A truly agile network can only be achieved when a business has got the fundamental modern building blocks in place.
Everything is agile, or at least it needs to be. Workers are demanding more and more high bandwidth applications, customers expect responses to their enquiries and other interactions almost immediately and new software and services come down the proverbial pipe at an ever-increasing speed.
All of this, and more, places a huge strain on the network infrastructure of a business, an area of the IT landscape that often gets a little bit overlooked, when compared to that of other capabilities.
Without a network a business’s IT operations will not work. It is the central nervous system over which every last email, file and transaction is passed and it needs to be as agile in its design, operation and management as the applications that are running over it.
It would be safe to say that many networks, as SCC has found, can still be running on hardware that is more than a decade old. The structured cabling infrastructure that interconnects the networking equipment is often also in need of modernisation. These things need to change if a business is genuinely going to obtain the productivity benefits of the latest software; if not then the software and services run slowly leaving users disgruntled.
Networks once defined the perimeter of a business. They were the boundary between a business and the wider world. Those boundaries are now increasingly permeated, as a business takes on such technical initiatives as cloud, meaning that entry points into a network are now almost limitless.
To counter these challenges, whilst providing the necessary services with suitable bandwidth, a business should take a root and branch review of its network estate to introduce greater agility.
Get The Basics Right
Before being distracted by the exciting and enticing next generation software based networking equipment that leading vendors such as Cisco are offering, a business would be wise to first examine and audit one of the most overlooked but critical elements in its network infrastructure – cables! Those lengthy stretches of optical fibre and copper that criss-cross departments, buildings and locations. The bandwidth use of all users has grown almost exponentially in recent years, from streaming HD video, through to the movement of large files, cables need to cope. Without cabling at Cat6e standard, even the best designed software stack within a business will slow down. In essence to create agility, start with the basics and get the cables right.
Security continues to be a high level concern for a business as the current wave of cyber crime shows little sign of abating. As old styles of security used to rely almost on a gatekeeper model with all traffic being routed through a firewall and related appliance style devices, how can security adapt?
A modern agile network now takes an ‘entire network’ view of security. It will monitor traffic, including encrypted traffic, as it passes through and across the network. If at any point that traffic becomes suspect, the network itself will generate an alert. Security has moved from being a silo style approach, to a constant.
A Secret About Users
How many users does a network have to support? In many cases that can be thousands, and every one of those users will believe that every bit of the data that they push across the network is ‘priority 1’, but here’s a secret – it’s not.
With modern segmentation, access control and bandwidth shaping, an agile network can intelligently prioritise network traffic. If an email arrives a few seconds later does that really matter? No. But if a video conference from the board room freezes, it does matter! When designed in, the network can make intelligent decisions about what traffic really is ‘priority 1’. Leading to a far greater user experience.
Just A Few Considerations
Cables, security and segmentation are just a few of the basic considerations that underpin a modern agile network. The fact is that, once implemented, very few users will actually notice the benefits as these technologies become almost transparent in their operation and simply just work. And if a user is unhindered in their productivity by the network, then they will operate in a far more agile way. Result!
SCC works with leading vendors across both traditional networking and Cloud managed networks.
Weekly comment on the pressing IT issues.
For those in the property business location is of primary importance. So much too that it’s often repeated in triplicate, to reinforce this point. The IT industry for many years has been the polar opposite. With the continuing wiring of the world and speeds of connectivity ever increasing, the actual physical location of data appeared irrelevant.
Whether your data resided on your own in-house servers, in a co-location facility or up in the cloud in a data centre that could be located almost anywhere, location was really irrelevant as long as it could be accessed.
Things are now changing, as regulation and concerns over cybercrime increase, data sovereignty the concept that data is subject to the laws of the country in which it is physically located, is an increasingly key consideration for UK CIOs. This was highlighted by Information Age, on their website as the posed the question, “How can CIOs address data sovereignty?”
They reported on how a recently released report from Trustmarque, stated that 73% of CIOs are claiming to be concerned about the issue of data sovereignty when migrating their IT infrastructure to the cloud. As many cloud providers have data centres all over the world this can cause problems for UK organisations who are in heavily regulated industries such as the public sector and financial services who have requirements to ensure that their data is stored by cloud providers within the UK’s geographical borders.
With the new GDPR legislation now only a few months away from coming into force, more companies will have to consider the physical location of their data, to ensure compliance. The key for them all is to choose a cloud provider who can ensure UK data sovereignty.
If UBER, the US-based ride-hailing service, had been subject to GDPR legislation when they suffered their recently reported data breach then they could have been looking down the barrel of some significant financial penalties. Fines of 4% of global annual turnover or €20 million euros (£18m), whichever is higher, will be levied on a business who suffers a data breach in the UK from May 25th, 2018.
The BBC discussed with the Information Commissioners Office, the body responsible for enfacing and policing GDPR in the UK, how the UBER data breach that saw the exposure of 57 million customers details, was of great concern.
It appears that UBER did not inform anybody of the breach and then even took the dubious steps of paying a ransom to the hackers who perpetrated this crime to try and cancel it. The ICO will be working with the National Cyber Security Centre (NCSC) to determine the scale of the breach and how it affected people in the UK.
Cybercrime is sadly an ever-present and increasing menace to businesses of all sizes across the globe, with the UBER case further illustrating that everybody, irrespective of size is at risk. But it’s not all bad news.
The recently published IBM 2017 Cost of Data Breach Study (UK), independently researched by the Ponemon Institute, has stated that the time it takes to identify and contain a data breach is falling. This is the second year in a row that the cost has dropped, having steadily increased over the past decade.
Peaking at a cost of £104 per capita cost in 2015, the 2017 figures have seen it drop to £94. This is still very high but is heading in the right direction.
This decline, according to the report, can be attributed to investments in security technologies like security analytics, SIEM, enterprise-wide encryption and threat intelligence sharing platforms.
It would appear that keeping a close eye on what these threats are and more importantly, where they are coming from both of which are key elements of functionality in a managed SIEM solution, can make a tangible financial benefit to a business that is determined to mitigate its risk of cybercrime.
More justification, if it was needed, to agree with the property industry on the benefits of location, location, location within IT.
Hybrid Cloud: The Best of Both
Is a hybrid cloud approach a half hearted attempt at cloud, or does it provide the best of both worlds?
For the past few years, a cloud-first strategy has been heralded as the way that all future looking businesses must go. The combination of scalability, lower cost and greater security creates a compelling argument to migrate. But can a business genuinely move totally over to the cloud?
Admittedly many applications lend themselves to a cloud-first approach – such as email and CRM – but many don’t, especially those that may be labelled as legacy or have a high-risk perspective. This is where the hybrid cloud model comes into its own and is seen as a key stepping stone on a longer-term journey to cloud-based solutions.
Hybrid cloud, the combination of both on-premise technology and cloud-based solutions, is rapidly becoming the strategy of choice for most mid-size businesses; as it is intended to work in unison to deliver value to customers. Microsoft, in a recent survey, stated that 80% of businesses they surveyed see themselves moving to a hybrid environment.
Does that mean that a hybrid cloud is just a holding place until such time that a business can migrate its legacy technology? No. It has advantages, some competitive, some technical and operational that makes it its own unique proposition.
Scaling an on-premise IT infrastructure can be extremely expensive, possibly inefficient and in growing companies can place huge amounts of internal pressure on IT teams. By adopting a hybrid cloud environment, it gives a business the opportunity to scale out for specific workloads, allowing them to take advantage of unlimited resources based on demand-driven usage, optimising the environment for performance and efficiency.
The last thing a customer will want when interacting with a business is to lose connectivity, especially if they are part way through the process of purchasing goods or services. Similarly, the last thing a business will want is to lose a customer due to connectivity issues with their on-premise solution. The hybrid cloud solution removes this bottleneck and gives the necessary bandwidth to maintain customer demand.
The implemented hybrid cloud solution can provide a common set of management tools across a business’s entire solution, creating total technical and operational transparency. This allows a business to stay consistent within its own operating procedures, especially if they require adherence to regulatory bodies.
Hybrid cloud is all about matching the right solution to the right job. Public cloud, private cloud and dedicated servers are combined and work together seamlessly as one platform. It minimises trade-offs and breaks down technical barriers so that you get maximum benefit and improved performance from each component.
Making the move to cloud is a sensible and strategic step in the evolution of a business’s infrastructure, but very few can realistically move to 100% cloud straight away. The hybrid cloud approach gives a business access to vast public cloud resources whilst retaining its on-premise investment and established management processes.
Many commentators have often cited that hybrid cloud is a half-hearted attempt at a cloud-based solution. Quite the contrary, if implemented strategically hybrid cloud is, in fact, the ‘best of both worlds’ and provides great benefit to both a business and its customers.
SCC provides a comprehensive range of cloud solutions. We understand your data and deliver solutions that strike a balance between security, cost and control.
Empowering the CISO
Cyber risk is a boardroom issue that many don’t see as strategic. Could intelligence monitoring help CISOs change their minds?
Keeping the UK safe from cyber attacks is now as important as fighting terrorism according to Jeremy Fleming, head of GCHQ. He should know. It’s only been a year since GCHQ created the UK’s National Cyber Security Centre to protect our critical services and improve security. It has already reported over 1,100 attacks. More than 600 of these required a national response. That’s expected to increase.
None of this is a surprise to Chief Information Security Officers (CISOs) whose bread and butter is managing IT infrastructure security. But is it also the kind of evidence and trend that could empower CISOs? Namely, to persuade their boards to connect cybersecurity to business risk as a fundamental board consideration.
It’s a good question even today. In February this year, Harvard Business Review published board director views on their level of concern regarding business risks. Cybersecurity fell behind regulation and reputational concerns. Asked about strategic threats, cybersecurity fell even further down the list to tenth position behind innovation, changing consumer demand and levels of debt.
If the CISO reframed cyber security risks into business critical rather than technical terms, how much more compelling would that be for the board to act on.
Cyber intelligence and business risk
One way in which CISOs can produce the measures that persuade boards to take cyber risk seriously is through cyber intelligence and other mitigation technologies. Research shows that such monitoring has lowered the average cost of lost and stolen customer records from £104 in 2015 to £98 in 2017. Coupled with the real time information from a cyber threat intelligence solution, it makes a powerful case when communicating with the board.
Imagine the potential impact of a CISO board report using their cyber intelligence to influence decision making:
“We have detected new strains of ransomware that put our legacy systems at risk. They hold 100,000 individual records of our most loyal customers. We have a financial risk of £980,000 if we are compromised. To mitigate this risk we need to invest £200,000 to end of life our legacy systems and move to a secure cloud based solution.”
Empowering the CISO
Cyber threat intelligence which drives understanding of the potential financial impact of business risk may well be one of the most empowering tools a CISO can acquire. Without it, board cyber risk discussions lack the necessary resonance to be considered on a par with other risk concerns.
The role of the CISO is evolving and increasingly shoulders communication with the board. Learning the board’s language and way of thinking will enable CISOs to become perceived as an aid to decision making rather than simply an operational expense or technical function.
The external cyber threat landscape is evolving. New threats appear daily. What’s secure one day becomes a risk the next. Cyber security intelligence technology can effectively monitor this landscape. It enables businesses to mitigate the risks and pre-empt them from becoming active or critical.
CISOs will decide for themselves which tools to use and how to influence their boards. But they do so against the backdrop of GCHQ’s alert warning. This is an organisation known for its use of intelligence. They pull it from multiple sources, analyse it and alert the rest of us to their findings in relatable terms. Maybe we should follow their lead.
SCC and M2 Named “HP Partner of the Year” at HP Reinvent: World Partner Forum
SCC and its specialist managed print services business M2 have won the prestigious HP Inc award ‘UK&I HP Growth Partner of the Year’ at HP’s largest global partner forum, HP Reinvent.
The annual forum, hosted this year in Chicago, brought together more than 1,400 leading HP Partners from across the globe along with HP’s CEO Dion Weisler and his entire executive channel team.
The winning partners are evaluated across a variety of criteria including innovation, category leadership across print, PC and supplier, distributor and re-seller categories. Globally more than 50 partners were honored.
Pierre Jover, head of commercial and consumer channel, HP Inc. EMEA, said:
“SCC and its specialist MPS business, M2, is a shining example of why HP is so proud to be partner-first. I’m thrilled to award SCC and M2 with this prestigious honor, and look forward to continuing our partnership of innovation and growth for continued success. Congratulations!”
Will Carver, SCC’s UK alliances and partnerships director, said:
“Receiving this award is a testament to the hard work and dedication of all the teams within SCC. As HP continues the digital transformation of print and personal systems, we are delighted to bring their innovative new products and solutions to our client base and the wider UK IT market.”
John Taylor, chief executive of M2 said:
“I am delighted that SCC and its specialist MPS business, M2, were confirmed as HP Partner of the Year for personal systems and MPS respectively. With combined growth well over 50%, this growth in a challenging market place illustrates the power of the HP product set as well as the hard work, focus and commitment of the people in SCC and M2 to outperform the market place.
“Customers are seeing the value of SCC and its breadth of offering including a specialist MPS business, a unique offering in the market place.”
“HP have over 118,000 partners in the world, only 50 were recognised in Chicago and only one from the UK, SCC. With SCC acquiring M2 in 2014 to deepen its proposition, MPS growth has organically exceeded 200%. When we overlay HP’s future ambition and commitment with print having acquired Samsung we are very optimistic that the future growth can exceed the historic growth trends.”
Photo. From L to R:
George Brasher, HP Managing Director, UK and Ireland
Tony Newman, M2 Group Sales Director
Adam Booker, SCC Senior Alliance Manager
William Carver, SCC UK Alliances & Partnership Director
Neil Sawyer, HP Channel Director, UK and Ireland
Find out more about M2
GDPR: Competitive Advantage or Compliance?
The GDPR journey should be more than just another compliance challenge. Tech leaders who see it as a strategic consideration will build reputation and competitive advantage.
It is not difficult to have sympathy for the chief information and chief security officers recently ejected from Equifax after the data breach of millions of citizens. Many of us may well be thinking, ‘There but for the grace of God…’
Just how the issues were reportedly handled by Equifax is a moot point. Few other senior decision makers outside tech have the same daily pressure and challenge of mitigating such risk on a global scale.
The potential human impact of data breaches is undoubtedly a public interest issue. So it’s understandable that GDPR legislation is being enacted across the EU. In the UK, every business must implement it by 25 May 2018, not long off given the potential complexity involved.
Working up to re-engineer and implement what you’ll need to do to comply might seem like yet another burden, an imposition on the real business of performance. And yet should we view GDPR as a driver to make a competitive virtue of greater transparency and trust with our customers and stakeholders?
GDPR competitive advantage
The government’s Cabinet-led cyber security strategy is to build competitive advantage for the UK. It wants us to be one of the safest and most secure places worldwide in which to trust and conduct commerce. This might be government thinking actually stealing a march on business. That is, if you consider the confidence-sapping effect of cyber breaches on the UK’s inward investment as similar to their proven effect on corporate investors.
Regulation becoming a driver of innovation and competitive advantage isn’t new. Health and safety legislation, for example, revolutionised working practices in the construction industry. It also led to product development and greater competition in the automotive industry and beyond.
We need to think about GDPR in the same way. Visionary tech leaders will be those who create precedent and make GDPR principles a badge of differentiation and trust. Who become champions of security and transparency to drive increased customer loyalty.
Those leaders will need to act fast. Customers will soon have control over their data and so active choice about who uses it and how.
The competitive advantage approach elevates GDPR beyond a technical or compliance exercise to a board reputation management issue and its risk register. And as Equifax has shown, CTOs might themselves see it as risk mitigation for their own reputations.
Anecdotal industry feedback about the Cabinet’s attitude to breaches is there will be little empathy for business, a ‘you’ve had two years to prepare’ attitude. The UK’s GDPR enforcement body, the Information Commissioner’s Office, is unlikely to care about the practical challenges of consolidating unstructured data across multiple systems at scale.
The regulator has indicated it might allow timely correction of breaches in the first six months. But it will also likely seek a high profile, high penalty example early on to stake its power firmly onto the business psyche.
Some might think liability insurance is a ready answer and provide protection against increased penalties: four percent of global turnover compared to the current maximum of £500k. How far will that protect against reputation damage or loss of trust?
250 days to change the narrative
There’s no doubt that GDPR presents some complex practical implementation issues. Much of that depends on the type of personal data a company holds about individuals. It also depends on how it’s used and the nature of supporting infrastructure across locations and business groups.
SCC will shortly launch an autumn/winter information campaign to simplify implementation. We want to raise awareness of the diverse issues CTOs and their staff need to consider.
In future, GDPR will seem as commonplace to consumers as safety on construction sites or seatbelts in cars. With some 250 days to go, now is the time to change the narrative of the GDPR effect and see it as the opportunity it truly is.
SCC further reading
Other related links
SCC: A Record Year in FY17
SCC announces record earnings to complete its three year plan to build a world-class IT services business.
- £1.7bn turnover, up 8.7% across EMEA;
- EBIT up 39% to £25m (EBITDA at £41m up 26%) across EMEA;
- Record earnings of £17.2m for the UK business (before interest and tax);
- UK Services turnover up 10% to £194m;
- UK Data Centre Services revenues up 29% to £56m;
- Services business now represents over 31% of UK revenues.
SCC witnessed an exceptional financial year – delivering record earnings of £25m (up 39%) across its EMEA businesses.
The year saw SCC achieve its three year plan in the UK to grow a world-class services business across cloud, data centre services, managed services and managed print; services revenues now account for over 31% of revenues at £194m – an increase of 10% on the previous year.
Data Centre Services turned over £56m in the year – up 29% – as SCC completed its current investment programme, bringing additional capacity to its UK-wide network.
Customer relationships were key to SCC’s progress; business was enhanced with all key major accounts including the Department for Work and Pensions, DXC, Northern Gas and Ladbrokes.
New customers also added to SCC’s growth, securing new contracts with Grafton Group, Interserve, Liverpool Victoria Insurance, Secure Trust Bank and Skipton Building Society.
Early in 2017, SCC opened a new Global Delivery Centre in Vietnam to complement its near-shore customer support operations in Romania. The new centre offers Data Centre infrastructure support for round-the-clock customer service and access to additional technical skills, as well as software development capabilities.
The year was rounded off with a number of key industry awards underlining SCC’s dedication to delivering outstanding IT services. These awards included winning the coveted Service Desk Institute’s Best Managed Service Desk of the Year, PIN’s Outsourcing Company of the Year along with IBM’s UK Services Partner of the Year and Cisco’s Public Sector Partner of the Year.
SCC Chief Executive, James Rigby comments:
“We’ve had an exceptional year to close off our three year plan of building a more agile and focused business delivering the very best services to our customers.
“Our future is as an IT Services business, delivering solutions around data, cloud and cognitive computing supported by our next generation Global Delivery Centres across the world”
“Growth through our Services business will continue as this gives us recurring revenues that enable us to invest in the right areas to support our customers now and in the future.”
Passing the buck – who pays for IT?
The word ‘investment’ is often put next to IT spending and budgets in order to make the costs sound palatable. Organisations want a ‘return on investment’, many try to measure it and some even succeed. But not many. Perhaps IT could be thought of as something to consume, not own?
The problem is that like most industrial progress, IT is still rapidly evolving and expanding its capabilities. This means more spending on IT. According to recent Quocirca research, IT spending is flat for two in five UK companies but growing for the rest. For one in five it is growing fast. Costs are rising because IT has the potential to be used by more people for more purposes. IT departments struggle to cope with this as they often lack staff or the right skills and end up having to spend so much time and effort simply supporting and managing what they already have. Innovation is hamstrung by legacy.
Simply increasing budgets (even where this is possible) is not the solution. From the research, IT capital expenditure constraints are a significant reason why it is difficult to secure IT funds, but changes in business requirements tops the list and growth in user demand is also high up. Financing needs to go hand in hand with flexibility. Clearly a different approach is required.
Looking to the cloud
For many, public cloud services provide an opportunity to shift expenses to the operational expenditure (OpEx) side of the ledger, which many chief financial officers (CFOs) appreciate. Quocirca’s research shows cloud adoption is widespread in around a fifth of companies – both public and private cloud – and around half of UK companies are expecting overall cloud usage to grow. The primary drivers for public cloud in particular, revolve around reducing upfront outlay and adding flexibility in both cost and headcount. Even security, once a significant concern, is now thought to be being addressed.
There are significant challenges with cloud. A pay-as-you-go cost model seems appealing, but there may need to be significant architectural changes and costs up front. Once in place, costs can grow unpredictably. Most cloud services are delivering flexible technical capacity, with investment costs spread as OpEx, but this does not necessarily match the business requirement.
Hybrid cloud, hybrid financing
While public cloud has flexibility for providing certain resources – storage, compute power and application platforms on demand – this does not account for all of IT requirements. The end user needs other IT systems in order to access cloud services. A hybrid architecture, with some elements deployed on premise, often fits well from a technical, management and governance perspective. But it may not offer complete commercial flexibility as it will require capital expenditure (CapEx) and upfront investment.
Increasingly there is an appetite for delivering more IT capabilities as a service. This includes the well-established managed print services (MPS). The research also shows increasing interest in desktop as a service, mobile device management and video and collaboration services.
This means there needs to be a more all-encompassing hybrid model for financing, based on consumption of IT services in a manner that makes sense to the business user, that ultimately is paying for it and can measure the value. This is not something that should be tackled in the ‘shadows’, hidden away from IT. Shadow IT can be embraced and managed by the IT function. This can then act as a service broker by integrating a mix of internal and external capacity and capabilities to deliver the services required by the business.
Consumption based IT
Organisations prefer to spread costs over time and dependent on usage. Over time means that upfront CapEx can be avoided, with predictable recurring costs spread like a subscription. Rather than variability in capacity an initial service level should be agreed upfront. Pre-agreed and priced ‘burst through’ capacity could be made available and then be measured and billed for, only if used. Instead of just applying this approach to individual services from the public cloud, with the right financing this could be applied to all IT systems; moving the model from ‘owning’ IT assets, to ‘consuming’ them.
With this type of financial model, organisations have the technical flexibility akin to public cloud, shifting CapEx into OpEx. IT can be consumed as a service, with the value delivered much more closely aligned to costs. The details from Quocirca’s research (commissioned by Rigby Capital Ltd) and information for organisations considering how consumption based IT might work for their business, is available in the report which is free to download below.
Note: This Quocirca Insight, written by Principal Analyst, Rob Bamforth, first appeared in Tech Target, June 2017[expand title=”The Next Step in Digital Business Transformation – Download Now”][contact-form-7 id=”28804″ title=”Passing the Buck – Download”][/expand]
SCC Wins HPE Enable Digital Partner of the Year Award
SCC has won the UKI 2017 “Enable Digital” Award for Hewlett Packard Enterprise (HPE) at this year’s HPE Global Partner Summit in Las Vegas.
The HPE Partner of the Year Awards recognise the outstanding performance and accomplishments of HPE business partners, which raise the standard for business excellence and customer satisfaction. Winners are chosen for their ability to drive meaningful business results for their shared customers, and for enabling organisations to embrace new digital technologies.
Upon receiving the award, SCC was commended for its success in delivering value to customers through implementation of HPE’s Synergy platform. SCC offers this as a platform through which it can develop innovative hybrid cloud solutions, such as automation of services.
Jonathan Charles, Account Manager at HPE said: “[This is a] great accolade for all of SCC’s fantastic work around Synergy; Hybrid and everything Digital. Very well deserved!”
SCC also stood out for its investment in developing highly trained teams providing ongoing technical support to customers, as well as helping them design best value solutions for their individual business requirements.
The award was accepted by William Carver, Alliance Manager at SCC, who said: “We are extremely pleased to have won the HPE 2017 ‘Enable Digital’ Partner of the Year Award, based on our outstanding success in delivering HPE’s Synergy platform.
“The success this award is celebrating is a result of the close working relationship that we have shared with HPE for over 20 years.”
SCC is one of eleven HPE Platinum Partners in the UK and is the only company to hold accreditations across each of HPE’s business groups.
William Carver added: “HPE is one of the most important vendors for us in terms of our ability to create new services based on a trusted infrastructure. We trust HPE to provide the best technology at the best price, which allows us to complete unique solutions for our clients.
“We have repeatedly demonstrated to our customers that they can not only save money through Synergy, but also that it can be a key strategic platform, that can allow their business to grow into the new world of hybrid cloud deployments.”
Phishing, Whaling, and Zero Days …. What Does it all Mean?
As new security issues are revealed they are given names. Understanding these and keeping up with current threats is a challenge.
To help navigate the waters, we have produced a high-level Jargon Buster, shown below:
Definition: “criminal activities carried out by means of computers or the Internet”
- The generic term for internet based criminal activity and generally is a collective term for the elements used below
Definition: “a type of malicious software designed to block access to a computer system until a sum of money is paid.
- This is typically where a vulnerability in existing software is exploited which denies organisations access to devices, systems and data and a ransom is demanded
- Typically the ransom is paid in cryptocurrencies such as BitCoin and doesn’t guarantee the release of the infected devices
Definition: “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”
- This is effectively a confidence trick, that utilises an existing relationship between an end user and an organisation to extract information that the user thinks is bona fide
Definition: “the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information”
- This is a more recent approach that has yielded success which focuses on a subset of individuals that are more trusting. It is usually undertaken in phases where willing ‘clickers’ are syphoned out for the full attack
Definition: “the fraudulent practice of sending emails ostensibly from a known or trusted internal manager in order to induce targeted individuals to reveal confidential information or transfer money”
- As a derivation of a big phish (sic), whaling is a practice where internal emails are sent from addresses purporting to be the CFO, CEO etc. to encourage employees to engage in schemes of sharing data or investing in company schemes
Definition: “malicious or vulnerable code included in a commercial off the shelf software application that can be exploited at a future date”
- Typically this is where ‘unknown unknowns’ are exploited to drive other cybercrime within an organisation using the affected software application
Definition: “a virtual space in which new or untested software or coding can be run securely”
- The challenges with sandbox testing are often that under production systems the results of the test are quite different and can result in infections not picked up in a sandbox environment
How Can SCC Help?
SCC has a set of security based services to ensure you can prepare, plan and react to any security or cyber challenges that may be a risk to your business:
- Accredited and experienced advisory services across a number of security vendors such as Cisco and Fortinet as well as Symantec, Mimecast, McAfee and CheckPoint
- Multi-layered design approach considering security a whole for our customers taking into newer technologies such as Sandboxing
- Security solution based on business need considering both on premise and cloud subscription services to build Advanced Threat Protection and defence in depth into the security fabric
Contact SCC today firstname.lastname@example.org