An airtight DRaaS and VMware Cloud solution

With 39% of UK businesses identifying a cyber-attack in the last 12 months and around one in five (21%) of these reporting a sophisticated attack such as a denial of service, malware, or ransomware¹, most of us know just how essential Disaster Recovery (DR) is.

Being proactive in protecting digital data and customer assets is no luxury when you also consider these cybercrime risks in the context of increased remote working and assets that are dispersed across locations.

Cloud-based DRaaS (Disaster Recovery as a Service) is a cost-effective, fast and airtight route to this protection.

We are now VMware Cloud and DRaaS verified

QuoStar has VMware Cloud and DRaaS verification across our next generation private cloud platforms. This can help you to safeguard valuable assets quickly and effectively against the disasters that carry a real risk to your applications and infrastructure.

Tailored to your VMware environment

By designing a DRaaS solution specifically for your VMware environment, we can give you peace of mind that your data is protected, without the need for capital investment or upskilling within your IT team.

This fast, efficient and secure disaster recovery solution, which can be from on-premises to cloud as well as cloud to cloud, gives you the benefit of:

  • Automated recovery and fallback
  • An RPO (recovery point objective) as low as five minutes
  • Reduced operating costs
  • In-house IT team freed up to focus on high-value projects

Fast, non-disruptive DR testing

Backups and disaster recovery need regular validation to ensure they will work when needed. Our cloud-based DRaaS solution reduces this risk with fast, clean simulated DR testing in minutes. This regularly scheduled testing, which is required for proper DR planning and validation, does not impact on your ongoing DR activity or IT team.

Protect collection of VMs (vApps)

The enhanced grouping and protection workflows within our service help to preserve recovery priorities and network configurations for virtual apps (vApps), eliminating the need for manual scripting and shortening RTOs.

Bandwidth monitoring

Our DRaaS solution gives you visibility into what DR is adding to bandwidth, which helps to troubleshoot latency issues. It also offers capacity reporting, identifying what DR is consuming in storage on the target environment.

Remove complexity and overhead

Working in partnership with QuoStar on a DRaaS and VMware Cloud solution gives you peace of mind that core DR operational work is managed and continually updated in line with regulatory and compliance mandates. It removes complexity and overhead from your organisation.

Neil Clark, Director of Cloud Services at QuoStar: “QuoStar obtaining both VMware Certifications (Cloud and DRaaS Verified) rubber stamps our commitment to building the best-in-class Private Cloud Platforms.

“QuoStar understands that cutting corners at this level can be catastrophic and, a lot of the time, holds businesses back from moving to the right cloud solution. By using an industry leading solution like VMware, we can provide the most reliable, highly performance and cost-effective solution to our customers.

“QuoStar’s private cloud is just one part of QuoStar’s multi-cloud solution, allowing our customers to benefit from the advantages of each cloud platform.”

Contact one of our Cloud specialists to find out more about QuoStar’s DRaaS and VMware solution.

_
Statistics: ¹ Cyber Security Breaches Survey 2022

How our Fortinet SD-WAN solution delivers security at scale

If your organisation is considering SD-WAN (Software-defined Wide Area Network), then effective networking and built-in security should be integral to your decision.

In partnership with Fortinet, QuoStar is one of 15 SD-WAN specialised partners in the UK. We offer a solution that achieves safer, more cost-effective and efficient SD-WAN implementation. Here’s how:

SD-WAN explained

With dispersed workforces, new digital tools and cloud adoption at an all-time high, many organisations are turning to SD-WAN. This virtual WAN architecture brings together existing internet connectivity options, such as MPLS, Broadband, DIA and LTE, to securely connect users to applications, while simplifying the control and management of this connectivity.

SD-WAN solutions help to remove complex and expensive routing, cut down on hardware costs and remove expensive MPLS networks. They can also greatly enhance access to Software as a Service (SaaS) and other cloud-based services and help to minimise downtime.

The issue

However, many available SD-WAN networking solutions have little or no built-in security, which can lead to organisations adding a range of disparate tools to address these risks. This increases capital expenditure, raises complexity and creates potential gaps for cyberattacks.

A fully integrated, secure SD-WAN solution is the best way to ensure effective protection, operational efficiencies, and on-going readiness for evolving network demands.

QuoStar’s SD-WAN solution

Working in partnership with Fortinet, who have been recognised by Gartner as a Leader in the 2022 Gartner Magic Quadrant for SD-WAN for a third year in a row, QuoStar’s SD-WAN solution brings extra security protection and enhanced performance to the existing benefits of SD-WAN. These improvements include:

  1. Protection at all edges

Native security for both on-premises and cloud-delivered services, to provide flexible, secure access for a distributed workforce working on and off the network. Unified orchestration capabilities further provide end-to-end visibility and control of the network environment.

  1. A world-class user experience

Our solution overcomes WAN impairments at all edges using our comprehensive self-healing SD-WAN as well as AIOps and Digital Experience Monitoring (DEM). There are no network slowdowns thanks to our purpose-built security processing units, and application performance is maximised with artificial intelligence and machine learning.

  1. Reduced costs and complexity

Significantly lower operational complexity and low total cost of ownership is achieved with converged networking and security. Our unified SD-WAN solution secures remote workers and on-premises users with consistent policies.

You should investigate SD-WAN if:

  • You’re a largely distributed company experiencing network problems.
  • You’re particularly vulnerable to internet outages.
  • Your internet connectivity costs need to be revaluated.
  • You want to simplify the branch architecture.
  • You’re in the market to affordably expand your company’s network.
  • Your company needs to scale quickly and easily.
  • You would like to enable reliable user experience on any transport with rich routing and advanced WAN remediation for self-healing networks
  • SD-WAN control and management across multiple locations is providing a challenge for businesses with IT resources facing skill gaps

Obtaining a Secure SD-WAN Assessment Report will give you unmatched insight into your current security posture and network activity. Learn more about your network by registering for a free assessment here.

Free SD-WAN Assessment

Why you need an Azure Landing Zone

If your business uses Microsoft Azure, you also need a well-designed and structured Landing Zone. A Landing Zone is a key component of the Microsoft Cloud Adoption Framework, helping organisations to better manage and scale their public cloud environments.

What makes up a Landing Zone?

In terms of Microsoft Azure, a landing zone is a combination of multiple subscriptions within an Azure Environment. These subscriptions are already set up for all areas of the platform that may be required to support the environment, whether that’s Infrastructure as a service or Platform as a service.

You could view a Landing Zone as foundations, built on solid practice and design considerations, which you can build on, expand and scale as required. The design of these foundations will differ, and the basics can be laid out differently from one Landing Zone to the other, as there is not one single design for all types of infrastructure.

While Landing Zones can vary due to their modular design and business requirements, they usually cover certain design areas, as below:

alz-design-areas

Landing Zone Design Areas

No matter what type of deployment you are designing, be it enterprise, hybrid-cloud, or a simple, small POC (proof of concept) environment, each design area listed should be considered within a Landing Zone.

  • Enterprise enrolment – have we set up a tenant that will support growth and scale? How will we license it?? CSP, EA etc?
  • Identity – How are we going to control identity and access? Serious consideration should be given to how this is managed.
  • Network topology and connectivity – What will our network look like now and how will this scale and grow? What design considerations, such as segregation, do we need to consider?
  • Resource organization – How will we organise our resources to allow for growth without red tape? What are our needs around business areas, different teams, subscriptions? And how we implement this within management groups?
  • Governance disciplines – How do we stay compliant? How do we enforce security requirements? How do we ensure our data sovereignty?
  • Operations baseline – How will we manage, monitor and optimise our environment? How will we maintain visibility within our environment and ensure it operates as required?
  • Business continuity and disaster recovery (BCDR) – How will we plan and design for continuity and protect our data? Have we considered the need to replicate data or provide a method of restoration? Do our proposed methods meet the RPO and RTO objectives of our organization?
  • Deployment options – How will we deploy our Landing Zone and resources moving forward? Will this be a manual process? Will we consider Infrastructure as Code? What methodologies for deployment could we use? 

We’ve helped several customers get their landing zone to good by deploying QuoStar’s best practise landing zone framework, which implements current governance best practises, cost management protection and parameter security. This has helped them to get to a position where they have the correct foundations build upon, future proof expansion and allow adoption and implementation of a continuously evolving best practise frameworks.

As a leading Microsoft partner, contact one of our Cloud specialists today to find out more about our services.

Why MFA is no longer enough

Two step authentication

It’s time to let go of the view that multi-factor authentication (MFA) provides enough security.

Hackers have the means to steal passwords, hijack users’ sign-in sessions and bypass the authentication process entirely, even when MFA is enabled. Adversary-in-the-middle (AiTM) attacks may be nothing new, but the ability of criminals to bypass MFA is.

What’s new?

Attackers can now intercept the legitimate session cookie issued by a real website, along with the authentication token.

The sophistication of these modern AiTM attacks has been highlighted by Microsoft, who explain how AiTM phishing attacks work.

In simple terms:

  1. An attacker sends a cleverly crafted email (phishing attack) which looks legitimate
  2. An unsuspecting user clicks on this link, which takes them to the attackers’ ‘spoof’ website
  3. The attackers’ website silently and transparently forwards on the request to the real site (Office365, Google etc) for authentication
  4. The user sees the real website and enters their credentials to authenticate

The attacker can now silently intercept this data while it passes through their website

Cookie theft

Ever wondered how you can launch Edge or Chrome and navigate to your Office 365 email without being prompted for authentication? Or launch Outlook or Teams without being prompted for authentication?

This is because you have already done that once and have a safely stored session cookie which is valid for a set number of days.  This is what the attacker is after and once they have it, they have easy, instant access to your email or Teams account.

 

Build multiple layers of protection

A multi-layered approach to security is the key. Relying on a single security mechanism such as MFA is like putting all your eggs in one basket. You need to reduce the possibility of security compromise by adding more control layers.

  1. Enable MFA if you haven’t done so already. Without this, it’s like having a toy padlock on your front door.
  2. Raise awareness. This is the most effective and essential step of all. Educate users on how to spot phishing emails and when they should and shouldn’t enter their credentials.
  3. Implement advanced email filtering. Reduce the chance of attacker emails reaching users’ mailboxes by deploying Content Filtering, Sender Filtering and Safe Links. These are must-haves.
  4. Implement a Web Proxy. These may be usually considered a mechanism to stop people accessing Facebook or eBay during working hours, but when combined with Deep SSL Inspection, a Web Proxy can inspect all traffic leaving the organisation and track known suspicious or malicious content and sites.
  5. Implement EDR. Next Generation anti-virus/anti-malware technologies with an Endpoint Detection and Response (EDR) service overlay can detect threats in your networking environment and respond to them appropriately, automatically, and ideally with a human interaction when required.
  6. Implement Microsoft Conditional Access Security Defaults. Conditional Access policies allow IT admins to create conditions before events, such as authentication, can be accepted. This could include enforcing MFA when logging into any Azure integrated Cloud App, including Office 365, to block sign-ins from untrusted locations or from unknown devices.
  7. Implement Least Privilege. If an attacker manages to penetrate all these layers you can still limit the damage done. If the end user does not have local admin rights, then there’s a good chance that the attacker will not have these when they compromise that machine. Another, possibly even more important, step is admin account separation

None of these controls are particularly new. They are in essence good practice and should be implemented as a base standard in all sizes of IT estate. The majority shouldn’t even cost significantly to implement if anything.

Find out how QuoStar can help to evaluate your IT security and safeguard your enterprise from attacks with a complimentary consultation with a member of our security team.

 

Cloud adoption: Understanding and avoiding the challenges

Cloud adoption

 

QuoStar’s Rob Rutherford shares a few helpful hints and tips.

Certain issues can arise around cloud adoption. However the risks can be mitigated when you know what to look out for.

 

The increasing popularity of cloud services and software.

There’s been a huge move onto the cloud recently, particularly around providers such as Microsoft’s Azure and the Modern Workplace stack. Microsoft Azure has, for example, reported growth of 51% in Q4 of 2021. This is a huge leap as businesses look to the cloud to improve their hybrid working environments and security.

Many organisations already on the cloud have been transitioning into a public-private hybrid model, or between two public providers to get the right workloads onto the platform to balance performance, security, and cost.

Inter-cloud high-availability and Disaster Recovery environments are areas where we’ve also seen a lot of interest, in order to protect cloud platforms from the failure of one provider or environment. In the longer term – considering state-sponsored attacks and skirmishes will likely become more prevalent in the future – we can expect to see businesses relying more and more on those types of inter-related environments to ensure a greater level of protection.

 

Cloud adoption: the challenges and barriers.

IT used to be solely seen as a supporting element of the business. One of the main challenges to cloud adoption now lies in the fact that many organisations have built up a technical debt over the last five years. They are trying to transform their businesses rapidly to catch up with the digitalisation of their sector.

Without a true grasp on how to deliver transformation strategies, many businesses have not been undertaking business focused requirements, analysis or mapping projects into a clear roadmap. Instead, they’ve tried working things out themselves. Often this can hold organisations back as they struggle with interoperability and performance issues.

A significant challenge in the actual process of migrating to the cloud is finding a reputable and experienced partner to assist in the cloud transition journey. Unfortunately, on the one side, a lot of cloud providers simply focus on getting the deal signed, and not necessarily on delivery. On the other side, many buyers are too focused on flat costs. Buyers may end up choosing those providers who appear to be the cheapest on paper. As a consultancy, we’re then often brought in to unpick a situation that has been created by rushing through deals.

 

Balance between cost efficiency and performance.

Preparation is key to any migration. It’s essential that an organisation doesn’t simply take the word of a salesperson on how long a migration is going to take, how much it’s going to cost in the first instance, and then on an ongoing basis.

All too often migration projects need to be pulled back on track. Performance issues might need to be addressed in an environment (ideally without a price increase from a customer’s point of view). Which can be hard – if not impossible. Quite frequently the ROI stated in a cloud provider’s proposal falls away as the realities of a complex workload bloom. This is where an organisation has signed an order and gone through significant (and often horrendous) migration, only to be left with a screaming user base and/or customers. The pain they’ve incurred often means they make drastic decisions. Such as wiping out ROIs, increasing the security risk profile or getting into further contractual obligations.

Most cloud providers will give an organisation some form of free trial on a workload. The larger the workload the more complex this gets; however commercial deals can be made.

It’s critical that organisations do their due diligence and build in contractual obligations. This will help to ensure the supplier delivers the desired outcome they expect. It may even be advisable to bring in external consultants, and/or lawyers to take some accountability for the project delivery. Especially when looking at large scale migrations.

 

Avoiding performance issues during cloud migration.

It’s always a good idea to over-resource when undertaking initial migrations. A large percentage of environments take up more resource, especially in the early stages of a heavy migration.

One of the biggest areas people typically under-resource is disk speed, in terms of IOPS (Input/Output operations Per Second). Too many organisations throw memory (RAM) and processor power at an underperforming environment. While it’s the disk speed that is the bottle neck. This isn’t a new cloud-related issue. However, too many IT teams spend time chasing their tales when the speed issues are in fact related to disk IO. Often many cloud provider support teams don’t seem to understand this in the lower support tiers, so be aware.

It’s worth being careful if you are paying for disk IO and/or network ingress or egress traffic. This is often where cloud costs start to spiral away from the original quotes first agreed upon. The public cloud often appears cheaper than private platforms when you go light on these costs. It’s worth checking these beforehand. It’s important testing your environment under load or having the cloud supplier make some guarantees around costs.

 

If you’d like some advice on cloud adoption get in touch with our experts today.

Current Cloud considerations

current Cloud considerations 1

 

QuoStar’s Robert Rutherford sheds some light on which key Cloud considerations organisations should be looking at regarding their cloud platforms. 

 

The pace of change is obviously fast right now, and organisations need to ensure that they have built in flexibility in their environments, allowing them scale up and out of the environment with ease. That sounds simple enough right?

 

Cloud considerations: #1. The ability to scale-out is critical

The ability to scale-out is particularly relevant now, as there is widespread focus on infrastructure, system rationalisation and simplification. This is going to be essential to facilitate and support various ‘digital transformation’ projects. You can only move quickly and take advantage of opportunities – and outpace threats – when the base platform/infrastructure is simple. And importantly, you aren’t locking up valuable capital or getting locked into restrictive contracts.

Cloud considerations: #2. As the saying goes – don’t put all your eggs in one basket!

Many cloud buyers believe that it’s necessary put all your ‘eggs into one basket’ in relation to cloud. They will also be sold that by many of the cloud providers, simply focused on what they are trying to sell – or simply what they know.

In the current landscape, some form of hybrid public-private cloud infrastructure will deliver the best value and balance between performance, flexibility, security, and cost. With this in focus, we are seeing a rapid rise in multi-cloud management and monitoring solutions.

Licensing is an ever-changing beast that needs to be watched, almost continually. Compliance is an issue, in terms of ensuring your licensing is correct, thus your billing too. Also, the software houses continually change their license model, and their product bundles – just take Microsoft as one example. If you don’t keep up with the changes then you can miss out on significant cost savings, functionality improvements and security enhancements.

Cloud considerations: #3. Reviewing business continuity is more important than ever.

It’s important to review business continuity now. Many organisations haven’t really given business continuity much focus since the pandemic started. The risks of significant system outage or a complete cloud outage is a reality, especially with the rampant rise of the cybercrime industry, and now the real risk of widespread state sponsored attacks. Even if an organisation itself feels secure and doesn’t have availability concerns, they should still be doing their due diligence across their supply chain.

Cloud considerations: #4. The threat landscape is getting larger

As we know ransomware is a huge threat to the corporate network. However, a big threat to cloud platform is the rise of DDoS ransom attacks – which are rising. Organisations should be evaluating their supply chain’s protection from DDoS attacks as well as their own. DDoS is easy to do and it’s a growing exponentially as it moves from a protest type attack into a revenue generating one.

The general ramp up of the cybercrime industry means that organisations of all sizes should be overlaying security governance onto their cloud partners. Many IT and business leaders believe that as they outsource their infrastructure or service, they are outsourcing accountability for risk, and its management. However, you can’t outsource ultimate accountability for risk to a third party, it won’t wash with clients or regulators if there is a breach. Businesses must be verifying the security governance within their supply chain and also testing it where appropriate.

Cloud considerations: #5. Continuous verification of all users is a must.

In terms of specific focus on technologies and trends, Zero Trust Network Access solutions should be assessed and generally deployed to protect the disparate work force and the cloud platforms and applications. There is a real need for continuous verification of all users, and their devices as they access corporate data and applications as required. Implementing zero-trust access includes requiring strong authentication capabilities, powerful network access control tools, and pervasive application access policies.

Of course, as well as implementing various security controls, it’s critical to also join up the monitoring and reporting, which is why SIEM (Security Information and Event Management) is becoming more and more critical.

“It’s all very well putting up security cameras (the controls) but you still have to monitor them (SIEM) and also respond (Security Operations Centre).” – Robert Rutherford, QuoStar CEO

 

For more support, get in touch with one of our Cloud specialists today here.

The cyber-war era: the rapid growth of the threat landscape

cyber security skull banner

 

In this blog we explain what you should be looking out for in the cyber-war era, and how you can best protect the cyber-security of your organisation.

 

The threat landscape is accelerating faster as global tensions grow over the Russia Ukraine conflict. The Cyber-war is well underway, with Ukraine rallying troops for the frontline of the cyber battleground

Cyber-war era: as cyber security threats rise, what should you look out for?

Amid the tensions of early 2022 cyber-attacks were already on the rise, with threat actors targeting both Ukrainian organisations and their government. Although there are still questions around who may be responsible for some of these attacks, Ukraine firmly believes Russian state actors are responsible – and evidence would strongly suggest that is the case.

Since the Russian invasion began in Ukraine on 24th February 2022, businesses and government institutions globally are on high alert for state-sponsored cyber threats – with banks, energy companies and airlines undertaking additional work to strengthen their defences against such attacks. There is an underpinning fear that this could be the new era of global cyber-war.

DDoS attacks

Cyber-attacks on state-owned digital assets such as the Ukrainian Defense Ministry and Military websites increased in February, as they were hit with DDoS (Distributed Denial of Service) attacks, along with two large Ukrainian banks – PrivatBank and Oschadbank. In this case, the websites were flooded with traffic to the point that they crashed, making the websites unusable.

FoxBlade

Microsoft has issued a Security Intelligence advisory about FoxBlade, a novel trojan. This trojan can use your PC for distributed denial-of-service (DDoS) attacks without your knowledge.

Malware

HermeticWiper / FoxBlade (aka KillDisk)

At the end of February, there was the discovery of the new wiper malware that had been unleashed – dubbed HermeticWiper by some and FoxBlade by others. As well the as DDoS attacks mentioned above, it was designed to wipe the hard drives/system storage of the systems infected, corrupting all the data in the drive – making the data unrecoverable – then initiating a system shutdown. It has been found on Ukranian computers, as well as on machines in Latvia and Lithuania.

Furthermore, a “worm component” dubbed HermeticWizard, has been discovered that could be used to spread the HermeticWiper in local networks.

FoxBlade (HermeticWiper) also downloads and installs other programs – including other malware – onto infected systems, Microsoft has advised.

IsaacWiper

Cybersecurity experts identified a second wiper cyber-attack, named IsaacWiper, targeted at Ukrainian governmental networks according to a report on Tuesday 1st March. The second wiper attack was detected on 24th February and is described to be a lot less sophisticated than HermeticWiper.

Cyclops Blink malware

The UK’s NCSC (National Cyber Security Centre) and the US CISA (Cybersecurity and Infrastructure Security Agency) have released details about a new malware targeting network devices, which they attributed to Sandworm – a threat actor previously attributed to the Russian GRU’s Main Centre for Special Technologies (GTsST).

Cyclops Blink is a new piece of malware that targets network devices – supposedly being used by the Sandworm threat actor – a replacement for the VPNFilter malware 2018. The malware collects device information, sending it to a command-and-control server. It can download and execute files, as well as getting additional modules at a later date.

Cloned websites

Researchers have identified a web service hosting cloned copies of websites. A number of Ukrainian government websites were cloned, along with the main webpage of the Office of the President. These sites were filled with malware links, that once clicked, would download on to the user’s computer.

 

What does this cyber-war era mean for nations other than Russia and Ukraine?

 

Whenever one nation launches a cyber-attack against another, it doesn’t just increase cyber risk for the nations involved. It also impacts global cyber risks. The Cyber Attack Predictive Index (CAPI) tool, created by Johns Hopkins Information Security Institute, has hit its highest possible threat likelihood level, at a score of 25 (out of 25) under the current situation.

While the aforementioned attacks aren’t particularly sophisticated, and can be mitigated with the right cyber protection measures, these types of attacks have previously been used as a diversion tactic in order to lay groundwork for more damaging, sophisticated attacks.

Exposure or risk

As the EU, UK and the US impose sanctions on Russia and Belarus there is greater chance of being at risk of targeted cyber-attacks, as retaliations make take place from the Russian and respective forces. Companies across Britain have been warned to prepare for a heightened security risks as the UK placed sanctions on three of Russia’s wealthy allies.

UK organisations have been urged by GCHQ’s National Cyber Security Centre (NCSC) ‘bolster their online defences’ and warned that there has been an ‘historical pattern of cyber-attacks on Ukraine with international consequences’.

According to Laurance Dine, global partner, X-Force Incident Response, IBM, businesses need to start operating under the assumption of compromise, and put in place the proper controls and measures necessary to defend their environment and critical data.

The UK government may well be taking their own measures to defend the cyber security of the nation, as secretary of state for defence, Ben Wallace, told parliament in reference to the National Cyber Force: “I am a soldier, and I was always taught that the best part of defence is offence… What is good for the goose is good for the gander, and that if necessary we could use cyber warfare to give as good as we get back to Russia.”

High alert for the energy sector

This week (28th February 2022) the UK Business Secretary, Kwasi Kwarteng, is holding talks with the chair of National Grid amid anticipation of a surge in state-sponsored cyber-attacks from Russia. A wise move considering that, in a recent report published by IBM Security, the UK’s energy sector was the target of 24% of all cybersecurity incidents in the country last year. It is also thought that Russia was most likely responsible for the SolarWinds and Colonial Pipeline attacks of 2020 and 2021.

We recommend:

  • It may seem obvious but evaluate the controls you have in place against cyber-attacks, particularly ransomware.
  • Pay close attention to the news cycle in relation to this situation.
  • Pay attention to the types of attacks that are coming through via security feeds.
  • Keep everything patched.
  • Watch out for any suspicious traffic that may be coming from outside of the country.

At QuoStar we are committed to helping you and your business remain secure. Our experienced industry professionals are here to give you measured and realistic advice.

Evaluate your protection against currents risks, book a complimentary initial cyber security review session with our Head of Security David Clarke.

 

Cybersecurity recommendations for the Finance and Banking sector in 2022

Finance and banking image

Cybersecurity attacks strike at the heart of an institution’s reputation.

If data is compromised, trust can be shattered. Like all service providers, financial firms depend on their painstakingly-built reputations to stay in business. Consumers must be confident that their financial information – and money – is safe. Guarding against cybersecurity threats is crucial.

These risks increased in 2021, with ransomware attacks rising by 288% last year. Given the global ransomware industry now generates annual revenues of over $1.5 trillion, this growth is unlikely to slow.

A new critical vulnerability was also recently exposed in Log4j, an open-source logging library that is used by a range of apps and services. This offers criminals with minimal knowledge the chance to infiltrate IT systems in order to steal passwords and data, and compromise networks with malicious software.

Cybersecurity is now being taken seriously at the highest level. In May 2021, President Biden’s Business Office released new advice about ransomware and how firms should guard themselves. This guidance offers financial firms eight main lessons to take into 2022:

1. Back up your data

Many firms back up their data only at weekly intervals, or longer. Should a cyberattack occur, they could therefore lose up to seven days’ worth of data. Further, the longer the interval between backups, the longer it takes to restore lost data in the event of an attack. The effect on productivity could be devastating. Firms must equip themselves with technology to backup and restore data quickly and reliably, potentially by working with specialist partners. It’s also important to note that traditional backup systems are often a primary target in a ransomware attack, so firms need to ensure they have specific solution in place to protect backups from being encrypted.

2. Implement an efficient patching system

It is not sufficient to patch IT systems on a weekly or monthly basis. Firms should be constantly monitoring their systems and resolving vulnerabilities. But as patching can cause outages, firms should invest to mitigate its impact on productivity. Technology is available that increases the speed of patching, reducing the time systems spend down. Bursting frees up resources for critical IT applications, allowing high-priority work to continue during outages. Hot standby systems also ensure that essential systems continue to function.

3. Vet your suppliers

Even if a firm’s systems are sound, there may be a way-in because of vulnerabilities in suppliers’ networks. Undertaking due diligence is therefore crucial. One way of vetting a supplier is to request their Software Bills of Material (SBOM), which lists all open-source components in their software for IT professionals to review. SBOMs also allow firms to see which software versions their suppliers are using. Firms should ensure that versions align throughout the supply chain, and that all suppliers operate within high-standard risk management frameworks. Ideally, all partners should be ISO27001 or SOC2-accredited bodies. Firms should not be shy in asking suppliers for certification or auditing their cybersecurity processes.

4. Maintain best practice

Firms should ensure best practice is in place, and that procedures are evaluated continuously. It is best to have evidence of these practices – such as by obtaining an ISO27001 certification, which recognises a high standard and continual management of information security. Systems must be regularly reviewed for any potential vulnerabilities and asset registers should be maintained, to ensure no risk is missed. Asset registers also mean a firm can prioritise by criticality – offering the most protection to its most important assets. Organisations should deploy well-established Governance, Risk and Compliance (GRC) practices. These embed risk management into everyday activity, making it easier to manage – and ensuring decisions are consistent and effective.

5. Obtain specialist detection systems

A Security Information and Event Management (SIEM) solution is now essential to continually monitor system logs within an organisation. This allows activity to be monitored comprehensively by professionals, who are also notified of anomalies, and can respond to block and remediate issues. This may require specialist security technologies and skills or working with external partners.

6. Segregate your networks

Both the UK and US governments state that network segments should be protected individually. Segmentation helps prevent attacks reaching other parts of the network, containing malicious activities to one part of the system and thus limiting damage. Micro-segmentation is even more effective, by establishing isolated zones within networks, protecting specific workloads individually. This stops lateral movement of malware through an entire system. Segregation is easy to install and manage, offering demonstrable benefits within a short period.

7. Consider hardware tokens

Hardware tokens are a physical device that are plugged into USB ports. They generate a random number, which expire after one use and are valid for a limited period. This number is needed to log into the computer along with a username and password. It is a form of two-factor authentication that is effective at preventing account takeovers and ransomware attacks.

8. Undertake resilience exercises

Financial firms should undertake resilience exercises to analyse their capacity to withstand cybersecurity attacks. By working through all the components of their technology infrastructure, organisations can analyse their resilience to cyber threats and review how strong the links within networks and systems are. Having identified the weaker links, firms can then ensure that appropriate mitigations are in place, or that the risks are understood. This helps business to respond to a cyberattack, while minimising the risk of any attacks being successful.

A growing threat which is often undertested is Denial of Service, where a bad actor swamps an organisation’s network connections, putting them offline. A financial firm needs to fully understand how they will respond, long before an attack ever happens.

The cybersecurity risks for financial firms are clearly increasing, but they are not unmanageable. By implementing this guidance, organisations can achieve more comprehensive and effective security operations, with systems resilient enough to withstand both emerging and existing threats. In turn, this will reduce the risk of reputation-damaging data breaches and regulatory scrutiny – whilst keeping clients assured they are in safe hands.

If you’d like further support please contact us, or you can sign up for our Cyber Maturity Assessment here.

How can businesses redefine their BYOD IT strategy in 2022?

BYOD strategy

 

Pandemic “quick fix” BYOD strategies are simply not enough in 2022.

BYOD Policies have been a hot topic for a while now, even pre the pandemic. But now that the new working environment norm of hybrid and out of office working is here to stay, BYOD strategies need to be reconsidered.

 

Specific examples of BYOD/IT strategies and how these have worked practically, including benefits and drawbacks:

BYOD (Bring Your Own Device) strategies usually work best for organisations when they are limited to mobile phones. After all, the days when employees had a company mobile phone are coming to a close, and for good reason. Most people have their own personal mobile device that can be used for work tasks, so why have two phones?

Indeed, the rise of ‘soft phones’ means that giving out a mobile number over a business number is no longer necessary when dealing with corporate calls or texts. This allows businesses to keep better control of its telephone numbers which are, in effect, company assets.

Also, some employees might feel reluctant to use their phone data for business activities. Although, this issue has started to progressively fade, as most phone contracts now include unlimited calls and data bundles. Whilst businesses don’t need to cover the whole cost of data and calls, providing a nominal allowance can be a good way to deal with any reluctance.

 

Is there a flexibility versus security consideration to be had, or is this a false dichotomy?

With a large percentage of workloads, security that can be implemented on company devices is often significantly greater than a personal device. However, if businesses want to find a balance between flexibility and security, one option is to choose a CYOD (Choose Your Own Device) strategy, which gives employees a feeling of choice but one that is balanced by the secure controls required by an employer.

That said, we would expect BYOD strategies to be more widespread across businesses in the coming years. This is because more and more applications and systems are becoming either web or cloud-only solutions, particularly as interoperability and usability improves to support a hybrid workforce. Until then, the application stack in organisations isn’t quite where it needs to be.

 

Why are pandemic “quick fix” BYOD strategies not fit for purpose in 2022?

When the pandemic first hit, many organisations rushed into a quick fix by making BYOD arrangements in a bid to keep their staff and their business operating. However, a substantial number of companies simply haven’t re-evaluated their risk profiles since implementing these systems, nor have they evaluated the technical and policy-based controls that are required.

This is a significant concern that organisations should look to address urgently, alongside other measures they should consider taking, such as a review of methodology and ideally bringing in a formal IT security governance framework, such as ISO 27001 or IASME.

 

How can attackers take advantage of vulnerabilities and misconfiguration in devices and networks?

Any significant holes in an organisation’s security will be found and exploited by attackers in the current cyber threat landscape. These vulnerabilities may be as small as a simple missing security patch. Or an insecure home or public WiFi, misconfigured local firewall, or even an employee who is unaware of current threats. Whichever gap in security it is, a hacker or one of their automated systems will find it. Especially as they are incentivised by financial gain. Indeed, the global cybercrime industry is now worth over £6 trillion – three times the size of the crypto market, so companies have everything to gain from investing in their IT security to protect them from cyber threats.

 

If you’d like to talk IT Security or Consultancy with us, get in touch here.

Welcome to the team!

Welcome new starters 2022

 

Welcome to the team!

QuoStar continues rapid expansion in 2022 with a series of key hires

  • QuoStar has announced a series of new hires to support its 2022 growth trajectory
  • New additions to the team include Alan Drake joining as Service Delivery Manager, Rob Goult as Senior Technical Consultant and Cliff Woodward as Relationships Manager
  • New members of the team and further product launches are set to be announced in the first half of 2022

QuoStar has bolstered its team with a raft of key appointments as part of its growth forecast in 2022.

10 new team members are in place and all bring extensive knowledge of working in the IT industry to QuoStar’s already highly experienced team, with a few more senior tech high hitters in the pipeline to come onboard by May 2022.

Alan Drake joins QuoStar as Technical Service Delivery Manager with over 25 years’ experience in the IT industry. Alan rose through the ranks of service through to Technical Service Delivery Manager at GCI. Alan will step in to lead QuoStar’s new 24/7/365 UK-based manned service desk, which launched at the beginning of 2022 and provides customers with all-hours IT support from highly skilled professionals, 365 days a year.

To assist him in his role, Drake is joined by Liam Baxter, Greg Foster and Carl Bennett from Nasstar, who each bring upwards of six years’ experience working in IT services.

QuoStar being joined by such seasoned professionals in the industry has meant the business has bypassed ‘first line support’ – which in turn means clients will automatically be communicating with someone far more experienced in their field.

Further appointments at QuoStar include Michael Swart, who joins as a Technical Consultant with more than 30 years’ experience, Joanna Roper as Service Desk Team Manager with close to 30 years’ experience in tech and telecoms, and Rob Goult, who steps in as Senior Technical Consultant. Goult brings with him over 20 years’ prior experience supporting decision-makers in the IT industry to develop and implement cost-effective technology solutions.

The QuoStar team has also expanded their team of Relationship Managers. The team has been joined by Cliff Woodward and Jody O’Reilly, who both bring over a decade’s experience each in business development within the tech space, and Andy Green with over two decades experience in the field also. Reece Scarley, a previous QuoStar employee, returned to the company at the end of 2021 too, taking the position of Professional Services Consultant, to architect technical solutions and to help with project delivery.

This latest announcement is part of QuoStar’s 2022 rapid growth trajectory, which has also included the unveiling of a brand refresh led by its new Marketing Manager, Teila Hurlock-Phillips, who joined the company mid-2021 – with two previous marketing roles in the tech industry under her belt among others.

Already this year QuoStar has been busy sealing deals with some high-end, high-brand customers, and is due to announce further key product launches over the coming months. The company has some more high-ranking players joining the QuoStar family soon, and some very exciting changes afoot, that are set to shake up the industry this year!

Robert Rutherford, CEO at QuoStar comments:

“These new additions to our QuoStar team have been driven by our commitment to deliver the best service possible for our clients.  All our new joiners have many years of experience working within IT services and we’re extremely pleased that they’ve chosen to bring that experience to QuoStar.

We spent a lot of time during COVID positioning the business to come out stronger and with all the services mid-markets need in a forever changed world. We’ve released a raft of new technical, security, cloud, and strategic services, with our 24x7x365 manned UK service desk being a critical piece of our services wrap.

“These are very exciting times for QuoStar and we look forward to seeing the positive results that the growth of our proposition and team will bring for our clients.”

 

If you’re looking for IT Support, look no further. Contact us here.