United Kingdom, Feb 21, 2022
The range and impact of Information Security (IS) threats has grown and changed continually over the last 40 years or more, along with the motivations and drivers for such attacks. From when the Morris Worm launched the first, apparently inadvertent, distributed denial-of-service (DDoS) attack on the internet, the realm of cybercrime has expanded from hackers often driven by little more than curiosity, to organised crime and state sponsorship.
Beyond cybercrime in the broader information security realm, the impacts of information theft, leakage, loss, and misuse have grown – driving more and more regulatory controls to protect individual and organisational data. It’s a complex and continuously evolving landscape, with new threats and vectors emerging all the time.
Here are some of the key current trends driving the need for a transformational approach to IS:
Using malicious software (malware) to hold an organisation’s data to ransom is believed to have become a multibillion-dollar business and is rapidly becoming one of the most common forms of cybercrime. ‘Ransomware as a service’ packages are now easily available on the dark web. The head of GCHQ stated in October 2021 that UK ransomware attacks have doubled in a year, and that “ransomware is proliferating because it is ‘largely uncontested’ and highly profitable.”
In just one example, Hackney Council are today still dealing with the effects of a ransomware attack carried out in October 2020. They estimate it will cost in the region of £10m to rectify, although no ransom was ever paid.
Almost anyone with a smartphone or email account is subjected to social engineering attempts daily, through phishing emails or smishing (SMS phishing) texts. Using bogus communications to trick people into sharing valuable or confidential information is an increasingly sophisticated growth area.
The 2020 Twitter hack used social engineering to trick Twitter employees into entering their credentials into a phishing web page, with those details then being used to get into Twitter’s internal systems. This highlights an emerging cybercrime practice of using social engineering to harvest user credentials, which can be used to access sensitive data or introduce malware without detection.
People remain the weakest link in any information security strategy, and cybercriminals are increasingly exploiting this. The US Department of Homeland Security defines an insider threat in cyber security as “the threat that an employee or a contractor will use his or her authorised access, wittingly or unwittingly, to do harm to the security of the United States.”
The critical element is that insider threats exploit authorised access. Most corporate IT security follows a ‘castle and moat’ approach, allowing relatively unrestricted access to authorised users once their credentials have allowed them past the ‘moat’ of perimeter IT security. Duping or coercing an employee, vendor, or contractor into sharing credentials – or stealing them by other means – can give cybercriminals free rein across the system.
An increasingly common attack vector is for malware to lie undetected in the organisation for weeks or months, harvesting data such as administrator passwords and backup schedules, to ensure the eventual attack is as devastating as possible.
The COVID Effect
COVID has created at least two new areas of opportunity for cybercriminals. Processes created to deal with the pandemic have opened new attack vectors, such as phishing emails requiring the recipient to share sensitive data to meet some bogus COVID requirement. The major shift towards flexible working has meant corporate resources being accessed from a wider range of devices and locations, creating new access vulnerabilities, and making business resilience and continuity harder to manage.
Strategic System Vulnerabilities
There is an increasing reliance on IT to deliver and maintain the strategic systems that underpin the operation of modern economies, from infrastructure to supply chains and finance.
Major high-profile data breaches, such as the 2013 Target breach, can have a crippling impact on the victim company in terms of direct financial losses, fines, and reputational damage – but they do not generally cause significant disruption to the day-today running of critical processes. The ransomware attacks on Colonial Pipeline in May 2021 and the UK’s NHS in 2017 demonstrate how this is changing, with key services increasingly becoming vulnerable to cyber-attacks and data breaches which can severely damage their ability to deliver services.
The Colonial Pipeline attack led to the shutting down of a major US East Coast fuel line and resulted in fuel shortages, while the NHS attack meant that 19,000 medical appointments were cancelled in a single week.
With global supply chains under stress and an ever-increasing reliance on digital for running our core infrastructure, the potential impacts of this kind of attack are growing ever more serious.
To learn more about changing threat landscape, download a copy of our security eBook here.
United Kingdom, Nov 23, 2022
How to Continue Transforming During a Recession
With the current economic slowdown, it looks like another recession could be on the cards in 2023. This usually heralds a period of consolidation within IT and the closing of the purse strings with regards to planned investments. In previous decades this was standard practice, but now that we’re in a digital age, many businesses can’t afford to slow down their digital transformations if they want to survive.
United Kingdom, Nov 23, 2022
Reducing Digital Waste
Sustainability is imperative to all our futures and is directly impacted by every device we use that consumes power. This includes the on-premises and cloud infrastructures that power our digital work lives. To be as sustainable as possible we need to ensure that we are consuming the least amount of infrastructure to host our workloads and services, without impacting their availability, performance or governance.
United Kingdom, Nov 16, 2022
Announcing End of General Support for VMware vSphere 6.5 and vSphere 6.7
Upgrade today to maintain support and subscription services Article by Gareth Headley, VCIX – DCV, vExpert, VMware Infrastructure Specialist at Q Associates, a Logicalis company.
United Kingdom, Jun 27, 2022
Is it time for Business Process Management software to join the enterprise platform big league?
Business Process Management (BPM) has had something of a chequered history in the enterprise space. While Lean, Six Sigma and other quality methodologies have led some organisations to embrace formal process management as part of their DNA, others have not achieved the same level of traction.
United Kingdom, Jun 23, 2022
How to make the most of chatbots
Chatbots are all around us. Visit any eCommerce website today and the chances are it’ll instantly present you with a ‘How can I help you today?’ pop-up. The global market for intelligent virtual assistants is expected to grow at a CAGR of 28.5% from 2021 to 2028, and social media is full of amusing stories of parrots and small children wreaking havoc via Alexa.
United Kingdom, Jun 20, 2022
A brief guide to Business Process Management (BPM)
Effective Business Process Management (BPM) is an essential foundation for any successful business digitalisation and automation strategy. In summary, you can’t successfully automate a process unless you understand it fully, and BPM provides this understanding.
United Kingdom, Jun 10, 2022
Breaking down the great global data challenge
There are plenty of statistics around the staggering amount of data being created and consumed globally every day. 2.5 quintillion (million million million) bytes created daily by internet users, a 5000% increase in data interactions between 2010 and 2020, and so on.
United Kingdom, Jun 7, 2022
Information Lifecycle Management - Data is a business asset, so manage it
Data is a valuable business asset, yet many organizations are still not managing it with the same rigour they apply to physical assets.
United Kingdom, Jun 3, 2022
Explaining some important data management concepts and terms
Recent Logicalis UKI eBooks and articles have focused on the critical role of data in digital business, from unstructured data and the role of Information Lifecycle Management to the importance of robust, business-driven data storage strategy.
United Kingdom, Jun 1, 2022
How multi cloud data fabrics maximise data value
As data becomes an increasingly valuable asset, organisations have to adapt, to manage and protect their data to ensure it delivers maximum value to the business.
United Kingdom, May 30, 2022
Why data storage trends are about more than just technology
There are plenty of informative and valuable articles on the web about trends in data storage technology, discussing everything from reducing last byte latency to the wonders of consumption-based pricing. Data and storage are hot topics, unsurprisingly in an age where, as Mckinsey puts it, ‘“digital” and “data” have become the talk of the town.’
United Kingdom, May 25, 2022
Is it time to stop talking about the death of tape storage?
Heritage technologies - mainframe, Unix and magnetic tape in particular – have long been a rich source for the ‘is x technology dead?’ debate. Technical pundits fill the web with head scratching over why they haven’t disappeared, or defences for their survival.
United Kingdom, May 20, 2022
How to avoid the pitfalls of ‘good enough’ IT
In challenging economic times, organisations naturally look to cut back or defer non-essential investment. IT spend has traditionally been one of the areas businesses look to first when the need arises to cut budgets or delay projects, sometimes creating a ‘good enough IT’ mindset, where any IT asset that is doing the job reasonably effectively today is maintained beyond the last responsible moment for replacement.
United Kingdom, May 16, 2022
Should we stop being ageist about Unix?
"Unix is dead, long live Unix" – a headline that is still as topical today as it was in 2009, when a blog with that title was published to mark Unix’s 40th birthday.
United Kingdom, May 13, 2022
Where next for Virtualisation?
In its broadest sense, virtualisation can be seen as the progressive freeing up of any computing function – compute, storage, network – from the constraints of its physical infrastructure. So far, virtualisation has been a continuous evolution, from the first virtual machines (VMs) to the world of hybrid cloud, and there is no sign yet of this evolution losing momentum.
Global, Apr 25, 2022
Logicalis target digital-first leaders with launch of managed Intelligent Connectivity service
Global, Mar 21, 2022
Only a third of CIO's cite cyber-risk mitigation as a performance measure
, Jan 11, 2022
Logicalis take the digital workplace ‘beyond productivity’ with the launch of collaboration suite
, Oct 18, 2021