CTO Insights August Newsletter

CTO Insights August Newsletter

August has rolled around and while nobody had told the British weather that it’s summer, let’s see if we can provide some CTO summer vibes for you to enjoy. 

IT Sustainability 

The idea of sustainability continues to be a prime conversation topic whether it’s politicians, media, the public or the boardroom and the desk of the CTO. What does sustainability mean for businesses? In reality, is much too broad a topic for a simple answer. But as IT pros we need to understand it and that starts with breaking it down into identifiable and measurable chunks. 

One such area is the impact of poorly managed and controlled data storage on sustainability. It’s an intriguing idea and one covered in this piece that an industry friend of mine Matt Watts, from NetApp, wrote for Tech Radar, Technology sector’s hidden issue: a landfill of data | TechRadar. It’s a good read and highlights an area in which we can make a difference. 

Microsoft flexing their cybersecurity muscles 

For those of you who keep an eye on Microsoft, It won’t have slipped your attention that they continue to rapidly develop their security portfolio. This has included a recent raft of announcements around their three security brands Defender, Purview and Entra. As I mentioned in the previous newsletter, Entra is Microsoft’s identity and access portfolio and this includes the rebranding of Azure Active Directory to Entra ID. But it is much more than that, to help people pick through these latest Entra announcements I’ve written this blog for my friends over at GigaOM and thought you may find it useful too Microsoft takes Entra to the edge – GigaOm. 

Microsoft’s announcement did not stop there. Another one that caught my attention was their move into the Managed Detection and Response (MDR) space. MDR is something that is gathering a lot of momentum in many organisations I speak with, as they try to augment their overburdened security teams. MDR is potentially an ideal solution, and It’s no surprise to see Microsoft launch their own MDR service to complement its Defender platform. To find out more here’s a Microsoft launch blog Microsoft Defender Experts for XDR | Microsoft Security. For the next newsletter I’m currently working on a more detailed blog looking at the MDR space in general, so stay tuned.

Security Incidents  

Cybersecurity incidents are not going away and to highlight this, a couple of recent Cyber Security incidents caught my attention. First up was the incident that impacted Capita, as reported here by Techerati. What this article provides is an insight into the real-world costs of a ransomware incident. The breach at Capita is reported to come with a likely price tag in the region of £15m-£20m. This is before any potential regularity punishment. The costs of a cyber incident are real and should be included when assessing risk to our organisations. 

The UK elections watchdog has also revealed that it has been the victim of a complex attack, as reported here by the BBC. Data was accessed which included names and addresses and it mentioned that control systems were also accessed. This is a good example of the statement “assume breach”. It’s a good approach to take when considering security, we just cannot assume that everything on the inside of our network is okay and should have carte blanche access. We must secure all of our systems and continually monitor access to ensure that any unauthorised access does not get to access our most sensitive information. 

CTO tips 

Finally, this came from a suggestion from one of my industry friends and newsletter readers, Phoebe Goh, from NetApp, who asked for some good tips for CTOs and senior execs. As someone new to the CTO role myself and doing this at a company that hadn’t previously had a CTO, I thought what a good idea because gaining tips from experienced CTOs has been invaluable to me. So I’ve put together three things that I took from conversations with other CTOs in terms of the role and what a good CTO should strive to do. Particular thanks to Howard Holton for these. 

What is the CTOs role?  

There will be more things here, but at a high level, the following makes sense to me. 

  • Define the tech stack – what should your technology stack look like to meet business/customer needs? 
  • Where do we invest? – What technologies should we be investing in to make sure we maintain our edge over our competition? 
  • What are the emerging technologies we should be looking at? – What’s next for our business, what are the technologies that are around the corner that we should, at the very least, understand? 

What should a CTO strive to do? 

Not only, what is the role, but for someone trying to do a good job as a CTO what should we strive to do? (I’m very much still working on this!) 

  • Be available – be a person that colleagues and customers can talk to about technology – it’s important to be able to do this at all levels, not just talk “techie” but speak in a language that makes sense to those asking. 
  • Formulate ideas around Technology quickly – While this doesn’t mean you should be an expert in all areas, it does mean, being aware of technology and being able to have an idea of how that technology can impact your business – being able to articulate, what it is and where we could use it in our business. 
  • And where you don’t have an idea about a technology – then be able to understand the impact that technology can have and what that may mean for your organisation. 

Be visible. 

It was the idea of being visible that led to this newsletter.  A newsletter can be a great way of sharing ideas and inviting conversations with your organisation, partners and customers. And hopefully, that’s what we can do here with CTO insights. 

If you’re new to the role or looking at ways to develop then hopefully some of these ideas will help. Of course, I’m pretty sure, others will have their own thoughts and I’d love to hear them, so we can share them more broadly. 

That’s all from this edition of CTO Insights. If you have ideas or would like to have a chat then contact me at cto@gardnersystems.co.uk find me on LinkedIn or Twitter and Threads @techstringy or book a chat via my meeting link 

Gardner Systems cyber security event

On 26th April we hosted our hugely successful cyber security event on business preparedness at The Old Hall, Liverpool. Gardner CTO Paul Stringfellow was joined by Sophos cyber threat landscape expert Jonathan Hope. If you couldn’t make it down, don’t worry! We’ve summarised the event in this blog.

Jon has been at Sophos for over 11 years, during which time he’s enjoyed numerous roles in firewall, channel, and sales engineering. Like us, he’s committed to keep businesses and their users protected from online threats. His experiences and knowledge were a great boon to the event, offering attendees unique insights into how businesses can be better cyber-prepared.

Session 1 – Gardner Systems CTO Paul Stringfellow

To set the stage for deeper discussion, it’s first necessary to talk about the complexity of modern cyber-attacks. A major contributing factor is the growing professionalism of the hackers of today. It’s essentially a constant arms race between criminals and cyber security companies like Gardner and Sophos. As security software continues to be developed better and better, malware is created to counter the advances in business protection.

Security technology does continue to evolve to meet the speed and dynamism of the threat. Detection and response technologies are good examples whether that’s Endpoint (EDR) or eXtended (XDR) these tools are designed to simplify the process for overstretched businesses, by using analytics to more accurately identify threats and importantly automate their mitigation. However, these tools still require internal resources to manage them and that is a significant challenge for many. This has seen providers of these solutions increasingly offer managed versions of them (MDR). This allows businesses to add teams of dedicated security professionals to their cyber security efforts. Allowing them to react to security threats 24/7, because of course the reality is, it’s a 24×7 threat.

Session 2 – Sophos cyber threat landscape expert Jonathan Hope

In Jon’s session he shared how in the current cyber threat landscape, ransomware remains a top issue for businesses. The continued prevalence of the threat is driven by the changing threat landscape. Today, criminals have the option of purchasing as-a-service cyber-attacks. Buying readymade attack platforms or even contracting criminals to deliver the attack for them.

Because of the ever-lowering cost of carrying out attacks for the cyber-criminal this has seen an evolution in the types of organisations attacked. Unfortunately, this tends to be organisations that are unlikely to be able to pay the ransom, such as public sector organisations and SMEs. This in turn, means the landscape is broad and businesses from any sector can be affected.

Jon also shared some of the changing techniques used by cyber criminals. The social engineering vector is one that is constantly evolving. For instance, phishing emails might reference trending events to increase the likelihood a user clicks on content. He also outlined how Data exfiltration was increasingly parts of cyber-attacks, with attacked no longer satisfied with encrypting data, they are also stealing it.

Jon wrapped up by sharing some basic measures businesses should be taking to protect themselves, this included employee training and protection, server cover, and network firewalls.

Overview

With the cyber threat landscape constantly changing, organisations must come prepared to defend themselves. This includes threat detection software, endpoint protection, user training, and having a cyber-resilience response plan. The financial and reputational risks to businesses are simply too high to ignore cyber security. Gardner’s as IT service providers ourselves, we know this better than anyone.

Thank you again to Jonathan Hope and Sophos for coming out and talking with us. Be sure not to miss our next event!

Free Security Audit

Get a 1 hour FREE security audit!

Get in touch