Success stories

Our customers come in all shapes and sizes.

We work with organisations from all walks of life, with different ambitions and requirements. Explore how we’ve helped them reimagine everyday, and align technology with their culture and business goals.

The world of cybercrime: the gangs behind ransomware attacks

In the past five years, thousands of businesses have been targeted by a small group of ransomware gangs. Find out more about the world of cybercrime, and how to protect your business from ransomware attacks.
View case study >

Hybrid working: how technology can support your move to a hybrid workplace

Technology can support the move to hybrid working to ensure employees can be product, collaborate effectively, and stay secure, no matter where they are located. Learn more here.
View case study >

How do you protect against phishing attacks?

86% of UK businesses experienced a phishing attack in 2020, and they’re only getting more sophisticated. To protect your business, you need to strengthen your domain security, starve attackers of information, and adopt a culture of caution.
View case study >

What is a ransomware attack and how often do they happen?

Criminals are taking advantage of the pandemic to perform a new wave of sophisticated ransomware attacks. Learn how the threat is evolving – and how you can protect your business – in our latest blog.
View case study >

What makes the education sector a prime target for cyber attack?

With cyber security threats in the education sector ever increasing, it's important to understand who's attacking your establishment and what attack vectors they use.
View case study >

The world of cybercrime: the gangs behind ransomware attacks

The most worrying and prevalent cyber threat businesses have faced in the past 5 years have been ransomware attacks. In a recent report it was found that 37% of respondents had been hit with a ransomware attack in the past year. Unfortunately, these numbers are increasing year on year and, unless businesses have systems in place, they will likely fall victim to an attack at some point. 

This massive rise in ransomware attacks have been attributed to several high-profile ransomware gangs that distribute the malicious software to a network of affiliates to extort money from their targets. 

In this article we will delve into the world of cybercrime and explore the principal ransomware gangs, the future of cybercrime, and how businesses can avoid falling victim to a ransomware attack.

What is a ransomware attack?

Ransomware is a cyberattack that uses malware to encrypt a business’ data and hold them at ransom, not giving the encryption key until the ransom is paid. While the data is encrypted, employees are unable to access files, databases, IT systems or applications. This malware is designed to spread throughout a system, encrypting every file on a business’ network, often causing significant downtime. These attacks generally use a phishing email to initiate the exploit and malware infection. 

Hot off the press! Get our latest whitepaper on hybrid working and cyber security here >

The most prevalent ransomware gangs

The three most prevalent ransomware gangs are REvil, Conti and Darkside. REvil is a ransomware-as-a-service operation. They developed a ransomware toolkit and recruit affiliates to launch ransomware for them, taking a cut of the profits. This year they have been responsible for 13.5% of all attacks, including an attack on a company in Apple’s supply chain, Quanta. REvil stated that in 2020 they profited over $100 million from their ransomware attacks.

In 2021, Conti was responsible for 13.5% of all ransomware attacks. This gang has been operational since 2018 and in that time has been ruthless with their attacks, including attacks on the education sector and the Irish Healthcare system. The average Conti ransom payment is currently over $400,000 and incidents typically last over 15 days.

The third most prevalent ransomware gang is DarkSide. It is a relatively new group, but has swiftly risen in notoriety, being responsible for 11.5% of all ransomware attacks in 2021. What sets DarkSide apart from other ransomware gangs is their reputation for operating ‘ethically’ and once vowed never to target any public infrastructure. However, DarkSide was infamously responsible for the Colonial Pipeline attack earlier this year, not as ethical as they claim. The group is more professional than other ransomware gangs, and even has a customer service division to ensure its victims’ systems are restored correctly. 

The future of cybercrime

As ransomware continues to be a lucrative industry for cybercriminals, it is likely that these attacks will only become more prevalent. In the past year, more ransomware gangs have been working together to share tactics and ransomware toolkits. Some gangs are even working together to infect targets at the same time, in an attempt to receive two pay outs on the ransom.

A worrying trend of the past year is that ransomware gangs are not just targeting large enterprises and multinationals. SMEs are also a target. Although the ransom values may be less for a smaller business, these organisations are less likely to have comprehensive security, making them an easy target.

How to protect your business from ransomware attacks

To protect your business from a ransomware attack, the three primary concerns to address are update and patch management, email security and the implementation of a disaster recovery plan.

Most ransomware attacks work by exploiting vulnerabilities within software. Keeping all devices, software and antivirus protection up to date significantly reduces the chance of falling victim to an attack. Whenever an update is available, all employees should run them immediately, and there should be systems in place to ensure that employees do not postpone updates and patches for longer than necessary.

As most ransomware attacks start with a phishing email, emphasis should be placed on email security. Employees should have phishing awareness training to be able to spot a potential phishing attempt and be aware that they should not open an email or click on an attachment from an unknown sender. However, this should not be the only line of email defence. Solutions such as Mimecast Email Security can quarantine any potential phishing email, ensuring that it does not land in an employee’s inbox.

If a business does fall victim to a ransomware attack, it is important to have recent backups and a comprehensive disaster recovery plan in place. Although this does not stop the attack, it greatly reduces the amount of downtime after an attack. You can also avoid paying out a costly ransom if you are happy to revert to the most recent backup.

The past 5 years have shown that all businesses are at risk of a ransomware attack, regardless of size or industry. If your business doesn’t have security measures in place, now is the time to strengthen your security posture before the inevitable happens. If you want to find out more on how to keep your business safe from an attack, get in touch today.

Hybrid working: how technology can support your move to a hybrid workplace

The move to a hybrid workplace promises a myriad of benefits including increased collaboration, productivity and a better work-life balance. For this reason, it is no surprise that 91% of the global workforce expect to be working in some form of hybrid arrangement over the coming months. However, the hybrid workplace model will take some time to refine as there are many factors that must work together to support the changing workplace. One of the key factors that is integral to the long term success of hybrid working, is technology.

In the past 12 months most large technology companies have shifted their focus to adapting and creating technology that will suit hybrid working and provide a better experience for users, wherever they are working. 

In this article we identify key technologies to support your business’s move to a hybrid workplace.

Video conferencing with Microsoft Teams

Meetings with both physical and remote attendees are more complex than traditional meetings or virtual meetings. The key challenge is how to ensure that all attendees have the same experience, regardless of where they are located. Microsoft Teams aims to address these challenges with additional features such as the ‘Front Row’ along with changes to the user interface to increase productivity and collaboration in hybrid meetings. If you want to find out more about how to run an effective hybrid meeting read our recent blog.

Email protection

When employees moved from working in an office space to working from home there was a massive rise in phishing emails and phishing related cyberattacks. This trend will likely continue with the advent of hybrid work, with phishing being used as an attack vector to carry out ransomware attacks. User education and awareness is a key factor in avoiding a phishing attack, but it shouldn’t be the only line of defence. As businesses move to hybrid work, they should consider implementing a software defence to stop phishing attacks before they even enter an employee’s inbox. Mimecast uses AI to detect and quarantine any potential phishing attacks, keeping organisations safe from data breaches and ransomware attacks.

Work from anywhere with virtual desktops

Businesses that are trying to reduce hardware costs, or create more flexibility for employees, may have considered a Bring-Your-Own-PC (BYOPC) programme. A BYOPC programme seems ideal for hybrid working, however it poses a significant security risk as employees’ laptops may be infected with malware or may not have the same security policies as required by the business. This problem can be solved with virtual desktops through Azure Virtual Desktop and cloud PCs through Windows 365. These solutions allow users to connect to virtual desktops running on the Azure cloud. This gives the full Windows experience on any device, from any location with the security policies set up by the administrator. The recent release of Windows 365 has made it even easier for business to introduce cloud PCs to employees with simple per user per month pricing.

Employee experience platforms

The advent of remote and hybrid working can make it difficult for employees to stay connected with the wider business if not all employees work in the office on the same days. Similarly, many employees find it difficult to balance productivity and wellbeing whilst working from home. To solve these challenges, Microsoft has released Viva. Viva is an employee experience platform designed to foster an organisational culture where people and teams are empowered to be their best from anywhere. This solution contains modules to help employees stay connected to the wider business, increase productivity, organises content across the business and provide learning and development opportunities. The key to effective hybrid working is to focus on the employee experience, and Viva excels at this.

Phone call with Teams

For businesses that rely on telephone systems for day-to-day business, a traditional phone system may not be suitable for hybrid working. Transferring calls between an office and an employee’s home is difficult and can lead to a poor experience for customers. A cloud-based phone solution, such as Microsoft Business Voice, allows businesses to keep their existing phone numbers whilst allowing employees to make and answer calls from anywhere, on any device. Business Voice is also integrated with Teams, which means all calls, meetings, chats and files are housed in a single application. Moving to a cloud-based telephony solution is perfect for hybrid work and can reduce costs through streamlining technology.

Register for our next Microsoft Teams Business Voice Workshop here >

The move to hybrid marks a new era in the way the world views work. An effective hybrid work scheme can allow employees can be more productivity, have a better work-life balance and employers can potentially reduce overhead costs to increase profitability. For these benefits to be realised, technology will have to play a large part in supporting the new workplace.

How do you protect against phishing attacks?

How do you protect against phishing attacks?

Phishing attempts are so common now that you’d be hard pressed to find an internet user who hasn’t seen one. According to the government’s cyber breaches survey, 86% of businesses experienced a phishing attack in 2020, a rise of 14% since 2017.

This growth has only sped up since the start of the pandemic. HMRC detected a 73% rise in email phishing attacks in the six months since the pandemic began. As far as security researchers can tell, this sudden increase can be linked to the rise of home working and the vulnerable emotional state many targets find themselves in. Criminals have seized the rapid change Covid-19 has brought and will continue to do so until the global cases recede.

Find out how FE college, Coleg Gwent, is protecting its users from phishing attacks in this case study >

Despite this increase, when most of us think of phishing attacks it’s the ones that are easy to spot. Such emails poorly imitate a company in a bid to get you to divulge account or payment information. As you may have noticed, though, phishing attempts are getting more sophisticated.

“Spearphishing” attacks take a step back from the broad net attackers usually cast and highly tailor emails or phone calls to target specific employees. Often, once they have access to a network via a low-level employee, they impersonate them, targeting those with more valuable information.

These types of emails can be difficult for experts to spot, let alone your average user. As a result, preventing successful attacks can be a real challenge for many IT departments. Though some basic training will prevent the bulk of phishing attacks, it does little to prevent high-level imitations.

How to reduce the success rate of phishing attacks

If basic training isn’t enough, what can you do to protect your business against this new wave of attacks? Here are some of our top suggestions:

1. Strengthen domain security

With impersonation attacks so common, it’s vital that enterprises have strong domain security. If an attacker manages to get a hold of your registrar account, it becomes infinitely easier for them to pretend to be someone in your organisation. With the right access, they can send an email from a company address and mastermind attacks that are far more successful.

As well as securing your registrar account, you may want to register the most common misspellings of your domain and implement security protocols like DMARC and SPF and DKIM.

2. Reduce available information

Holding detailed information about your company on its website may provide reassuring transparency, but it’s also a treasure trove for attackers. Think about what information your customers need to know and what is just unnecessary fuel for attackers. Is it really important that your customers know who every team member in your company is? Does each of them require a publicly accessible email address, or can inquiries be directed elsewhere?

This extends to the information your employees share on social media. Attackers can use information about recently closed deals, new partners, and more. Ensure you have a clear and strict policy about what information should be made public.

3. Adopt a culture of caution

Though many companies perform training sessions, staggering numbers of employees click on phishing links every day. For the biggest impact, resilience shouldn’t just be boiled down to a quarterly seminar – it needs to be built into the culture of the company.

Adopting a “caution over comfort” mindset will help employees to think critically whenever they see an email that makes them uneasy. Make it known that they’re encouraged to double-check with their superiors or the IT department if they have any doubt.

This should extend to transactions. Often, phishers who have access to credentials will strike by jumping into an existing email chain about a deal and providing their own payment details instead of the intended recipient. A strict transaction policy that requires validation through security questions on a different communications channel can combat this.

4. Run spoof phishing campaigns to raise security awareness

Regularly running imitation phishing campaigns raises awareness amongst your user community about what to look for in a genuine phishing attack, and helps you identify individuals who need further support.

To help you run regular campaigns, we provide Phishing & Security Awareness as a Service. This hands free service means you don’t have to remember to run phishing campaigns, we do it for you. Campaigns are regularly updated in line with the evolving sophistication of genuine attacks. For many of our customers, this service helps them to tick compliance boxes and cyber security training requirements.

Find out more here >

5. Stop phishing emails in their track a robust email gateway

Implementing the above tips will significantly reduce the chance that a phishing attack is successful without a significant financial investment. However, the unfortunate truth is that so long as phishing emails are still hitting employees’ inboxes, mistakes will be made.

That’s where an email gateway like Mimecast or Fortimail comes in. By scanning email in real-time, these solutions identify suspicious emails and block, flag, or categorise them before they reach an employee’s inbox. They scan every URL, sandbox and scan all attachments, and look for anomalies in the sender and email text.

With an intuitive dashboard and regular updates, email gateway solutions act as a one-stop-shop for phishing protection, taking human error out of the equation while reducing the burden on the IT department.

If your organisation is experiencing an increase in phishing attacks and you’d like help protecting your users, data and systems, please get in touch. We’re always happy to discuss your unique environment and the options available.

What is a ransomware attack and how often do they happen?

Ransomware attacks are not a new security threat. In fact, the first was orchestrated in 1989, with its proceeds allegedly going to charity. In the past five years, however, ransomware attacks have the hit headlines across the globe. Attacks, experts say, are becoming more sophisticated, more harmful, and more frequent.

In its base form, ransomware is a type of malware designed to lock a user out of their files – typically by encrypting them with a key only the attacker knows. The methods to achieve this, however, are constantly evolving.

The notorious WannaCry ransomware is perhaps the most successful example of this. It made use of an exploit discovered by the United States’ NSA to achieve an unprecedented level of spread. It successfully hit the NHS, FedEx, and more, expanding through their network automatically to lock as many computers as possible.

Get a free cyber security health check, to get a clearer idea of your organisation’s vulnerabilities and how to manage threats like ransomware. Click here to book >

Since the success of WannaCry, there has been an explosion in the number of ransomwares, some of them using similar techniques and others creating new ones. The highly-sophisticated Ryuk has had particular success in recent times, combining a credential theft trojan with manual intervention to strike swiftly across the entire network.

According to a recent SonicWall study, the number of new ransomware variants is only growing. It noted a 46% increase in new strains each year, with Ryuk accounting for a third of all attacks.

So, how high is the threat to UK businesses right now? A report by Check Point suggests higher than ever. Ransomware attacks in the UK jumped by 80% in Q3 2020 as attackers looked to exploit mass remote working. Worldwide, it says, a new organisation becomes the victim of ransomware every ten seconds.

Further, the number of so-called “double-extortion” ransomware attacks are increasing. Attackers are not only threatening to lock enterprises out of their data – they also say they’ll leak it if they don’t pay up. Nearly half of all attacks used this method in Q3 2020, making it a significant and developing risk.

Protection against ransomware attacks

With this increased threat, businesses stand to lose even more should they fall victim to a ransomware attack. As well as the weeks of downtime ransomware can bring, improper protection can lead to leaks of confidential documents and intellectual property.

Fortunately, while attacks are becoming more sophisticated, so are the cyber security solutions deployed to protect businesses from these threats. Combining sophisticated backup systems and advanced anti-malware protection, many solutions use heuristic analysis to detect known and new ransomware and stop it in its tracks. By constantly monitoring machines, these solutions will suspend a ransomware’s activities and restore a version of the file from moments before.

Further safeguards are also needed to protect local and cloud backup files. Solutions that actively monitor local files, prevent backups from being modified. When choosing cyber security backup solutions, look for products that feature strong end-to-end encryption and only allow modification by authorised agent software. This ensures that protection applies even if the ransomware tries to overwrite the Master Boot Record (MBR) or tries to attack the security software itself.

What solutions are right for your organisation?

Every company and organisation is different, with different vulnerabilities, risk profiles, IT environment and, of course, available budget. For this reason, not every security solution is right for your organisation, which is why we recommend an initial cyber security health check to help understand your requirements and environment before looking at potential solutions. If you’d like to take us up on our free offer, please click on the link below.

What makes the education sector a prime target for cyber attack?

The cyber threat to the Further and Higher Education sector sits within the wider threat to UK enterprise overall. As with any large organisation, universities and colleges handle large volumes of personal data, intellectual property and other data assets, all of which makes education a target for cyber attack.

Understanding what assets you hold and why they may be of value to cyber criminals and malicious actors is a key step towards protecting your organisation, your data and your people. Below we explore what’s special about education and who may be targeting your organisation.

Read our case study exploring how we deployed a comprehensive email solution for further education college, Coleg Gwent here >

Why are universities vulnerable to cyber attack?

Large volumes of data

Further and Higher Education institutions handle large volumes of sensitive data that may be held for many years. A wide variety of data on students, faculty members, alumni, parents and university staff make them highly attractive targets.

Research universities and medical schools may also handle data from other organisations. Such as medical data for hospitals linked to the university or corporations and public sector bodies connected to research projects and grants. This data may attract both those seeking financial gain as well as those looking to steal intellectual property.

Lack of centralised structure

In many cases, sensitive data is stored in different locations rather than one centralised place. Student data may be stored by individual colleges or campuses. With many education providers merging to form larger establishments, staff data may also historically reside in different locations.

Furthermore, duplicate sensitive data may be propagated across an organisation, with different departments holding the same information. Alumni offices, central administration, schools and colleges may all have their reasons for storing the same data on a student or even faculty staff.

Organisational vulnerabilities

Decentralisation is often reflected in other ways too. Such as cyber security policies, processes used to handle data, cyber security tools and security awareness programmes.

Ensuring that everyone within such a diverse organisation adheres to the same policies and safeguarding procedures is no easy task.

Widespread use of personal devices

FE & HE institutions depend on large sectors of their user community having a personal device. Students are the obvious risk, with the majority accessing organisational systems from often less well protected mobiles, tablets and laptops.

However, admin and faculty staff also use their own devices, especially in recent times with the increase in remote learning / teaching. Security awareness can be a problem and there can also be resistance from the user community if the IT department want to put controls in place on personal devices.

Remote learning

Accessing organisational apps and data remotely exposes another vulnerability. This can be exasperated by lack of data security awareness, frustrations around using new technology to work or teach remotely and a proprietary attitude to personal devices.

Who’s attacking your network?

So who’s responsible for this increase in attacks on the education sector? The key threats to education establishments are:

  1. Criminals looking for financial gain
  2. State-sponsored espionage

Both actors will use the same vulnerabilities to access your network. But while the criminal looking for financial gain will often make themselves known once they’re ready to act with a ransom demand, nation states seeking to steal personal data and intellectual property and criminals stealing data to sell, prefer to remain undetected.

Ransomware attacks on the increase

Since late February 2021, the National Cyber Security Centre (NCSC) has seen an increased number of ransomware attacks affecting education establishments in the UK. The NCSC previously acknowledged an increase in ransomware attacks on the UK education sector during August and September 2020. It has now updated its Alert in line with the latest activity.

Ransomware attacks prevent organisations from accessing their systems or data until a ransom is paid. Threats to release stolen sensitive data on ‘name and shame’ websites, are also on the increase if the ransom is not paid.

The NCSC said that, “In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing.”

Attackers gain access to the target’s network depending on the vulnerabilities they identify. Common attack vectors include:

  1. Phishing
  2. Remote access systems: remote desktop protocol (RDP) and virtual private networks (VPN)
  3. Unpatched and unsecure devices

Once inside your network the attacker will generally increase their privileges in order to identity high-value assets. The NCSC reports recent malicious activities including:

  • sabotage backup or auditing devices to make recovery more difficult,
  • encrypt entire virtual servers,
  • use scripting environments (e.g. PowerShell) to easily deploy tooling or ransomware.

How to protect your users from ransomware attacks

The best defence is to your people. Security awareness training (regularly updated) and imitation phishing campaigns to raise awareness and also identify susceptible users, makes a real difference. This can be challenging with a high turnover of students, which is why comprehensive security measures must also be deployed.

Relatively simple measures can be put in place to secure your network. A robust approach to patching will help secure devices. Multi Factor Authentication (MFA) provides an additional level of security for remote access systems. Vulnerability Management identifies vulnerabilities, balances risks with business operations, and gives you much needed visibility to protect your establishment from evolving threats.

Email security platforms are vital to identify and disrupt phishing attacks. These solutions don’t have to be onerous on the IT department either. End-user quarantine management processes protect your network but allows users to self-service and release their own messages in a secure environment.

If you would like to discuss how to better protect your network and data, please get in touch with our cyber security team. We work with many schools, colleges and universities, and are happy to share experience and best practice.

To read our case study on Coleg Gwent’s email security solution, click here >

Book a discovery call advert

Cloud Business Logo - white
Microsoft Gold Partner Logo - Cloud Business
Cloud Business Limited
5 Elmwood
Chineham Business Park
RG24 8WG
Microsoft Gold Partner Logo - Cloud Business

2023 © Cloud Business Limited
Registered Company in England and Wales 06798438