June 2022 NewsletterPosted By: Mark Wednesday 6th July 2022 Tags: business support, cloud computing, cloud services, cyber attacks, cyber aware, Cyber Safe, Cyber Security, email scam, IT services, Newsletter, phishing, ransomware, smishing, technology, the cloud, Twitter
Taking a look at cloud computing services and the considerations for cloud security; a warning about NHS phishing scams; ransomware has data targets, and it’s getting quicker; a new Twitter function being tested; Google attempts to improve online representation, and we have an admin job vacancy.
Cloud Computing & Cloud Security
Cloud computing is the delivery of computing services over the internet. Whether it’s servers, storage, databases, networking, software, analytics, or intelligence, all can all be utilised through the ‘cloud’ to offer faster innovation, flexible resources, and economies of scale.
Cloud services come in the form of Public Cloud (third-party providers), Private Cloud (single business/organisation owned, but can be third-party provided) and Hybrid Cloud models (a mix of the Public and Private).
Benefits of Cloud Computing
Cost: You typically pay only for cloud services you use, helping you lower your operating costs, run your infrastructure more efficiently, and scale as your business needs change. Removes the need to pay for and house a lot of hardware and software, and an in-house team to take care of it.
Speed: On-demand resources set up at the click of a button, ready to run as and when required. Adds flexibility and removes the need for longer-term project planning.
Scalability: Quickly adapting to the optimum amount of resources required at any time, whether that’s storage, bandwidth, or computing power, and whether scaling it up or down.
Productivity: No need to spend time planning out and setting up systems and then spending even more time regularly managing the security and keeping them patched. Get on with the work that actually needs to be done.
Performance: Good cloud computing services will run the latest hardware in secure data centres, and, keep their systems up to date. It’ll provide a fast working environments with low-latency when running apps.
Reliability: Worry less about backing up data and making disaster recovery plans. Get back up and running quickly if there’s any problem through mirrored resources held on the network at multiple locations.
Security: Built in technology, policy, and controls for a robust cyber-defence that protects your data, and work environment from threats.
Expanding on this last point, of course security should always a primary concern when operating any business network, and many companies still hold reservations about cloud security. While stories are daily of one cybersecurity breach or another on company networks, the compromise of cloud systems is still a relatively rare event. All the same, it is essential to work with a reliable, trustworthy cloud provider offering robust security that meets the needs of your business.
Benefits of Cloud Security
Forcepoint provides an overview of the benefits offered by cloud security.
Centralised Security:Just as cloud computing centralises applications and data, cloud security centralises protection. It enhances traffic analysis and web filtering, streamlines the monitoring of network events and results in fewer software and policy updates.
Reduced Costs: Where once IT teams were firefighting security issues reactively, cloud security delivers proactive security features that offer protection 24/7 with little or no human intervention.
Reduced Admin: When you choose a reputable cloud services provider or cloud security platform, you can kiss goodbye to manual security configurations and almost constant security updates
Reliability: With the right cloud security measures in place, users can safely access data and applications from any device.
Cloud Security Good Practice
While Having the ability to log in and use applications from anywhere on any device is a convenience, it also presents opportunity for hackers. ZDNet lists five things to do to keep your cloud system safe.
Don’t leave cloud accounts exposed and without security controls:
Good password security is still essential. Don’t use simple, common passwords, and don’t re-use passwords across multiple logins. Keep it complex and unique, and enable multi-factor authentication for added layers of security.
Don’t give every user the keys to the kingdom
While all the apps are available in one convenient place, not everybody needs access to all of those apps. Different users are going to need access to different apps to do their work – and most users are only going to need a more basic level of access than having full access to do anything.
Make sure the correct privilege levels are set for each user and don’t allow users to set/change their own levels of access.
Don’t leave cloud applications unmonitored – and know who is using them
Lots of applications being needed and used the more there is to keep track of. Always know who has access to what, and keep tabs of how apps being used. Remember to disable the access to people who leave.
Also make sure apps and systems are correctly configured, checking how they’re working and interacting on the open web.
Don’t ignore security updates and patches – cloud software needs them, too
As with any other network and application, bug fixes for cloud environments need to be applied as soon as they become available. Hackers are always aware of vulnerabilities being made public and will be attempting to exploit any vulnerability.
Don’t rely purely on cloud for storing data – keep offline backups in case of emergency
The benefit of the cloud is that it’s on and available at the touch of button – until it isn’t. Even if it’s a very rare occurrence, cloud systems can still go down, and all the mirrored backups in the world won’t make any difference if you can’t reach them.
Also, if there does happen to be a breach, any cloud copies could be compromised or deleted. Old school offline, offsite, backups, with up-to-date restore points, is still good practice.
We’re Hiring – Administrative Assistant
We are currently looking for an Administrative Assistant to join our team, who work closely together ensuring sales and technical staff are supported.
Key tasks include, but are not limited to, managing phone calls and correspondence (e-mail), tracking stock and updating in-house systems efficiently, updating and maintaining company databases, supporting colleagues within our team and writing and distributing meeting minutes.
Beware Of NHS Covid Phishing Scams
June has seen an uptick in the number of phishing emails and texts purporting to be NHS alerts about being in close contact with Covid cases.
The NHS twitter account sent out a warning that fake messages are telling people to follow links for ordering Omicron Variant Covid-19 test kits. The real purpose of these messages is to harvest personal and financial data via a fraudulent ‘NHS’ site that the person ends up on by following the link.
Most people are ineligible for free tests nowadays, so new tests need to be purchased, which is where these scams attempt to get people to enter financial information. The NHS has reminded people that it will never ask for bank details.
The South Yorkshire Police have further information where the scammers will follow up with a call back to the person claiming to be a Bank’s fraud department and asking them to install an app on their computer to remove a Trojan virus. This software will allow the scammers to gain access to online banking apps and take money from accounts using the personal details given earlier on the scam site.
Please take care with any messages claiming to be from the NHS and providing clickable links.
Note: Current guidance is that testing is no longer necessary if you come into close contact with somebody who tests positive.
Ransomware: Most Wanted Data And Speedier Attacks
Rapid7 Cyber Security Researchers have analysed the data and released a report about the most valuable types of data that cyber criminals want. Data theft and encryption, leading to demands for ransom payments and other extortion practices are currently commonplace.
Data Theft, Encryption, Double Extortion
Double extortion is a growing trend, where payment is not only demanded for decrypting and returning data, but further payment is also demanded to prevent stolen data being published online.
Any data stolen from a company is likely to be useful to cyber criminals’ attempts to garner payments, but some data, it turns out, is more valuable than others.
By looking at all ransomware data disclosure incidents reported through their platform, Rapid7 said they were able to determine:
- The most common types of data attackers disclosed in some of the most highly affected industries, and how they differ
- How leaked data differs by threat actor group and target industry
- The current state of the ransomware market share among threat actors, and how that has changed over time
Maybe unsurprisingly, the financial sector is one of the most attacked sectors, along with pharmaceuticals and healthcare. The financial services sector saw customers’ personal data as the most likely target, accounting for 82% of disclosures. Employee information was leaked 59% of the time, with company financials making for 50%. Releasing customer/client data would likely undermine trust is such institutions.
Both healthcare and pharmaceuticals saw company financial and accounting data most exposed, involved in 71% of releases. Customer and Patient information was exposed in 58% of releases. Patient health information is very sensitive and a useful target of criminals. Pharma also saw 43% of leaks involving IP information. Research and Development is a highly valued area of the sector.
When it comes to protecting your business data from such cyber attacks, the usual advice is worth repeating. Regularly back up data, store copies offline, encrypt sensitive data, segment networks. Prioritise data that’s especially sensitive, use multi-factor authentication and monitor networks for suspicious activity.
All business sectors are under attack and all have their own types of sensitive data. Make sure you know what yours is and how to protect it.
Ransomware Attack Timelines
If you’re still unaware of the danger ransomware poses, IBM’s X-Force team of analysts revealed that the average duration of ransomware attacks in 2021 was 92.5 hours. That’s how long it took cyber criminals to work their magic from initial network access to payload deployment.
This was down from an average of 230 hours in 2020 and 1637.6 hours back in 2019. That’s an overall reduction of 94.34% in the time taken to go through the five stages needed to deploy ransomware between 2019 to 2021.
Core Objectives For Staging A Ransomware Attack
- Establish interactive access
- Move laterally
- Obtain privileged access to Active Directory
- Deploy ransomware at scale
LaneSystems is experienced in putting up the cyber defences to protect your precious company data. We offer Cyber Essentials Plus certification for good cyber security business practices and showing your customers that you’re serious about protecting their data. Contact us to help secure your company data.
Twitter Testing Long Form Notes Feature
Twitter is trialling a new feature which will allow users to share “notes” as long as 2,500 words. While the standard Twitter word count length is 280 characters, “Notes” is a way to write and publish long-form content. It is said to be a response seeing people use the platform to post pictures of longer announcements and steer followers to outside newsletters.
The announcement was made in a Twitter note.
Notes are pieces of writing and content that you create on Twitter
A few features of Notes
- Going beyond 280 characters
- Embedding photos and videos and GIFs and Tweets
- Publishing Notes, readable on and off Twitter
- Editing Notes, pre and post-publish
- A Notes tab on your profile that holds your published work
The feature should be a benefit to uses who have to currently post multi-post threads, which can be difficult to follow, and people who would post a screenshot of a large portion of text. And it’s possibly aimed at people who want to post longer, formatted content without having to set up and run their own blog.
Will it be able to compete with platforms like WordPress or Substack? It’s already got a huge user base and the feature is being marketed as specifically aimed at writers on the platform – journalists, bloggers, publishers, comedians, screenwriters and other content creators. Either way, it’s probably the most significant update since doubling the word count.
Google Aims To Improve Skin Tone Representation
Smart technology products have often been criticised for a ‘racial bias’ based upon the information used to train them to interact with their surroundings. Stories of automatic tech, such as hand dryers, taps and soap dispensers not working with darker skin, while facial recognition software in things like webcams wouldn’t track darker faces as well as they would lighter faces. All of this is based on the quality of the information coded into the algorithms used.
Google has released its new Monk Skin Tone Scale, a ten skin tone scale named after Harvard University Professor, Dr Ellis Monk, with the aim of presenting more diverse scale of skin tones to develop its artificial intelligence systems. It will replace older, outdated scales like the Fitzpatrick system, which are said to have a bias towards paler skins.
“Updating our approach to skin tone can help us better understand representation in imagery, as well as evaluate whether a product or feature works well across a range of skin tones. This is especially important for computer vision, a type of AI that allows computers to see and understand images. When not built and tested intentionally to include a broad range of skin-tones, computer vision systems have been found to not perform as well for people with darker skin.”
“The MST Scale will help us and the tech industry at large build more representative datasets so we can train and evaluate AI models for fairness, resulting in features and products that work better for everyone &nmash; of all skin tones. For example, we use the scale to evaluate and improve the models that detect faces in images.”
Google says it is making their Monk Skin Tone Scale freely available to everyone to use it in their own products, and hopes to teach people and learn from others with collaboration.