Picture this: you've been eagerly anticipating your summer holiday for months. You've bought new summer clothes and toiletries, meticulously packed everything within the weight limit, and ensured your boarding pass is ready. You've checked your passport at least twenty times on the way to the airport. Finally, you are fully prepared and ready to embark on your holiday!
Regrettably, the airport is not. Due to a significant global IT outage affecting travel and banking systems worldwide, airports across the globe are experiencing severe delays for holidaymakers. This outage forced airports to revert to manual check-ins, reminiscent of the old days. Unsurprisingly, this is causing substantial wait times for travellers.
July is the peak holiday season, and this weekend was the busiest of the entire year. If there were ever a time for an IT outage to be particularly ill-timed, it would be now.
Nevertheless, this incident impacted more than just airports. The disruption extended to the following:
All and more of these sectors encountered significant challenges due to the Information Technology outage. The ripple effect of this incident was felt across various facets of daily life, highlighting the pervasive dependence on reliable IT systems.
The recent cyber-attack on London hospital services highlights the need for strong cybersecurity, especially in healthcare. As a telecommunications and IT security leader, our company understands the damage these breaches can cause to vital services. We are committed to providing the solutions needed to prevent such incidents.
On Monday, Russian hackers, thought to be the Qilin group, launched a ransomware attack on Synnovis. Synnovis supplies blood tests to major hospitals like St Thomas' and King's College. This attack caused significant disruption, leading to the cancellation of many cancer surgeries and other critical procedures. The cancellations were mainly due to the inability to provide patients with blood transfusions, demonstrating the breach's widespread impact.
A senior NHS manager called the attack "everyone's worst nightmare." The Health Service Journal (HSJ) reported that this is one of the largest cyber-attacks ever to hit the NHS. The disruption extends beyond the hospitals, impacting six NHS trusts and dozens of GP practices.
Despite the severe impact, NHS England has provided limited information on the extent of the disruption. The number of postponed operations, including cancer and transplant surgeries, remains undisclosed. NHS London region spokesperson confirmed that the attack has severely disrupted pathology services, essential for many treatments, resulting in numerous cancellations.
Dr Chris Streather, the NHS medical director, expressed his regret, saying, "We apologise to everyone impacted." Staff will work hard to re-arrange appointments and treatments as quickly as possible. The NHS is working tirelessly to assess the full extent of the disruption and to reschedule affected appointments promptly.
Launched in 2004, the Payment Card Industry Data Security Standard is a set of security measures that enhances the security of cardholder data and combats payment fraud.
It's not a law but a contractual requirement enforced by payment card companies and banks to protect sensitive credit card information, thus fostering trust between merchants and customers.
It is the latest iteration, emphasising continuous monitoring, enhanced data protection, and incorporating new technologies into compliance efforts.
It introduces a "Customised Approach" for compliance, allowing more flexibility in meeting security requirements based on the organisation's specific circumstances.
Introducing the ' Customised Approach ' is the most significant change from PCI DSS 3.2.1 to 4.0. This update differs from the traditional 'Defined Approach', which requires strict compliance with the technical controls specified in the standard.
This new approach allows users to select the most suitable environmental controls to manage associated risks. As a result, it offers greater adaptability and the ability to embrace innovative solutions.
In PCI DSS 4.0, users can use the Defined or Customised Approach, depending on their specific needs and circumstances
Other notable updates include:
The PCI Security Standards Council introduced this new audit on March 31, 2024.
It has a transition period for adopting the 64 new requirements, which allows organisations time to adjust to the comprehensive changes.
In recent years, the cyber threat intelligence community has identified risks about the alarming increase of 'deepfake' technology. This technology allows for the creation of compelling fake audio and video. Fraudsters exploit it to target companies and individuals, posing a significant cybersecurity threat.
"Deepfakes" use AI to take existing sound and video clips to create a new recording that shows someone saying or doing anything the deepfake tool is programmed to mimic.
Common types of deepfakes include;
LastPass, the password manager application, has issued a warning that one of its employees fell victim to a social engineering attack involving an audio deepfake, which imitated the voice of the company's CEO.
LastPass' Senior principal intelligence analyst, Mike Kosak, had this to say about the incident in a recent blog post:
"In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp."
Mike goes on to explain, "As the attempted communication was outside of normal business communication channels and due to the employee's suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency), our employee rightly ignored the messages and reported the incident to our internal security team."
Fraud occurs when someone uses deception or manipulation to unfairly gain an advantage over you, often to acquire money, goods, services, or property dishonestly.
Some common types of fraud include:
Authorised Push Payment (APP), or bank transfer fraud, occurs when a scammer manipulates an individual into sending money from their bank account to the fraudsters under the impression it is for a legitimate reason. A frequent tactic includes impersonating a bank and persuading the victim that they need to move funds to a 'secure account' for safety purposes.
Identity fraud involves the unauthorised use of your personal information for deceptive purposes. Perpetrators may exploit this information to perform actions like opening new bank accounts, securing loans, or engaging in transactions under your name, potentially leading to further fraudulent activities against others.
Phishing is a cyberattack in which individuals are tricked into disclosing personal information like passwords and credit card numbers via fraudulent emails, messages, or websites. These scams mimic trustworthy sources to lure victims into clicking harmful links or sharing sensitive data, aiming to steal identities or funds.
Anyone can experience fraud, regardless of age, education, or financial status.
Fraudsters often target individuals, businesses, and organisations using tactics tailored to exploit specific vulnerabilities or situations.
While certain groups may be more frequently targeted due to perceived vulnerabilities or valuable information they possess, such as the elderly, online shoppers, or small businesses, the reality is that no one is immune to the risk of fraud.
Awareness, education, and preventive measures are vital to reducing one's risk of becoming a victim.
The BDO FraudTrack 2024 report reveals a significant rise in UK fraud, with a total of £2.3 billion reported, doubling from 2022 and marking a decade high.
BDO attributes the significant increase in fraud to the rising prevalence of online scams, including phishing attacks and security breaches, along with the surge in authorised push payment (APP) schemes, where individuals are tricked into sending money to fraudsters.
The FraudTrack 2024 report also highlights the emerging threat of fraudsters using Artificial Intelligence (AI) to target consumers more precisely and efficiently. This advancement underscores a significant shift towards more sophisticated and harder-to-detect methods of fraud, addressing a critical need for increased awareness and advanced protective measures among consumers.
Identity and Access Management (IAM) is a comprehensive framework involving a blend of policies, processes, and technologies designed to manage digital identities. The main goal of IAM is to enable authorised individuals access to the resources and information suitable to their roles while preventing unauthorised access to sensitive data. This balance ensures operational efficiency, compliance with regulatory standards, and protection against data breaches.
Initiated in 2021 by the National Cybersecurity Alliance, Identity Management Day is observed annually on the second Tuesday of April.
This significant day falls on Tuesday, the 9th of April 2024. It aims to elevate awareness among business leaders, IT professionals, and the general public regarding the crucial role of identity management. It encourages stakeholders to actively engage in practices that strengthen our digital security.
Neglecting strong identity management practices exposes individuals and organisations to significant risks. These include susceptibility to cybercrime, identity theft, and financial fraud.
The lack of effective identity management leads to data breaches within corporations and account takeovers for individuals.
Cybercrime can affect anyone possessing digital devices or online accounts, underlining the universal need for vigilant identity management.
On Saturday, 30th March, we were lucky enough to witness our very own Danilo (known as Thinking Critically DND on Twitch) smash his third year of "Game On."
Game On is a 12+ hour gaming marathon packed with forfeits and challenges for every money milestone raised. It is a yearly event that raises money and awareness for Naomi House & Jacksplace. This incredible charity improves the lives of children and young people facing life-limiting and life-threatening illnesses. Some of their services include respite care, end-of-life care, bereavement support, emergency respite, and family support.
Danilo's commitment to raising money for this fantastic cause was truly admirable. Beginning at 11 am, he started playing his two chosen games: 'Alone in the Dark'—set in 1920s Louisiana and challenging players to escape a haunted mansion—and 'Helldivers'—where players need to coordinate their actions during chaotic combat to complete objectives and avoid friendly fire casualties.
There was no delay in the donations beginning to flow in, it was clear from the offset that this stream would be a highly popular one.
Every spin on the forfeit/challenge wheel resulted from a donation of £20 or higher. Thinking critically, DND was a great sport, and he gladly dressed up in items from a box of various costumes, ate delicious spoonfuls of baby food mixed with different hot sauces, and played his games with 'upside down' glasses on. We witnessed the much-anticipated appearance of a fan-favourite challenge, where he skilfully applied various makeup products, including lipstick, eyeshadow, and blusher, that added to his look! And, of course, the "dirty shots" also made a comeback. This year's menu was a cocktail of Worcester, soy sauce and fish juice- yum!
Within 30 minutes, the first milestone, £100, had been hit. Fortunately for the audience, but unfortunately for Danilo, it was time for him to tuck into a raw onion! He made a good effort, but after a few bites, the tears started flowing! Luckily, he had more gameplay on Alone in the Dark and Helldivers to distract him.
By the time Thinking Critically DND had been streaming for 3 hours, the next milestone of £250 had been reached! This means it was time for the return of the leg wax. Even though he mentioned the sting the wax strips left a few times, he was a fan of how smooth he was after the challenge!
Discover how to protect your digital assets with advanced backup strategies, ensuring your data remains secure and recoverable.
It is a copy of data made to keep it safe in case it gets lost or damaged. This helps protect against unexpected problems like computer crashes, security issues, natural disasters, or accidental erasing.
They are stored on separate media or in remote locations, providing redundancy and resilience. They offer peace of mind, allowing for data recovery and continuity of operations. Data integrity, regular scheduling, security encryption, and backup success verification are vital elements.
Losing digital files is surprisingly common, much more than most people realise. It's easy to underestimate the fragility of digital data in our daily lives. Whether through accidental deletion, hardware failure, or even software corruption, the risk of losing precious documents, cherished photographs, or critical work projects is ever-present.
This vulnerability underscores the importance of being vigilant and proactive in protecting our digital assets. A seemingly minor oversight or a simple technical glitch can potentially erase irreplaceable memories and valuable information instantly.
Data from the world back up day.com A website found that 21% of people do not back up their data. Additionally, 113 phones are lost or stolen every minute.
The 3-2-1 strategy is a widely recognised data protection approach emphasising redundancy and resilience. It involves creating multiple copies of your data and storing them in diverse locations to ensure maximum protection against data loss. Here are the three components of the 3-2-1 backup strategy
The initial step of the 3-2-1 strategy involves making three versions of your data: the original and two extra copies. Having multiple copies ensures redundancy and reduces the risk of data loss in case one copy becomes inaccessible or corrupted.
The next step is to store copies of your data in two different types of storage media. This could include a combination of external hard drives, network-attached storage (NAS) devices, tape drives, or cloud storage. Using diverse storage media helps mitigate the risk of data loss due to hardware failures or compatibility issues.
Finally, one of the copies should be stored offsite, preferably in a remote location or cloud backup service. This ensures that even in a localised disaster such as fire, flood, or theft, your data remains safe and accessible from a separate geographical location.
By using the 3-2-1 strategy, you can protect your data from problems like hardware breakdowns, natural disasters, cyberattacks, and mistakes. This method keeps your data safe, giving you peace of mind. It ensures your important data is secure and available when needed.
Managed IT is a solution third-party companies provide to oversee and handle the IT needs of other organisations. It allows the client company to focus more on their core business activities rather than managing IT tasks.
Managed IT services, like ours, can cover various functions depending on the business's needs and the MSP's offerings. Typical services include the following:
Managed IT services provide cost savings, expertise, advanced technology, and improved security. They also allow businesses to focus on their core procedures without being distracted by IT issues. In today's blog, we will explore proactive monitoring in more depth.
As companies increasingly depend on technology, the significance of proactive monitoring has grown. This approach employs techniques and tools to identify and address potential problems before they escalate into significant issues.
By adopting preventive monitoring strategies, you can enhance the reliability and efficiency of your technology ecosystem, whether it involves managing IT systems, applications, or infrastructure.
Proactive monitoring includes continuously surveing computer systems, applications, and infrastructure to identify and rectify potential problems before they escalate into more significant issues. Proactive application monitoring aims to detect and resolve issues before they affect end users, clients, or business processes.
Various tools and methodologies collect and examine data, including system alerts, performance metrics, and event logs. This data is used to identify trends, patterns, and anomalies that could indicate a potential problem.
By doing this, companies can decrease downtime, enhance system performance and improve. In contrast, reactive monitoring waits to identify problems until they have caused substantial issues. This potentially can lead to costly downtime, data loss, and damage t
AT&T researchers discovered a clever phishing campaign. This campaign intercepted a Microsoft Teams chat group. It then sent DarkGate malware to the systems of unsuspecting victims. While many individuals are now somewhat familiar with the mechanics of phishing attacks, using a team chat as the delivery mechanism represents a novel and unexpected method.
Once the attackers had infiltrated the Teams chat, they utilised a domain ending in .onmicrosoft.com to send phishing emails. These emails tricked users into downloading a file that appeared legitimate but was, in fact, malicious.
Researchers found attackers used a hacked domain to send 1,000 harmful invitations to Teams group chats. During the chat, the attackers tricked the invitees into downloading a file called 'Navigating Future Changes October 2023.pdf.msi'.
Accepting this file prompted the malware download, which subsequently connected to its command-and-control server at hgfdytrywq[.]com for further instructions.
The attack was successful because users had enabled External Access in Microsoft Teams. This feature allowed them to send messages to users in other groups. Researchers have stated this as the reason for the attack's success.
