An IT Support Blog from London

Although cloud security is often brought up as a major issue in cloud adoption discussions, there still remain a few misconceptions that need to be corrected and clarified. In order for businesses to make the right steps in securing their cloud-based digital assets, they need to distinguish the myths from the facts. This blog post can help in that regard.

These are some of the basic things you need to understand about cloud security.

The prevalence of firewalls and anti-virus software has closed many of the common attack vectors that cyber criminals use to gain unauthorised access to networks and to bypass online security. For this reason, attacks increasingly rely on fooling users into allowing access to systems: legitimate-looking emails that easily clear the common-sense hurdle can hide malware and well-planned hacking attacks.

Even with the necessary protections in place, it is surprisingly easy to “spoof” an address, with a form field that looks correct in every way; except for the fact that the sender is not who it appears to be. Most users will think twice about opening an attachment sent by an unknown sender, but if the attachment appears to be from a colleague the usual caution is sometimes left by the wayside.

Of all the types of malware wreaking havoc these days, one clearly stands out - Ransomware. This troublesome malware appears to be gaining a lot of fans in the cybercrime community and has, in turn, caused considerable stretches of downtime on a large number of organisations.

It is without question a risky affair: allowing employees to use their personal devices to access your network and valuable, often confidential company data. Yet despite the risks BYOD (bring your own device) marches on and companies and organisations around the world are adopting tactics and technologies to make it work.

There used to be a time when it was relatively easier to prevent malware from infecting our systems. We’d install an antivirus, keep its database updated, and equip end users with a laundry list of things to avoid - like suspicious email attachments and unfamiliar websites. Today, drive by downloads are making malware avoidance a more challenging task.

A drive-by download is a malware infection procedure that doesn’t require the user to download anything or even click a link. For his/her system to get infected, the user only has to visit a site that’s been compromised. The infection process then takes place behind the scenes, without the user ever noticing anything unusual.

In the wake of Brexit, it seems like there has never been a more important time to attract businesses to the UK. There are still plenty of reasons for multinationals to set up shop here. While it has experienced setbacks in recent times, London has retained its status as one of the world's financial hubs. We also have the fifth largest economy in the world according to GDP (Nominal), and despite the current uncertainty, there are still solid strategic reasons for companies basing themselves in the UK.

Information technology risks range from the very apparent to the silent and hidden. The majority of businesses mitigate the most obvious risks: only an irresponsible IT operation will do without network firewalls in place or skip on regularly updating operating systems and software. Yet it is the less obvious risks which can trip up even carefully run IT functions – and which can cause progressive or indeed sudden harm to your business.

Based on the 2016 edition of Ponemon’s annual Cost of Cyber Crime report, phishing is now one of the most prevalent cyber-attacks today. Should you be worried about it? It depends. If you think any of the consequences of phishing attacks outlined below can impact your business, then maybe you should be.

Tarnish your company’s image

Most phishing attacks are designed to steal personal information. The way cyber criminals do this is by crafting legitimate-looking emails that compel recipients into disclosing their personal details.

DDoS attacks that force websites to go offline and cripple servers are nothing new, but many of the massive DDoS attacks last year, which also happened to be the biggest in history, had a common characteristic we’ve never seen before. They all originated from hordes of zombified IoT devices, also known as IoT botnets.

Because IoT devices are here to stay, this threat won’t be going away anytime soon. If your network includes websites and other Internet-facing applications, you need to understand what these threats are, how it can impact your business, and what we in the business community can do to protect our IT infrastructures from these types of attacks.

An existential threat with authorities behind the curve

The National Crime Agency didn’t pull any punches in the report Cyber Crime Assessment 2016, published by its Strategic Cyber Industry Group. The Executive Summary warned of “an existential threat to one or more major UK businesses” and that “criminal cyber capability development currently outpaces the UK’s collective response to cyber crime.”