Success stories

Our customers come in all shapes and sizes.

We work with organisations from all walks of life, with different ambitions and requirements. Explore how we’ve helped them reimagine everyday, and align technology with their culture and business goals.

Stay safe during times of increased global cyber risk

The NCSC has released guidance on actions that organisations should take during periods of increased global cyber risk. Learn more.
View case study >

Cybersecurity mesh: best practice for new ways of working

A cybersecurity mesh approach gives organisations the agility, flexibly and scalability required to protect data, systems and users in a distributed world.
View case study >

Passwordless Authentication: benefits, challenges and deployment options

Is it finally time to ditch the password once and for all? Find out the benefits, challenges and deployment options for passwordless authentication in our blog.
View case study >

The key challenges of endpoint security

Endpoint security is a high priority for many organisations because of the multitude of devices connecting to networks and accessing data. Learn more here
View case study >

Hybrid work is here to stay: What’s next for hybrid work in 2022?

It’s no secret that hybrid work is here to stay, many businesses have already made the transition to the new workplace model, and many more will follow suite in 2022. Read our blog to find out more about how you can get the most out of a hybrid workplace.
View case study >

2021 at Cloud Business, we’re ending on a high!

As is traditional at this time of year, we thought we would highlight some of our successes from the past 12 months.
View case study >

The 6 biggest cyberattacks of 2021

From health services to oil pipelines, large scale cyberattacks were rife in 2021. Forewarned is forearmed so read our recent blog about the top 6 biggest cyberattacks of 2021.
View case study >

The human firewall: 6 steps to design effective cybersecurity training

Do you want to strengthen your human firewall with cybersecurity training? This blog shares 6 steps you need to follow to design effective cybersecurity training.
View case study >

The world of cybercrime: the gangs behind ransomware attacks

In the past five years, thousands of businesses have been targeted by a small group of ransomware gangs. Find out more about the world of cybercrime, and how to protect your business from ransomware attacks.
View case study >

Information security vs cyber security: key principles and differences

If your business is looking into how to prevent a cyberattack or data breach, it is important to first understand the different types of information security and their principles and differences. Find out more in this blog.
View case study >

We are ISO 27001 accredited!

Cloud Business has recently secured ISO 27001 accreditation. Find out more about this standard and the benefits to our customers in this article.
View case study >

How cybercriminals use social engineering to target organisations

Cybercriminals are using social media as a reconnaissance tool to launch complex social engineering attacks. Learn more and how to protect your business and people in this blog post.
View case study >

Stay safe during times of increased global cyber risk

Ever since the widespread adoption of the internet, there have been periods of time where organisations and individuals have faced increased cyber risk. With Russian’s invasion of Ukraine, the UK has entered another period of increased cyber risk. 

At the time of writing, there have been no known attacks on UK organisations, however the National Cyber Security Centre (NCSC) has provided guidance to improve your security posture in response to the increased cyber risk. Below we discuss the potential risks facing organisations, and what they can do to remain vigilant and reduce the chance of falling victim to an attack. 

Potential cyber risks: collateral damage

All organisations are at risk of falling victim to a cyberattack. In 2021, 4 in 10 UK businesses reported having cybersecurity breaches or attacks, with phishing attacks being most common.

With the current state of increased cyber risk, organisations are more likely to become collateral damage as targeted malware spreads to other businesses. This was the case with the 2017 NotPetya ransomware attacks. During this time, Russia targeted Ukraine’s financial, energy and government institutions with an advanced ransomware. Due to the indiscriminate design of the ransomware, it also spread to machines in the United States, United Kingdom, Australia and many other countries. It is possible a similar scenario could play out, and for this reason, you should take steps to improve your organisation’s security posture.

Learn about Cyber Security Posture Assessments here >

What else should you do to protect your organisation and people?

The NCSC has provided a list of actions that they recommend to ensure basic cybersecurity hygiene controls are in place and functioning properly.

This guidance is always essential, however there is more you can do to bolster your security posture now. We recommend that all organisations deploy additional security features regarding email security, backups and disaster recovery and employee education and awareness.

Email security

As email is the number one attack vector, it is essential that businesses do everything they can to decrease the chance of falling victim to a phishing attack. There are many ways that cybercriminals use email to launch a cyberattack, however thankfully a comprehensive email security solution can stop malicious emails before they even land in an employee’s inbox. Always look for email security solutions that include URL and attachment protection to thwart business email compromise attacks.

It should also be noted that during periods of unrest, it is common to see phishing attacks link to malicious websites masquerading as news sites, or even charity donation sites. A comprehensive email security solution should stop these; however it is important that employees are educated on common cyberattacks and scams to reduce the chance of falling victim to an attack, both at work and at home.

Employee education and awareness

There are many software solutions designed to stop cyberattacks in their tracks, however your people are always your first line of defence. That’s why providing employees with cybersecurity training is so effective at reducing attacks. Cybersecurity training encourages employees to understand the cybersecurity threat landscape, how to identify security risks and the process of reporting potential cyberattacks or poor security practices. Effective cybersecurity training can decrease the chance of an organisation falling victim to a cyberattack, whilst developing a positive security culture within a business. 

As all employees have some level of access to company data, they all play a role in protecting the business from a cyberattack. When designing cybersecurity training, provide enough information to give employees the tools required to identify potential attacks, without going into too much detail and confusing the audience. Some topics that should be covered include phishing attacks, social engineering attacks, password hygiene and how to stay secure whilst hybrid working.

You might want to consider subscribing to a Phishing & Security Awareness as a Service package, which provides training and simulated phishing attacks to keep employees up-to-date with the latest threats.

Backup and Disaster Recovery

As the most likely scenario is a widescale ransomware attack, it is essential that organisations have a tried and tested method of disaster recovery. Even if a business does pay the ransom after falling victim to an attack, typically they can only recover 65% of their data. To limit the downtime after an attack and increase the likelihood of being able to recover 100% of your data, you should make use of a comprehensive backup solution. Data should be backed up on a frequent, regular basis, with copies stored offsite to ensure they cannot be affected by ransomware. These backups should also form part of a larger disaster and incident recovery plan.

Although the world is in a period of increased global cyber risk, there is no need to panic. Implement the basic cybersecurity hygiene controls recommended by the NCSC, and assess your security posture to identify any vulnerabilities so you can take appropriate action. 

Cybersecurity mesh: best practice for new ways of working

Have you heard of cybersecurity mesh? Gartner recently ranked cybersecurity mesh as its top security trend for 2021/22. Highlighting this strategic approach as a key solution for digital business, Gartner say that cybersecurity mesh provides “the flexible, agile, scalable and composable” security options required when “digital assets — and individuals — are increasingly located outside of the traditional enterprise infrastructure.”

While the concept of cybersecurity mesh may be trending because of digital acceleration driven by the pandemic, it’s not new.

Fortinet has been advocating the approach for over a decade with its Fortinet Security Fabric. And at Cloud Business we have been involved in many on-going projects deploying cybersecurity mesh platforms: with customers often starting with just a few components to address a specific requirement or threat, then expanding the ‘mesh’ as they grow and innovate their security.

What is cybersecurity mesh?

There is some debate around what cybersecurity mesh is. Is it a solution, a security infrastructure, a concept or something else? Gartner describes cybersecurity mesh as “a composable and scalable approach to extending security controls.”

It’s an approach that enforces security policies across an enterprise, allows organisations to integrate all their security solutions, and share cybersecurity intelligence, automate and coordinate responses to threats between them. 

Cybersecurity mesh doesn’t focus on a single perimeter around the enterprise infrastructure. This approach is now redundant as more people connect to enterprise networks and systems from different locations and different devices. Instead, each individual access point has its own perimeter, which also communicates and integrates with all other security solutions in the mesh.

Why traditional security solutions and strategies don’t work

The traditional approach of a single perimeter assumes that everything –devices and people -operate within the corporate infrastructure and are safe. The assumption is that they are not only protected from threats by the perimeter security, but also that they are not a threat themselves.

However, we no longer work that way. People and endpoints are now outside, working remotely, in cloud and multi-cloud environments, using their own devices and connecting to the network, systems and resources via the internet.

As well as some assets being outside the enterprise infrastructure, hybrid working means that sometimes they are also inside accessing the same systems and resources. 

In response to this, many organisations are now implementing zero-trust strategies, where no one and nothing is trusted, and everything and everyone is verified. This is often the catalyst for exploring the bigger picture and taking a more holistic approach to cybersecurity. A cybersecurity mesh.

The benefits of cybersecurity mesh

A cybersecurity mesh approach simplifies security operations, increases the effectiveness of security defences, and makes your security posture stronger and more agile. Other benefits include:

  1. Gaining deep visibility across all network edges
  2. Increasing agility and resilience
  3. Sharing and leveraging intelligence from organisations’ own tools and their entire ecosystem
  4. Ensuring the best real-time defence against known and evolving threats
  5. Increasing organisations’ focus on high-value tasks 
  6. Closing interoperability gaps between various vendors’ solutions
  7. Reducing deployment times and security failures

Use cases for cybersecurity mesh

Here are just a few of the many use cases for a cybersecurity mesh approach:

Securing remote and hybrid workforce

With remote and hybrid work here to stay, at least for some organisations, a cybersecurity mesh approach secures digital assets, endpoints, and users wherever they are and strengthens the security posture.

Growing businesses

Putting in place a cybersecurity mesh approach enables an organisation to scale without compromising security. By centralising its security policy management, as the organisation grows and the IT infrastructure expands and evolves, new access points can be protected and new security solutions integrated in a modular way.

Protection from insider threats

30 percent of data breaches involve organisation insiders acting negligently or maliciously. Securing each access point, implementing zero-trust strategies and deploying behavioural security solutions to monitor for non-compliant, suspicious, or anomalous behaviour, proactively protects from these types of threats.

Securing hybrid and multi-cloud environments

Cybersecurity mesh resolves a common problem with managing hybrid and multi-cloud environments. Security across an extended environment is complex to manage and there are often inconsistencies in the way it is enforced. A cybersecurity mesh platform provides full visibility across the entire attack surface, and integrates different security solutions on-premise and in the cloud.

Drives productivity and cost efficiencies

A centralised, single pane of glass, approach can deliver significant cost benefits. An integrated cybersecurity mesh platform can reduce the headcount needed to cover your cybersecurity function and the associated costs. Less downtime also results in increased productivity across the entire organisation.

Why should you consider a cybersecurity mesh approach?

With so many benefits and use cases for adopting this approach, it’s clear why it’s Gartner’s top security trend in 2002 and into the future. 

So why should you consider this approach for your organisation? Here’s what we think:

IT systems are vulnerable. With a 600% increase in phishing attacks over the last few years, and ransomware attacks occur every 11 seconds, most IT systems are vulnerable. Zero-day attacks are also on the increase, doubling in 2021 from 2020. The cybersecurity mesh approach helps to reduce all these vulnerabilities significantly and protect from new attacks like zero-day.

Escalating costs. The cost of a cyberattack is significant, and no organisation is immune. An increasingly complex security infrastructure is also expensive, both to procure and deploy, but also to monitor and maintain. With many organisations embarking on further digital transformation projects, new security solutions need to be deployed or existing ones redesigned. All contributing to a higher spend. Siloed security solutions can also result in more downtime when incidents do occur, decreasing productivity and the costs associated with that. After the initial investment in implementing a cybersecurity mesh approach, organisations will quickly see ROI as other costs decrease.

Agility, flexibility and ability to scale. Implementing a cybersecurity mesh does not mean procuring an entire platform in one go. It also integrates existing solutions so you get more value, potentially extending the lifecycle of some security tools. The cybersecurity mesh grows with the organisation’s requires and infrastructure, components are added as and when needed, increasing agility and providing a flexible and scalable security environment.

Digital transformation. The recent acceleration in cloud migration has left many organisations having to retrofit security policies and solutions, and close security gaps. As organisations continue on their digital transformation journeys, cybersecurity mesh supports migration and flexes as new cloud environments are deployed.

Simplifies security operations. The changing digital landscape with assets sitting outside of the enterprise infrastructure as well as inside, creates complexity. A cybersecurity mesh strategy provides that holistic view which makes managing security operations easier and less complex.

Cybersecurity mesh best practice

If you are considering implementing a cybersecurity mesh strategy in your organisation, here are five best practices to ensure success:

1: Prioritise interoperability

To manage a complex distributed and evolving network, you need a unified cybersecurity mesh. This means identifying the right vendors that leverage application programming interfaces (APIs) and common standards to support interoperability. Look for vendors that also allow policy decisions to be made outside of their solution. This will ensure you can apply consistent security policies across the entire enterprise infrastructure and across digital assets on the outside.

2: Deploy common datasets and frameworks

To integrate all your security solutions and for them to communicate with each other, they need to access the same common datasets. This ensures the solutions protecting network edges, endpoints, and clouds, are using real-time global and community threat intelligence. Common datasets and frameworks support holistic analyses of the security and performance state, identifies emerging threats, and enables a unified response across the organisation.

3: Advanced threat detection

A cybersecurity mesh also needs to include security automation with the ability to create new protections when data analytics detect unknown threats. It should be linked to extended detection and response (XDR), security information and event management (SIEM), and security orchestration, automation, and response (SOAR) solutions for increasingly advanced network operations centre (NOC) and security operations centre (SOC) environments; but be able to function autonomously within simpler environments. 

4: Rapid threat response

Using machine learning (ML) and artificial intelligence (AI), the cybersecurity mesh platform must be able to rapidly launch a coordinated threat response across the entire ecosystem the moment a threat is detected. The ability to do this, disrupts the attack sequence before it can complete its objective, and is a clear driver for taking the cybersecurity mesh approach. 

5: Dynamic and scalable

The cybersecurity threat landscape is ever evolving, and so are the tools and solutions to detect, protect and respond to threats. For this reason, your cybersecurity mesh platform must be dynamic so you can scale and expand. Deep integration is needed between security and network components so, returning to the first point, you need to work with vendors that support interoperability.

The beauty of a cybersecurity mesh approach is that you don’t need to work with just one cybersecurity vendor. Or replace existing solutions, provided they can be integrated into the cybersecurity mesh platform. 

As stated at the top of this post, cybersecurity mesh is not a new concept. However, the acceleration in digital transformation in recent years has effectively served as a proof of concept, and the cybersecurity mesh approach has clearly demonstrated its up to the job.

Would you like to learn more? If you want to explore implementing a cybersecurity mesh strategy in more detail, please get in touch. Our security team can will walk you through the approach and answer any questions.

Passwordless Authentication: benefits, challenges and deployment options

Poor password hygiene remains a key security weakness for many businesses. All employees know that a password should be long, complex, unique and never shared with anyone. Although this is simple in theory, in practice it can be difficult to remember a new complex password for every application or system. For this reason, it is common for employees to re-use passwords, or opt for a simple, easy to remember password. This is worrying, as a single user with a simple password may be the cause of a major cyberattack.

The introduction of multi-factor authentication has greatly reduced this risk, however it has come at the cost of convenience for users. The adoption of passwordless authentication aims to increase security, whilst providing a better user experience. In this article we will discuss the benefits, challenges and use cases for passwordless authentication.

What is Passwordless Authentication?

Passwordless authentication is a method of multi-factor authentication that negates the need for passwords. This is achieved through systems that verify a user’s identity using something they are (such as biometrics), or something they have (such as a mobile device or security key). When the user requests access to an application or system, a new authentication request is generated. Therefore, the user does not need to enter a password, and no password is stored within the platform, therefore there is nothing for a cybercriminal to steal or phish.

3 benefits of passwordless authentication

1: Improved user experience

For employees, having to remember multiple long, complex passwords can be a frustrating experience. Similarly, a poorly implemented multi-factor authentication solution can feel like a waste of time, especially if it is required for all applications. With passwordless authentication, the user experience is greatly improved, with no need to remember passwords. If passwordless authentication is implemented in Azure Active Directory with Single Sign On enabled, employees can log into once to have access to all the applications and services they use on a daily basis.

2: Increased security

If a cybercriminal gains access to an employee’s password, they can use the compromised account to access company data or launch another attack. With this form of authentication, this is not possible as it is not possible for a cybercriminal to steal biometrics from an individual. Similarly, as there is no password, phishing attacks are no longer a viable method of account compromise. 

3: Save time and money

IT teams spend a significant amount of time resetting employees’ forgotten passwords. With passwordless authentication, it is not possible to forget a password, or need it reset. This allows IT teams to spend more time focusing on optimising current use of technology within a business and ensures that employees do not lose access to critical IT systems whilst working.

Challenges

Ultimately, businesses will benefit from implementing a passwordless authentication solution, however they may run into some challenges along the way. The main challenge of passwordless authentication is the deployment process, if a business does not have experience with the technology, or visibility of all the applications and services employees use, deployment can become difficult and complex. Fortunately, there are tools and support available to help you successfully deploy a passwordless authentication solution.

Deployment options

Windows Hello for Business

Windows Hello for Business is an option that utilises two-factor authentication with a PIN and biometric authentication. The biometric authentication works by using pre-existing hardware on an employee’s work device. This may include either a fingerprint scanner, or facial recognition using the in-built camera. This method is more secure and convenient than a traditional password as it uses multi-factor authentication, and the biometric authentication only requires the user to touch a sensor or look into their camera. However, this method will not work if the employee’s device does not have a fingerprint scanner or in-built camera.

Microsoft Authenticator App

The Microsoft Authenticator app is another method of passwordless authentication that uses either biometrics or a PIN, similar to Windows Hello for Business. This option requires users to have the Microsoft Authenticator app installed on in their Android or IOS device. When the user reaches the login screen and enters their username a push notification will be sent to their phone, opening the Microsoft Authenticator app. They then enter either a PIN or use their phone’s native biometric features. This method works particularly well for businesses that already use the app for multi-factor authentication.

FIDO2 Security Keys

FIDO2 security keys are physical devices that work similarly to a key for a car or house. The keys come in many form factors, including USB devices, an NFC chip or a Bluetooth device. With this option, an employee must connect the device and they will be automatically logged in. This method is typically used by businesses that are particularly security sensitive or have employees that would rather not use biometrics or their phone for authentication.

Passwordless authentication is becoming more commonplace in businesses looking to improve their security posture, whilst creating a better experience for their employees. If you have any questions about taking the next step to a passwordless future, please get in touch. 

The key challenges of endpoint security

The rise of hybrid working has forever changed how businesses view their endpoint security posture. With employees working between multiple locations, the risk of data breaches, cyberattacks and network intrusion has grown exponentially. Hybrid work also makes it more difficult for IT teams to ensure employees are following best practices to avoid an attack. As a result, endpoint security has become a high priority for many businesses. 

Below we explore what endpoint security is, the security challenges organisations face, and best practice for securing your networks, apps and data.

What is endpoint security?

An endpoint is any device that is connected to a network or IT system. This includes laptops, mobile phones, desktops, IoT devices, servers and virtual environments. Endpoint security is important as they are key vulnerability points of entry for cybercriminals. If a hacker gains access to an endpoint and executes malicious code, they can potentially access private data or launch a larger attack. 

In the past, endpoint security was primarily focused on antivirus solutions, but as the threat landscape has changed, the scope for endpoint security has broadened, with an emphasis on user behaviour.

Constantly expanding attack surface

As technology evolves, organisations and their employees are using more devices either in a work capacity or on a corporate network. In the past, cybercriminals had a handful of endpoints they could target, including desktops, network devices, printers, and servers. For businesses, this meant that if these devices were secure, the chance of a successful attack was relatively low.

In 2022, this attack surface has greatly increased with devices such as virtualised servers, personal laptops and phones, IoT devices, smart environmental controls and even wearable technologies, such as smart watches and fitness trackers. All these endpoints are now targetable by hackers, and it is difficult for an IT team to manage the sheer volume of devices. As new technologies are introduced into the market, this attack surface will continue to expand, putting businesses at risk of a cyberattack.

Understand your organisation’s current risk level, get a Cyber Security Posture Assessment here >

Endpoint security and hybrid workforces

The advent of remote and hybrid work has many benefits for business leaders and employees; however it poses a unique challenge for endpoint security. With employees working in different geolocations, it means they need to connect to a corporate network through other means, which also expands the attack surface.

If employees are connecting to IT systems through a hotspot or public WiFi, it opens the door to a potential man-in-the-middle attack. This form of attack is where a cybercriminal uses malicious software that allows them to intercept all traffic between an endpoint and a corporate network. Through eavesdropping on this information, they may be able to launch an attack, or even gain access to the corporate network via the endpoint device.

BYOD and mobile devices

Many organisations have sanctioned a bring your own device (BYOD) programme, as it saves the business money, whilst increasing productivity for employees. Although BYOD has many benefits, it carries a potential security risk. If employees are using older devices that do not receive security updates, they become an easy target for cybercriminals to exploit software vulnerabilities. Similarly, if an employee loses their device, or has it stolen, it puts the local device at risk of a data breach, as well as the corporate network, if they have their passwords saved.

Shadow IT

Shadow IT is the use of IT hardware or software used by a department or individual without the knowledge of the IT department or IT/security provider. This software may include cloud services or applications that departments use to increase productivity or to solve shortcomings of the provided software. The risk of using unauthorised software is that it may have a vulnerability that could lead to an attack on networks or systems. Similarly, if employees use unauthorised file sharing platforms, it puts customer data at risk of a data breach.

Best practices for endpoint security

To keep your organisation safe and to develop an effective endpoint security policy, here are five endpoint security best practices to consider.

  1. Inventory audit of all devices: it is essential to get full visibility of all endpoint devices connecting to corporate applications and data. Invest resources in identifying devices connecting to the corporate network, or integrating with cloud applications.
  2. Device profiling: by understanding how endpoints operate, the data they collect and share and how software is updated on each endpoint, you can access the security risks and decide on appropriate controls for each.
  3. Device security: what security products are already deployed, and what are available to protect your organisation? Develop plans for different devices based on device profiling and also ownership of the device. Employee-owned devices may require different security products to corporate devices.
  4. Adopt zero trust principles: the zero-trust principle of “never trust, always verify” is critical for securing multiple endpoints. No user or endpoint should be automatically trusted, all requests must be authenticated and authorised. This verification is based on all data points, including user identity, device health, service or workload, classification, and anomalies.
  5. Educate end users: ensuring end users, particularly those using their own devices, support your endpoint security policy, raise awareness of the threats and the measures in place to protect the network and data. When end users understand why they can only access applications or data in a specific way, or why you want to install new software on their device, they are more likely to comply.

For IT teams to effectively secure endpoints, they require complete visibility over who is connecting to a network, from which device, for what use, and all associated traffic. Putting in place a robust endpoint security policy will help you manage access more effectively and keep your organisation and people safe.

If you have any questions or require more support to implement an endpoint security strategy, please get in touch with our team.

Hybrid work is here to stay: What’s next for hybrid work in 2022?

The last two years have seen major changes to the way that organisations operate. Employees transitioned from working in the office 5 days a week, to working remotely, and now many businesses have adopted a hybrid work model.

There are benefits and challenges associated with all of these models, however a hybrid workplace aims to leverage the benefits of remote work and office-based work. Many organisations have now implemented a long term hybrid work model to allow employees a better work-life balance whilst enabling more effective communication and collaboration. Instead of a temporary measure to manage pandemic restrictions, they see hybrid work as the future. As we move into 2022 more businesses are following suite, and as the model is refined the way employees work will also change.

Hybrid work in 2022

Below we discuss what the future of hybrid work looks like in 2022. 

More effective communication and collaboration

One of the key challenges of hybrid working is how employees can effectively communicate and collaborate if they are not working in the office at the same time. To solve this challenge, businesses use unified communication platforms. Microsoft Teams is one of the most feature rich unified communication platforms as it allows for both synchronous communication through voice calling and video calling, as well as asynchronous communicate through instant messaging and posting on channels. As well as the ability to easily communicate using Teams, the solution allows for effective collaboration as it seamlessly integrates with other Microsoft applications allowing real-time editing by multiple users. Microsoft continues to add features to Teams to enable more effective hybrid working.

Optimising the employee experience

The hybrid work model aims to create a better experience for employees by offering flexibility and improved employee wellbeing. However, as the model matures, it has become apparent that businesses must actively consider all aspects of the employee experience to effectively engage employees and realise these benefits. One way to optimise this is by implementing an employee experience platform, such as Microsoft Viva. Viva brings together communications, knowledge, learning, resources, and insights in the flow of work. The solution is split into four modules that work together to empower employees to do the best for themselves and the wider company. The implementation of an employee experience platform ensures that businesses can make the most of the hybrid work model in 2022.

Hybrid meeting technologies

A unique challenge of hybrid working is how to run effective meetings whilst some attendees are physically in the meeting and others virtual. If the physical attendees are using a single laptop, this can create a poor experience for virtual attendees due to poor audio quality and depending on the number of physical attendees, it can be difficult to fit everyone on video. One solution is to fit a room with hybrid meeting audio visual technology, this may include omnidirectional microphones, a large screen to view virtual attendees and an external video conference camera. This will ensure that regardless of where employees are located, the meeting will be effective for all attendees. Microsoft has also introduced new features within Teams to improve the hybrid meeting experience, such as digital whiteboards and different video layouts to give a greater sense of connection.

Securing the hybrid workplace

Many organisations struggled to keep their IT systems and endpoints secure when they moved to remote working. Cybercriminals took advantage of this and unfortunately 2020 and 2021 saw thousands of businesses fall victim to cyberattacks. As more businesses move to a hybrid work model, it is essential that cybersecurity is built into their plans. 

Currently, the golden standard for security is the zero trust model.  This model assumes that there are malicious actors both inside and outside a network. Therefore, no users or machines are automatically trusted, and all requests must be authenticated and authorised. Verification is based on all data points, including user identity, device health, service or workload, classification and anomalies. This is ideal for hybrid work as it prevents most attacks, regardless of where an employee is located. However, for businesses that are not ready to completely overhaul their security model, many of the principles of zero trust can be applied in isolation to secure the hybrid workplace.

Long term hybrid work and your organisation

The move to long term hybrid work has many potential benefits, and throughout 2022, the model will be refined to ensure that all businesses and employees can work most effectively, regardless of where they are located. If you want to find out more about how technology can support your hybrid workplace, get in contact with us today.

2021 at Cloud Business, we’re ending on a high!

2021 has been another year of ups and downs, twists and turns for all of us. While a much-needed semblance of normality returned over the summer months, more recently Omicron has reminded us that ‘normal’ is a bit of an abstract concept.

At Cloud Business we are grateful for the opportunities we’ve had in recent months to meet face-to-face, attend events like the Surrey Business Awards and work alongside each other again. Those human interactions away from Teams video meetings, have been so important for reconnecting with colleagues, customers, partners and other human beings! With a return to work from home, we know that we have the agility, resilience and technology to keep moving forward, but we hope that those freedoms will return as soon as it’s safe to do so.

Digital transformation in 2021

Although 2021 has been another year of uncertainty and challenges, we’re ending the year on a high! As is traditional at this time of year, we thought we would highlight some of our successes from the past 12 months.

As a specialist Cloud Technology and Managed Services company, we have had a critical role in helping our customers adapt to remote and hybrid work models. Digital transformation has accelerated massively in the last 2 years and the new way of working has provided many organisations with opportunities to increase productivity, streamline operations and drive efficiencies. 

In fact, earlier this year we were featured in a Sky TV programme on digital transformation and COVID 19. The world’s rapid and agile response to the pandemic and speedy adoption of technology to aid us throughout, is the focus of “Digital Transformation: A Strategic Approach”. If you missed the broadcast, you can watch below:

Trends in Managed Services

Demand for Managed Services has increased significantly in the last 2 years. Many organisations, including our customers, have experienced higher demand for end user support as employees and customers work remotely. Extended and out-of-hours support requirements have also increased to help organisations cope with flexible working, where end users work around other commitments and often outside of traditional business hours. 

Many of our customers have also outsourced more IT functions to us, so they can free up their IT teams to focus on other activities. 

Over the last 12 months we’ve on boarded some fantastic new customers. Key business drivers for outsourcing IT are often around improving the end user experience. The need to centralise the service desk for global users, provide 24×7 support, EUC management, device and peripheral procurement are also common reasons to outsource IT. 

As an example, for one of our new customers we have delivered the following:

  • A centralised 24×7 service desk for 300 global users
  • Support for all line of business applications, with integration into GSuite for SSO
  • Multi-channel service portal including chat, email, phone and portal
  • Bespoke service catalog which includes a workstation and peripheral ordering process and delivery process
  • Deployment of Microsoft InTune for device management including Microsoft Autopilot for Windows & Apple Manager for MacOS, to leverage the ability to ship devices ready to be user provisioned

In just a few months since on boarding this customer we have hit 100% responsiveness and over 92% resolution SLAs. We’ve also increased end user satisfaction significantly, compared to customer’s previous support resource, with over 30 “excellent” survey responses to date.

Our Service Desk Management Team has invested considerable time this year enhancing the user experience with a host of new measures. These include a new ITSM tool, a new platform for our customers’ self-service portals, dedicated service desk teams, bespoke support channels and incentives and awards for team members who champion the user experience.

Cyber security focus in 2021 and beyond

Our cyber security practice has had a busy year helping customers secure remote and hybrid work models, and ensure they are ahead of new threats created by the pandemic.

Zero trust platforms, multi-factor authentication and end user training are the key focus areas to protect organisations today. As ransomware attacks are increasing year-on-year, with phishing the most common attack vector, Zero Trust Network Access (ZTNA) and end user training are the most effective ways to reduce the likelihood of an attack. ZTNA is also a more secure option for managing remote access compared to VPNs.

On our customers’ behalf, we’ve also been reviewing the cyber security controls they have in place and what is and isn’t enabled. For example, multi-factor authentication (MFA) which helps protect against brute force attacks and stolen passwords. While some end users may grumble about the extra security step to login, it really isn’t onerous and provides much better protection than just a password; however complex that might be.

If there’s one thing you want to do before the Christmas holidays we recommend enabling MFA on all available platforms. This is one simple action you can take to prevent 99.9 percent of attacks on your accounts.

Cyber Security as a Service

This year we have also introduced some additional cyber security services to help better protect our customers. Phishing and Security Awareness as a Service, is in direct response to the rise in phishing attacks and provides a ‘hands free’ training and awareness subscription service via campaigns, on demand training modules and intelligent reporting to help identify weaknesses.

We have also had a lot of interest in our Cyber Security Posture Assessment service which explores the organisation’s current level of threat activity and risk level/vulnerability exposure. Using the output from this assessment, organisations can benchmark where they are now, the adequacy of existing security control against their risk level and industry threat landscape, their level of compliance required by industry, relevant regulatory authorities & international best practices, and prioritise remediation activities.

Surrey Business Awards

In November, we dusted off the black tie to attend our first in person awards event since the pandemic. The venue, Denbies Wine Estate, lived up to expectations, rolling out the red carpet for the finalists, sponsors and their guests.

Attending an event was exciting after months of virtual activities but walking away with the most prestigious award of the night, Company of the Year, was quite overwhelming. We are delighted that the award sponsor, NatWest, thought we were worthy winners and it was a pleasure to meet news anchor and the first ever winner of Strictly Come Dancing, Natasha Kaplinsky who hosted the event.

Host Natasha Kaplinsky, Cloud Business’ Matt Garrett, James Butler and Jane Woodyer, and Mark Christie from NatWest

The Company of the Year award reflects the hard work put in by our talented team over the past year and also the support of all our customers and partners who have entrusted their IT projects and services to Cloud Business.

Thank you for your partnership with Cloud Business, we don’t take this for granted! We remain committed to supporting you and your organisation, finding solutions to navigate the ongoing uncertainty and to do all that we can to help you thrive.

Wishing you a wonderful Christmas, and a happy, healthy and successful 2022.

The 6 biggest cyberattacks of 2021

2021 has been a year of digital transformation for all businesses. The widespread adoption of remote and hybrid work has resulted in employees being more reliant than ever on technology. A consequence of this reliance on technology has been a massive rise in the frequency and severity of cyberattacks, across all industries and business sizes. Many of these attacks were ransomware attacks carried out by a growing number of ransomware gangs, however there were also some major data breaches, DDOS attacks and supply chain compromises. In this article we discuss 6 of the biggest cyberattacks of 2021. 

Want to stay safe in 2022? Arrange a Cyber Security Posture Assessment to understand your vulnerabilities, identify risks and prioritise actions to better secure your organisation >

The worst cyberattacks of 2021

1. SolarWinds Supply Chain Trojan Attack (Worldwide)

This highly sophisticated trojan attack started in September 2019 and lasted until 2021. Russian nation state hackers are suspected of being behind it with thousands of organisations being affected. 

Some victims include the US government, Microsoft, Intel, and Cisco. In September 2019, threat actors gained unauthorised access to the SolarWinds’ network. The hackers lay dormant until February 2020 when they injected malicious code into SolarWinds’ infrastructure monitoring and management platform, Orion. In March 2020, SolarWinds unknowingly sent out software updates with the malicious code which gave the cybercriminals access to customer information and IT systems, enabling them to install more malware on other companies. It wasn’t until December 2020 that the malware was finally found, and mediation and investigations ran until May 2021. 

The SolarWinds attack is one of the largest and most sophisticated cyberattacks the world has seen.

2. Colonial Pipeline Ransomware Attack (USA)

On May 7th, the Colonial Pipeline, an oil pipeline system in Houston, Texas, fell victim to a ransomware attack that impacted the computer equipment managing the pipeline. As a result, the pipeline ceased operation to contain the attack. The gang that perpetrated the attack, DarkSide, demanded a $4.4 million ransom to decrypt all data. 

The Colonial Pipeline, with assistance from the FBI, paid the ransom shortly after the attack. Although this restored the network, the pipeline operated very slowly and as it delivers 45% of the East Coast’s fuel, a state of emergency was imposed to ensure fuel lines remained open.

3. Brenntag Ransomware Attack (USA)

In early May, Brenntag, a German chemical distribution company, was the victim of a widespread ransomware attack. Although the company was founded in Germany, the ransomware gang, DarkSide, attacked its North American division. The cybercriminals extracted 150GB of data during the attack and threatened to leak it unless the company paid a $7.5 million ransom. This was negotiated down to $4.4 million, which Brenntag paid. 

The attack was only successful as the cybercriminals bought stolen employee login credentials to spread the ransomware.

4. Health Service Executive Ransomware Attack (Ireland)

On May 14th, the Health Service Executive (HSE) of Ireland was targeted by ransomware gang, Wizard Spider. The ransomware Conti was used in the attack and it caused all HSE’s IT systems to be encrypted and shut down. The gang demanded a ransom of €16.5 million to decrypt the data and to not publish any ‘private data’. The Irish government did not pay this ransom, and as a result Wizard Spider released the confidential medial information for 520 patients, as well as corporate documents. 

Eventually, the cybercriminals gave the HSE the software tool to decrypt the data, free of charge. However, it took over 4 months for all servers and devices to be completely restored. This attack had devasting consequences for employees and patients alike.

5. Kaseya VSA Supply Chain Ransomware Attack (Worldwide)

On July 2nd, 30 managed service providers (MSPs) and their customers fell victim to a ransomware attack, carried out by the gang, REvil. This was due to a vulnerability in Kaseya, an IT solutions developer, VSA software. Although only 0.01% of Kaseya’s customers were affected by the breach, as these were all MSPs with multiple customers, over 1000 companies were ultimately impacted. 

The cybercriminals demanded a $70 million ransom, however Kaseya did not pay as it obtained the decryption software through a third-party. This is a key example of how a supply chain attack can have consequences for businesses throughout the world.

6. Weir Group Ransomware Attack (UK)

In the second half of September, one of Scotland’s largest engineering firms was hit by a sophisticated ransomware attack which was noticed early, and where swift action limited the damage. The Weir Group shut multiple systems down, including engineering applications and its ERP, to avoid further spread of the malware. 

Although the firm reacted well to the incident, it has experienced revenue deferrals of around £50 million in September and the direct costs of the attack are expected to be up to £5 million. Responsibility for the attack remains unknown.

How to protect your organisations from cyberattack in 2022

2021 saw thousands of businesses around the world fall victim to a variety of cyberattacks. There is no doubt that this trend will continue in 2022 with new attack vectors and companies of all sizes and industries being targeted. Many of these attacks can be avoided by reviewing your current security posture, gaining a better understanding of your vulnerabilities and threat risk, so you can prioritise the right actions to take to secure your organisation. Find out how here > 

The human firewall: 6 steps to design effective cybersecurity training

The cybersecurity threat landscape is constantly evolving, and cyberattacks becoming more common with 4 in 10 businesses reporting having cybersecurity breaches or attacks in the past 12 months. 

There are many cybersecurity solutions available to strengthen a business’s security posture, including firewalls, endpoint protection and email security. However, for a business to safeguard themselves from a potential attack they must also invest in the human firewall.

The human firewall is the last line of defence, and it is only effective if employees are given effective cybersecurity training. In this article we will discuss what is cybersecurity training, why it is important and the 6 steps to design effective cybersecurity training.

Explore Phishing and Security Awareness as a Service to learn more about hands free training for your end users >

What is cybersecurity training?

Cybersecurity training helps employees understand the cybersecurity threat landscape, how to identify security risks and the process of reporting potential cyberattacks or poor security practices. Effective cybersecurity training can decrease the chance of a business falling victim to a cyberattack, whilst developing a positive security culture within a business.

Why is it important?

All employees that have access to company data play an important role in safeguarding their business from potential cyberattacks. If an employee does not have sufficient cybersecurity training, they are more likely to make a mistake that could lead to a large-scale data breach or cybersecurity incident.

A data breach will hurt a business through potential fines, as well as a loss of reputation that can be difficult to recover from. Other common cybersecurity incidents, such as ransomware, can cause irreversibly damage a business, especially if they are unable to afford to pay the ransom. With effective cybersecurity training, it is less likely a business will fall victim to such an attack.

How to design effective cybersecurity training

1: Collect data to find weak points

For cybersecurity training to be effective, it is important to focus resources on the weak points within a business. This data may be collected from previous cybersecurity incidents within a business or any ‘near misses’. It is also important to consider the specific threats that your industry faces, and tailor training to address these threats. 

2: Decide the scope of the training

When designing cybersecurity training, businesses must cover enough information to give employees the tools required to identify potential attacks, without going into too much detail and confusing the audience. Some topics that should be covered include phishing attacks, social engineering attacks, password hygiene and how to work securely whilst hybrid working. It may be effective to run different levels of cybersecurity training for different job roles, as different roles have varying levels of access to data and associated risks.

3: Set clear achievable goals

To measure the success of cybersecurity training, set clear achievable goals. This may include a decrease in cybersecurity incidents or ‘near misses’. If you already run phishing simulation tests, the goal may be to improve the results of subsequent tests.

4: Implement engaging training

For training to be effective it should be interesting, engaging and relevant to the business and the employee’s role. This may include using real-world examples of previous attack attempts, or a real-time training simulation where employees must act as if there is an actual cyberattack. Using simulations and real-world examples will make it easier for employees to connect with the training and will highlight any areas of weakness.

5: Evaluate to optimise training

After training is complete, measure the effectiveness to see if you have achieved the goals set in step 3. If the goal was not reached, it is important to understand why, and what can be done in future training sessions to increase effectiveness. 

6: Make learning an ongoing process

Cybersecurity training should not be an annual task, as employees will often forget elements of the training, and new attack methods may arise which employees are not aware of. Instead, make learning an ongoing process with refresher training, or short fun quizzes being run often. Similarly, monitor your KPIs to ensure that employees maintain their focus on cybersecurity. 

Cybersecurity training as a Service

There are several SaaS tools that can help you make cybersecurity training an ongoing process, ensuring that end users are kept up to date. These tools include regular phishing campaigns, on demand training and security awareness content and intelligent reporting that helps you identify weaknesses whether company-wide or at user level.

If you would like to discuss your cybersecurity training requirements, we’d be happy to talk you through the options and help you identify the right approach for your organisation. Get in touch here >

The world of cybercrime: the gangs behind ransomware attacks

The most worrying and prevalent cyber threat businesses have faced in the past 5 years have been ransomware attacks. In a recent report it was found that 37% of respondents had been hit with a ransomware attack in the past year. Unfortunately, these numbers are increasing year on year and, unless businesses have systems in place, they will likely fall victim to an attack at some point. 

This massive rise in ransomware attacks have been attributed to several high-profile ransomware gangs that distribute the malicious software to a network of affiliates to extort money from their targets. 

In this article we will delve into the world of cybercrime and explore the principal ransomware gangs, the future of cybercrime, and how businesses can avoid falling victim to a ransomware attack.

What is a ransomware attack?

Ransomware is a cyberattack that uses malware to encrypt a business’ data and hold them at ransom, not giving the encryption key until the ransom is paid. While the data is encrypted, employees are unable to access files, databases, IT systems or applications. This malware is designed to spread throughout a system, encrypting every file on a business’ network, often causing significant downtime. These attacks generally use a phishing email to initiate the exploit and malware infection. 

Hot off the press! Get our latest whitepaper on hybrid working and cyber security here >

The most prevalent ransomware gangs

The three most prevalent ransomware gangs are REvil, Conti and Darkside. REvil is a ransomware-as-a-service operation. They developed a ransomware toolkit and recruit affiliates to launch ransomware for them, taking a cut of the profits. This year they have been responsible for 13.5% of all attacks, including an attack on a company in Apple’s supply chain, Quanta. REvil stated that in 2020 they profited over $100 million from their ransomware attacks.

In 2021, Conti was responsible for 13.5% of all ransomware attacks. This gang has been operational since 2018 and in that time has been ruthless with their attacks, including attacks on the education sector and the Irish Healthcare system. The average Conti ransom payment is currently over $400,000 and incidents typically last over 15 days.

The third most prevalent ransomware gang is DarkSide. It is a relatively new group, but has swiftly risen in notoriety, being responsible for 11.5% of all ransomware attacks in 2021. What sets DarkSide apart from other ransomware gangs is their reputation for operating ‘ethically’ and once vowed never to target any public infrastructure. However, DarkSide was infamously responsible for the Colonial Pipeline attack earlier this year, not as ethical as they claim. The group is more professional than other ransomware gangs, and even has a customer service division to ensure its victims’ systems are restored correctly. 

The future of cybercrime

As ransomware continues to be a lucrative industry for cybercriminals, it is likely that these attacks will only become more prevalent. In the past year, more ransomware gangs have been working together to share tactics and ransomware toolkits. Some gangs are even working together to infect targets at the same time, in an attempt to receive two pay outs on the ransom.

A worrying trend of the past year is that ransomware gangs are not just targeting large enterprises and multinationals. SMEs are also a target. Although the ransom values may be less for a smaller business, these organisations are less likely to have comprehensive security, making them an easy target.

How to protect your business from ransomware attacks

To protect your business from a ransomware attack, the three primary concerns to address are update and patch management, email security and the implementation of a disaster recovery plan.

Most ransomware attacks work by exploiting vulnerabilities within software. Keeping all devices, software and antivirus protection up to date significantly reduces the chance of falling victim to an attack. Whenever an update is available, all employees should run them immediately, and there should be systems in place to ensure that employees do not postpone updates and patches for longer than necessary.

As most ransomware attacks start with a phishing email, emphasis should be placed on email security. Employees should have phishing awareness training to be able to spot a potential phishing attempt and be aware that they should not open an email or click on an attachment from an unknown sender. However, this should not be the only line of email defence. Solutions such as Mimecast Email Security can quarantine any potential phishing email, ensuring that it does not land in an employee’s inbox.

If a business does fall victim to a ransomware attack, it is important to have recent backups and a comprehensive disaster recovery plan in place. Although this does not stop the attack, it greatly reduces the amount of downtime after an attack. You can also avoid paying out a costly ransom if you are happy to revert to the most recent backup.

The past 5 years have shown that all businesses are at risk of a ransomware attack, regardless of size or industry. If your business doesn’t have security measures in place, now is the time to strengthen your security posture before the inevitable happens. If you want to find out more on how to keep your business safe from an attack, get in touch today.

Information security vs cyber security: key principles and differences

Over the past two decades technology has advanced rapidly and fundamentally changed the way that businesses function. Whilst this has primarily been a positive experience for businesses, these advancements have also given rise to an increase in cybercrime. With the current prevalence of cybercrime, all organisations are currently at risk of falling victim to a cyberattack. Thankfully, many businesses are aware of the risk and starting to invest more time and money into protecting their data and systems.

If your business is looking into how to prevent a cyberattack or data breach, it is important to first understand the different types of security and their principles and differences. In this article we will discuss the definitions of information security and cyber security, the key principles of each and why they matter to your business. 

What is information security?

Information security are the practices organisations implement to protect their business records, data and intellectual property. These practices ensure that both physical and digital data is protected from unauthorised access, deletion, corruption, unlawful use, or modification. The key information security principle is the CIA triad, which is a focus on the balanced protection of the confidentiality, integrity and availability of data.

What is cyber security?

Cyber security is a branch of information security including the practices an organisation undertakes to reduce the risk of a cyberattack. These practices are focused on technology to stop cybercriminals from accessing sensitive information, extorting money from users, or interrupting normal business procedures. Common cyber security practices include protecting networks, endpoints and educating users on how to avoid an attack.

Find out how vulnerable is your organisation is to cyberattack. Explore the benefits of a Cyber Security Posture Assessment here >

Key information security principles

The key information security principle is the CIA triad, this includes:

Confidentiality – Protecting confidentiality ensures that that any sensitive information is not made available or disclosed to unauthorised individuals, entities or processes. Countermeasures that protect confidentiality include defining and enforcing access levels for information, as well as avoiding password theft, device theft and ensuring sensitive data is encrypted. 

Integrity – Integrity in the CIA triad is focused on ensuring that information has not been modified, and therefore can be trusted to be correct and authentic. Integrity can be comprised by a cybercriminal causing a data breach and modifying data for malicious reasons. Integrity can also be compromised by human error or poor access policies and procedures. Countermeasures that protect integrity include digital signatures, hashing, physical and digital intrusion protection systems, and strong authentication methods, including multi-factor authentication.

Availability – For a business to function effectively, it is important that information is available whenever it is needed. This means that all networks, systems, and applications are working as intended to allow authorised users access to resources as required. The key risks to data availability include hardware failure, natural disasters, denial of service attacks and human error.  Countermeasures that ensure data availability include backups, data redundancy, denial of service protection and a comprehensive disaster recovery plan.

Key Cyber Security Principles

Network security – Network security includes any measure taken to protect the usability, security and integrity of a network and its data. This includes hardware and software solutions designed to stop cybercriminals from accessing a network or spreading malware within a network. Some network security measures include firewalls, network-wide email security and anti-malware software, and authentication solutions.

Endpoint security – Whereas network security aims to protect a network as a whole, endpoint security aims to protect the individual end-user devices that connect to a network, however there is overlap between the two. These endpoint devices include desktops, laptops, servers, smartphones and IoT devices. Common endpoint security solutions include privileged access management, endpoint protection platforms, device anti-malware, application control and patch management.

User Education and Awareness – A significant factor in keeping businesses safe from a cyberattack is ensuring users of networks and systems have an awareness of common attack vectors. Some common attack vectors include phishing emails, compromised or weak credentials, malvertising and brute force attacks. If an organisation runs regular cyber security education and awareness training it enables employees to detect a potential attack or breach of procedure before it is too late.

Why information security and cyber security matter

In 2021, the greatest threat to all businesses, regardless of size or industry, is a cyberattack or data breach. As the methods cybercriminals are using become more complex and attacks more prevalent, if your business has not secured their network, systems, and information, now is the time to start taking security seriously. If you want to find out more about how to implement a comprehensive information security or cyber security solution within your organisation, get in touch today.

We are ISO 27001 accredited!

Breaking news at Cloud Business HQ. We’re delighted to announce that we’ve secured ISO 27001 certification after many months of hard work by the team. Regular readers of our blog will know that we take information security very seriously – we regularly feature information security issues here – ISO 27001 is another step in demonstrating this and ensuring best practice.

What is ISO 27001?

This is an international recognised best practice standard for information security, and is highly relevant for those organisations like us working in the IT sector where the protection of information is critical.

It’s also highly appropriate for organisations that manage high volumes of data and information on behalf of clients, such as in datacentres, making it even more relevant to Managed Service Providers like ourselves.

The main objective of the ISO 27001 standard is to establish and maintain an effective Information Security Management System (ISMS), using a continual improvement approach. The standard requires that we systematically examine any risks to the organisation’s information security and put in place comprehensive policies to manage those risks of which we have control over.

ISO 27001 is a proactive approach to managing risk and securing data and information, planning ahead and pre-empting threats rather than reacting to threats when they happen.

In demonstrating that we comply with this standard, Cloud Business has designed and implemented a set of controls and measures to manage any threats to data and information assets, as well as refining existing systems to comply with standards. Going forward we will maintain and continually improve these as new threats emerge and new solutions and systems are developed.

The benefits to our clients are:

  • ISO 27001 increases the security of their confidential information,
  • It gives clients and stakeholders confidence that we are managing risk,
  • It improves the secure exchange of information internally and externally,
  • It helps our clients comply with regulations impacting on their business,
  • It improves the consistency of the delivery of our service to our clients,
  • It manages and minimises risk exposure for clients and ourselves,
  • It builds a culture of security within Cloud Business that will also be communicated to our clients through our day-to-day contact with them.

What happens next?

Having achieved ISO 27001 we now have to maintain it and part of this is the continual improvement element. This means we will be regularly reviewing our information security management system and updating our controls and measures as appropriate. We will also undergo regular surveillance audits by the Certification Body, as well as a full audit every 3 years.

While our ISO 27001 certification will benefit your business, if you work with us, you may also be interested in achieving this certification yourselves. We have helped other organisations, such as Experian Data Quality, achieve ISO 27001. You can read a case study on this ISO 27001 project here >

How cybercriminals use social engineering to target organisations

For cybercriminals, often the easiest and most effective way of targeting a business is to use social engineering methods to manipulate users into breaching security policies or giving away sensitive information. For a social engineering attack to work, the most important stage is the cybercriminal’s research of the target organisation and its employees. This research stage is made simple due to the prolific nature of social media. In this article we will discuss how cybercriminals use social media and social engineering to target organisations, and what you can do to avoid a cyberattack.

3 steps to a successful social engineering attack

Step 1: Identify a target organisation

In the past, the prime targets for cyberattacks were large organisations as the payoff from a data breach or ransomware attack would be greater than that of a smaller business. However, now all businesses are at risk of a cyberattack. For a cybercriminal, often targeting smaller businesses is more profitable as they typically have a weaker security posture, whilst still having access to a significant amount of customer data. Once a cybercriminal has decided on a target organisation, they will then begin to research the employees to formulate an attack.

Step 2: Research employees

LinkedIn is the first port of call for researching employees in a target organisation. Through their name they can also find Facebook, Instagram and Twitter accounts. These social networking platforms give details about hobbies, family members and even locations employees frequent, through geo-tagged posts. 

Having this wealth of information makes it easier to deceive the victim and potentially gives answers to password recovery questions, such as ‘What is your mother’s maiden name?’. Similarly, information about hobbies could be used to trigger a phishing attack. For example, if the victim is a keen cyclist, the attacker could send them a link or attachment purporting to be something cycling related. Unless the victim has strong privacy settings on their social media accounts, all this information can be accessed without the victim’s knowledge, as they do not need to be followed or added as a friend.

Step 3: Launch attack

With this information there are many attack vectors that may be effective for a cybercriminal to gain access to a secure business network, or to infect a business with ransomware. One method may be to target the employee’s personal email address with a spear phishing email relating to one of their hobbies or shops they frequent with a malicious link to reset their password on an online account. If the victim resets their password by using their previous password, and that password is the same as their work account, this gives the hacker access to their work account. From here it is simple to launch a ransomware attack or access customer data.

Another method cybercriminals may use is a direct phishing attack to the victim’s work email. Through the prior research a cybercriminal may pose as one of the businesses’ vendors or customers in order to persuade the victim to click a malicious link giving the hacker access to a network or work account. Once they have access to a work account, from the social media research the hacker can easily launch another spear phishing attack from the victim’s email, targeting someone in the organisation with greater access to customer data. 

How social engineering impacts business

Both a ransomware attack and a data breach can be devastating for a business. A data breach has short term consequences of potential fines and fees, along with the potential cost of a forensic investigation. More worryingly, is the long-term consequence of eroding customer trust and a loss of reputation, which can be difficult to recover from.

A ransomware attack may be extremely costly if the ransom is paid out to decrypt the data. Sometimes it is possible to decrypt the data without paying the ransom, however this often leads to significant downtime and the potential to lose data.

How to avoid a cyberattack

There are three key takeaways for businesses trying to avoid an attack. 

  1. Employees should be conscious about what information is being shared on social media. This is not to say that individuals should not post on social networking platforms, but they should restrict their privacy settings so only trusted friends and colleagues can view their information and posts. 
  2. Businesses should educate employees on how to spot phishing emails and general cybersecurity awareness. This education and awareness may stop a cyberattack before it is too late.
  3. Businesses should consider investing in a comprehensive cybersecurity solution that decreases the chance of a ransomware attack or data breach. 

If you want to find out more about how you can keep your business safe, get in contact with us today.

Cloud Business Logo - white
Microsoft Gold Partner Logo - Cloud Business

Cloud Business Limited
8 North Street
Guildford
GU1 4AF

Microsoft Gold Partner Logo - Cloud Business

2021 © Cloud Business Limited
Registered Company in England and Wales 06798438