threat posed by AI. How technology such as deepfake presented new threats that in reality are difficult to stop. This is an emerging area business and security leaders need to understand and find ways to identify these threats, much of this will need to be manual, however, as right now it’s hard for technology alone to stop. 

He also discusses “The Great Cloud Caper. Cloud has certainly increased the threat posed by leaked credentials and poorly configured security. While leaked credentials leading to the deletion of cloud infrastructure is thankfully rare, less rare is the threat posed by misconfigured cloud accounts and services, we continue to hear of misconfigured cloud repositories leading to significant data leaks.  

How secure is your cloud infrastructure? This is a question we should all be asking. Certainly, we should be carrying out regular basic security auditing to ensure we don’t have basic misconfigurations. We should ensure we are not over-provisioning guest access to our Teams groups and SharePoint sites or having under-protected, over-elevated accounts that if breached can be used to raise havoc in our cloud environments.  

Managing Costs  

Not surprisingly, we are going to see continued economic pressures on business and IT is a part of that. Whether it’s capital expenditure or operational costs the need for better insights into them is becoming increasingly in demand, especially with cloud spend. Having insights, especially predictive insight, into cloud costs should be a consideration for anyone with any kind of complexity to their cloud environments, especially those with multi-cloud setups. Knowing the best place to run a workload, and understanding how to ensure you are right-sizing them can have a significant impact on overall costs reducing them significantly.  But this is also true on-premises, making sure we are running a right-sized environment can reduce capital and operational costs. It’s a difficult area to manage, but it is, and rightly, going to stay high on the agenda as we move through 2024. 

While no doubt there are other areas of interest, I imagine much of the initial part of 2024 will see us dealing with those three areas. 

Tech Takeaways 

New year, new episodes! In 2024’s first episode, we are discussing alternative networks. These are connectivity providers who live outside of the UK’s traditional BT and Virgin media networks. Alt-nets own their infrastructure and build their services, which opens a range of custom services that can appeal to businesses of all types. Is an Alt-Net something that you could use? Dave Ferry of ITS joins us to explain more. Find the video version here or if you prefer audio it’s here 

CTO Insights  

In episode 2 of CTO Insights, I’m joined by NetApp field CTO, Grant Caley. With 20+ years at storage vendor NetApp, Grant has great experience and he shares a broad set of insights into the data industry. Join me as we explore the future of data ranging from cost optimisation to backup and recovery. 

You can watch the video here or if you prefer listen to the audio version here. 

Thanks for reading CTO Insights, look out for more coming soon. 

 

Unlocking the Secrets of Cybersecurity: Insights from our Cybersecurity Preparedness Event

Unlocking the Secrets of Cybersecurity: Insights from our Cybersecurity Preparedness Event

Recently, alongside our colleagues at Pro Liverpool and Sophos we brought together two industry experts to share their cybersecurity insights and help our attendees unlock some of the secrets of effective cybersecurity. Gardner CTO Paul Stringfellow and Sophos’s Jon Hope shared their knowledge on the changing landscape, the latest data from Sophos’s annual State of Ransomware report and what you can do to prepare your business. 

The changing landscape 

Cybersecurity threats continue to evolve.  

Unlocking the Secrets of Cybersecurity  

The way we work 

Our workforce is more mobile, no longer just confined to the relative safety of our business IT infrastructure. It is mobile and wants to work from anywhere, with continuous access. These changes alone has altered the way we operate and introduce new opportunities for cybercriminals.  

Change in infrastructure 

To meet the needs of the changing workforce organizations have changed infrastructure. No longer is it just in the data centre. Now it incorporates SaaS solutions, the public cloud, co-location facilities and services delivered by third parties. Bringing more complex environments to manage and secure. 

Attack Service has Grown 

This changing environment and supporting infrastructure present new attack surfaces. Cybercriminals no longer need to try to target well secure enterprise data centres. Instead, they are looking for insecure devices, user credentials, poorly protected third-party services as much easier ways of breaching security for malicious purposes. 

New Technology 

Technology does not stand still; organizations are embracing operational tech such as IoT and increasingly generative AI like ChatGPT. All of which has changed and broadened the places a cyber attacker can target. 

The changing attacker 

It is not only us that has changed, but cyber-attackers have also changed with us. Attackers are professional criminal organisation who operate like any large money-making business. They sell their services to any bidder lowering the barrier to entry to build a cyber-attack.  Just like any growing business, they are also exploiting technology to be more efficient and effective. Using long-term reconnaissance to feed their own analytics engines to better understand how to craft attacks against targets. 

The Target 

Unlocking the Secrets of Cybersecurity

People: They target our people to steal credentials. Because as a way to gain access into an organisations system is so much easier than “hacking” their way in. 

Data: In most cases our data is the target. This maybe to make it inaccessible (Ransomware), to steal it (so it can be sold) or to do both.  

Money: the goal is often financial. Looking at ways to extort or “con” money from victims. 

The research  

The trends that were discussed are not hypothetical as we saw from Sophos’s research in their State of Ransomware report (you can request a copy from here).   

We can see that ransomware remains a huge issue, with all key numbers continuing to rise including the average incident recovery cost, now at $1.82m.  

Ransomware stats

Am I a Target?

In terms of targets criminals were indiscriminate in their attacks, with company size having little impact on whether organizations are hit or not. Although education did stand out with an increased level of targeting, this is mainly in recognition of the amount of “interesting data” that education holds and the reality that their cybersecurity funding and protection maybe less effective than the commercial sector.  

While organization size and industry made little difference, turnover did play a part in the likelihood of an attack. Companies with the highest turnovers (+$5bn) were more likely to be hit, with 72% of companies that size having had a ransomware attack, than those with lower turnovers. This did not mean there was no chance of being attacked in fact over half (58%) of those with turnover of less than $10m had seen at least one attack.  

Time to recover

Another interesting stat from Sophos’s research was how long it took to recover from an attack and whether recovering from backup or paying a ransom had much impact. For those who recovered in the first month after an attack, there was little difference in method used.  However, where companies tool longer than this to recovery, it was more likely they were having to recover through paying the ransom. 

 Unlocking the Secrets of Cybersecurity

It should also be noted however, that while backup versus ransom didn’t make a huge difference in time. It did make a difference in quality. Those paying ransoms were not guaranteed to recover all data and were more likely to suffer further attacks.  

Another concerning stat was that recovering from an attack did not mean the end of the incident. Sophos reported that 30% of attacks in 2022 were “double jeopardy” attacks, where not only was data encrypted it was also stolen. The logic here was that even if an organisation didn’t pay to decrypt data, that data could be either sold or ransomed again with the threat of leaking that data if ransoms were not paid. 

What to do 

Knowing the size of the problem is helpful, but steps can we take to reduce the cybersecurity threat. 

People, process, technology 

Unlocking the Secrets of Cybersecurity

There is no one magic button that fixes all cybersecurity issues. Rather to effectively deal with the challenge requires focus on three key areas. 

Process 

Having good processes around areas from acceptable use policies to cyber incident response will make a significant difference. For companies who have not worked through Cyber Essentials, this is a great starting point to help build some basic processes to improve security posture. 

People 

Not only are our people a risk but if we educate them and give them the right security focussed environment, they can become our most powerful defence. Educating users about threats, creating a supporting security environment and a security culture will help engage your people and significantly improve your cybersecurity defence. 

Technology 

This is probably the least important part of an effective cybersecurity posture because if the people and processes are wrong, technology can only do so much.  The right tools do play a part and will help identify risks and potentially stop threats before they cause to much damage. When choosing security technology organisations should consider. 

  • Tools that offer broad security coverage. 
  • That use intelligence and analytics to provide proactive protection and rapid response. 
  • If you don’t have internal security skills look at managed services. 

Be Prepared 

The cybersecurity threat is evolving as rapidly as ever, threats are constant and complex. But as Paul and Jon shared you can take steps to better prepare your business to deal with it and reduce the risk and impact of any potential cybersecurity attack. 

Want to learn more about cybersecurity and ever evolving world of technology? Checkout the tech takeaways podcast – Podcasts – Gardner Systems

Need some more information on if what you’re doing is keeping you safe online? Message us for a free audit call! – About Us – Gardner Systems

Cyber Resilience: Why don’t you have a cyber resilience plan?

On episode 5 of our Tech Takeaways, Paul, Jason and Wayne discuss the importance of cyber resilience. While cyber security is a significant concern for all businesses, few have specific plans to deal with the impact of a cyber-attack. A cyber resilience strategy is a key part of knowing how to react if a cyber-attack happens. Let’s go back through what was talked about in the episode and find out how you can build a good framework to protect your assets. 

What is Cyber Resilience?

Cyber resilience planning concerns what a business will do when/if its systems are breached. Where software and endpoint solutions work to mitigate attacks before they get inside a business’s systems, cyber resilience plans help defend against threats that fully manifest. It includes a response procedure, i.e. what will the business do, which individuals are involved in the response, and what are their roles.  

Investing in cyber security measures is still important. However, businesses should accept that cyber security measures cannot reduce threat risk to zero. Cyber resilience planning accounts for the event where the business’s other security measures fail.  

Advice for Being Cyber Resilient

Risk Assessment

Make a list of key systems that could be impacted by potential cyber-attacks. Ask yourself, ‘how does my business operate if this system goes down?’. Criminals are likely to target the most important systems to maximise the effect on the business. 

Define Recovery Plan

It should be clear who in the organisation is leading the response, which systems need to be recovered first, and what methods can be used. This creates a solid framework to get your business back online as quickly as possible. 

Employee Awareness

A business’s employees can be both a threat and the first line of defense. However, the latter can only be achieved through appropriate cyber resilience training. Ensure that all users possess an understanding of how cyber-attacks can manifest, along with the knowledge needed to prevent security risks. It’s subsequently a good idea to simulate cyber threats to allow teams of employees to practice.  

Conclusions

If your business doesn’t have a cyber resilience plan in place, a successful cyber-attack will be much more damaging and take much longer to recover from. On the other hand, having a comprehensive cyber resilience plan allows you respond to and recover from threats quickly. This lets your business maintain day-to-day operations despite outside influence. 

Checkout the full episode on our page here

Checkout our YouTube here or see the full episode below

Gardner Systems cyber security event

On 26th April we hosted our hugely successful cyber security event on business preparedness at The Old Hall, Liverpool. Gardner CTO Paul Stringfellow was joined by Sophos cyber threat landscape expert Jonathan Hope. If you couldn’t make it down, don’t worry! We’ve summarised the event in this blog.

Jon has been at Sophos for over 11 years, during which time he’s enjoyed numerous roles in firewall, channel, and sales engineering. Like us, he’s committed to keep businesses and their users protected from online threats. His experiences and knowledge were a great boon to the event, offering attendees unique insights into how businesses can be better cyber-prepared.

Session 1 – Gardner Systems CTO Paul Stringfellow

To set the stage for deeper discussion, it’s first necessary to talk about the complexity of modern cyber-attacks. A major contributing factor is the growing professionalism of the hackers of today. It’s essentially a constant arms race between criminals and cyber security companies like Gardner and Sophos. As security software continues to be developed better and better, malware is created to counter the advances in business protection.

Security technology does continue to evolve to meet the speed and dynamism of the threat. Detection and response technologies are good examples whether that’s Endpoint (EDR) or eXtended (XDR) these tools are designed to simplify the process for overstretched businesses, by using analytics to more accurately identify threats and importantly automate their mitigation. However, these tools still require internal resources to manage them and that is a significant challenge for many. This has seen providers of these solutions increasingly offer managed versions of them (MDR). This allows businesses to add teams of dedicated security professionals to their cyber security efforts. Allowing them to react to security threats 24/7, because of course the reality is, it’s a 24×7 threat.

Session 2 – Sophos cyber threat landscape expert Jonathan Hope

In Jon’s session he shared how in the current cyber threat landscape, ransomware remains a top issue for businesses. The continued prevalence of the threat is driven by the changing threat landscape. Today, criminals have the option of purchasing as-a-service cyber-attacks. Buying readymade attack platforms or even contracting criminals to deliver the attack for them.

Because of the ever-lowering cost of carrying out attacks for the cyber-criminal this has seen an evolution in the types of organisations attacked. Unfortunately, this tends to be organisations that are unlikely to be able to pay the ransom, such as public sector organisations and SMEs. This in turn, means the landscape is broad and businesses from any sector can be affected.

Jon also shared some of the changing techniques used by cyber criminals. The social engineering vector is one that is constantly evolving. For instance, phishing emails might reference trending events to increase the likelihood a user clicks on content. He also outlined how Data exfiltration was increasingly parts of cyber-attacks, with attacked no longer satisfied with encrypting data, they are also stealing it.

Jon wrapped up by sharing some basic measures businesses should be taking to protect themselves, this included employee training and protection, server cover, and network firewalls.

Overview

With the cyber threat landscape constantly changing, organisations must come prepared to defend themselves. This includes threat detection software, endpoint protection, user training, and having a cyber-resilience response plan. The financial and reputational risks to businesses are simply too high to ignore cyber security. Gardner’s as IT service providers ourselves, we know this better than anyone.

Thank you again to Jonathan Hope and Sophos for coming out and talking with us. Be sure not to miss our next event!

Free Security Audit

Get a 1 hour FREE security audit!

Get in touch