A Boardroom Case 

For cyber security as a managed service

Cyber attacks on British businesses are becoming more frequent and more sophisticated – that’s a dangerous combination. Although an attack remains statistically unlikely, the chances are increasing almost daily.

Despite these trends, too many firms are still adopting passive, reactive policies, only reacting after an attack has happened. The question to ask yourself and your board of directors is whether you would be happy to leave the contents of your home uninsured, and only react if you had a burglary.

Think of your cyber security strategy as an insurance policy. While the best tools used to be affordable only to large enterprises, they are now much more accessible to SMEs. Given this, the challenge becomes how to bring it onto your management team’s agenda.

IT needs to be an innovator

As a highly digital economy, it is vital to be at the top of your game in the UK market. Whether your customers are B2B or B2C, evolving customer demands, operational efficiency, and the need to differentiate your products or services means IT needs to be at the centre of everything you do.

To do so, the limited IT resources you have cannot be consumed by tactical activities such as cyber security defences. Bailing water out of a leaking boat is a guaranteed way to ensure you never have the time or focus to drive new digital products or experiences for your customers.

By outsourcing “keeping the lights on” IT tasks such as cyber security, internal IT teams can be put to much more strategic use to innovate, create and develop. In the digital age, the reality is that every business initiative is an IT initiative – or at the very least needs involvement from IT.

Communicate the cost of an incident

Although the most common link is with paying a ransom demand, there are many ancillary costs associated to a cyber security incident – so much so that the response to the incident often proves much more expensive than preventing them in the first place.

And that assessment does not factor in the great intangible of reputational damage – the loss of public trust. In short, if your customers lose trust in you, they will leave.

Not only that, but it is estimated that only 35% of SMBs could remain profitable for more than three months without access to vital data.

To compound the issue, there is a recognised cyber security skills shortage in the UK. This makes it difficult to hire in specialist cyber security professionals, and as a result it can mean IT generalists without specific cyber skills trying to plug the gap.

Protecting the core of your business

More than 90% of successful hacks and data breaches start with phishing scams. By focusing on this threat and eliminating it, you can significantly reduce the cyber security risk factor.

By adopting cyber security as a managed service, you can focus on what matters to your without worrying about managing the burden of day-to-day IT infrastructure. With NetUtils managed services, you gain access to their highly trained, certified and experienced technical team who will manage, review and maintain your critical infrastructure so you don’t have to.

Managed cyber security versus in-house

Four ways managed cyber security services trump in-house recruitment:

  1. Remove the pain and cost of recruitment: The cyber security skills shortage in the UK makes it difficult and expensive to recruit in-house
  2. Short term-ism: The average tenure of senior security leaders is less than 3 years
  3. Fills knowledge gaps: Only 6% of companies have a CISO on the board of directors, with the result being a lack of focus on security strategy
  4. Lack of skills: The number of technologies needed in a comprehensive security strategy make it hard to acquire those skills in-house

Find out more

Article featured on the MYREDFORT community: https://www.myredfort.com/managed-security-services/the-boardroom-case-for-cyber-security-as-a-managed-service/

Cyber Security Check-In

How is 2022 going so far? 

From tighter regulations for public sector to ransomware and the continued rise of the remote workforce, the senior management team at NetUtils offer their observations on how businesses are adapting to the evolving working landscape.

The ‘great return to the office’ has not materialised as expected by most, with more organisations opting to have more staff working remotely as a permanent option.

David Bundock, Chief Operations Officer, NetUtils

The first of the studies that have looked at issues such as productivity and mental wellbeing are starting to emerge and, in many instances, home working seems to be on parity with office working and, in some cases, proving a benefit. However, organisations are now looking at the often-temporary measures rushed out to support home workers that are now becoming standard.

Where masses of laptops were hurriedly deployed, and cloud based filesharing systems were utilised to help teams collaborate – these devices and platforms need to be audited for security and compliance to standards such as GDPR. This will inevitably trigger more use of cyber security as a service – especially as the current shortage of skilled IT and Infosec staff grows.

Although Ransomware isn’t new, the last year has seen its meteoric rise in the public consciousness and indications show this year is, unfortunately, more of the same.
Malcolm Orekoya, Chief Technology Officer, NetUtils

However, the move by AXA, one of Europe’s largest insurers, to stop offering new insurance policies that cover ransom payments to criminals for French policy holders may be the start of a wider trend across the region during 2022.

The logic is that ransom payments encourage more ransomware attacks and drive up the cost of cyber security insurance policies. Although UK companies can still gain insurance policies  that will pay ransoms – assuming you can prove no liability, it’s likely that AXA’s position might spread.

The whole market for insuring against all forms of cyber-attack and outage is an interesting area and I suspect that this will gain a great deal more attention from enterprises.

Tighter regulatory oversight for the public sector.
Ashok Thomas, CEO, NetUtils

The NHS is already going through Data Security Privacy Toolkit (DSPT) processes and several recent tenders for large public sector organisations have made compliance to Cyber Essentials Plus a mandatory requirement for every supplier.

If the NHS is a template, then more public sector organisations will be required to adhere to CE+ within a few years. I’d expect these requirements to spread to anybody that supplies into the public sector.

The framework is not onerous, but it is audited which means that organisations need to do more than just a “check box” exercise so it’s wise to start looking at these optional processes now and before they become mandatory.

These are just some of the issues faced by organisations big and small, public or private sector. SMEs are often particularly vulnerable if they lack the skills and resources to adapt at the pace required.

Article featured on the MYREDFORT community: https://www.myredfort.com/managed-security-services/cyber-security-check-in/

[Blog] NetUtils’ 3 Top Cyber Security Predictions for 2022

From tighter regulations for public sector to ransomware and the continued rise of the remote workforce, read all about it from our senior management team as they weigh in on their thoughts for 2022.

Looking at 2022, and it seems clear that there will be tighter regulatory oversight for the public sector. 

Steve Nicholls, Commercial Director

The NHS is already going through Data Security Privacy Toolkit (DSPT) processes and several recent tenders for large public sector organisations have made compliance to Cyber Essentials Plus a mandatory requirement for every supplier. If the NHS is a template, then more public sector organisations will be required to adhere to CE+ within a few years. And I would expect these requirements to spread to anybody that supplies into the public sector. The framework is not onerous, but it is audited which means that organisations need to do more than just a “check box” exercise so it’s wise to start looking at these optional processes now and before they become mandatory. 

Although Ransomware is certainly not new, the last year has seen its meteoric rise in the public consciousness and the coming year will unfortunately be more of the same.

Malcolm Orekoya, Chief Technology Officer

However, the move by AXA, one of Europe’s largest insurers, to stop offering new insurance policies that cover ransom payments to criminals for French policy holders may be the start of a wider trend across the region during 2022. The logic is that ransom payments encourage more ransomware attacks and drive up the cost of cyber security insurance policies. Although UK companies can still gain insurance policies that will pay ransoms – assuming you can prove no liability, it’s likely that AXA’s position might spread. The whole market for insuring against all forms of cyber-attack and outage is an interesting area and I suspect that 2022 will be a year where its starts to get a lot more attention from enterprises.

The ‘great return to the office’ has not materialised as expected by most, with more organisations opting to have more staff working remotely as a permanent option.

David Bundock, Chief Operations Officer

The first of the studies that have looked at issues such as productivity and mental wellbeing are starting to emerge and, in many instances, home working seems to be on parity with office working and, in some cases, proving a benefit. However, organisations must now look at the often-temporary measures rushed out to support home workers that are now becoming standard. Where masses of laptops were hurriedly deployed, and cloud based filesharing systems were utilised to help teams collaborate – these devices and platforms need to be audited for security and compliance to standards such as GDPR. This will inevitably trigger more use of cyber security as a service – especially as the current shortage of skilled IT and Infosec staff grows.

Knowing where to start with your organisations cyber security can be confusing. Have you considered a dedicated cyber security platform to help reduce the risk of a cyber incident?

Webinar: Supporting your journey to compliance and beyond

The financial implications of not being compliant are enormous let alone the reputational damage that comes with a data breach! Data moves throughout your organisation at an alarming rate and data privacy will affect all parts of your business.

We can provide you with practical, pragmatic advice on meeting and maintaining regulations such as GDPR and the incoming ePrivacy regulation enabling organisations like yours to meet regulatory obligations and business goals.

Watch our on demand webinar and get some key questions answered:

  • Will there be a grace period?
  • Who owns the risk when it comes to data in your organisation?
  • What is data portability?
  • What is a data protection officer?
  • Is it mandatory to have a data protection officer?
  • How and when do you obtain consent?
  • Will you need a Privacy Impact Assessment?
  • What actions should you take next?

Register here to join our next webinar in the series on the 12th September – Network Utilities Managed Security Services.

Network Utilities and EfficientIP partner to help customers become GDPR compliant

In July 2016 Network Utilities and EfficientIP announced their partnership agreement to provide UK based customers with EfficientIP DDI solutions and draw on Network Utilities’ recognised expertise in the market and expand EfficientIP’s existing partner network in the UK region. Both company’s solutions will help organisations in a variety of public and private industries – particularly telecom – to protect their critical applications from growing threats, as well as integrate advanced network infrastructure.

With new legislation coming into effect in May 2018, this is a critical time for all organisations to focus on the strength, resiliency, and intelligence of their networks to avoid data breaches and ensure GDPR compliance. Now is the time to start building a GDPR-compliant infrastructure and providing sufficient security at the DNS level can save companies huge amounts of money and help avoid unnecessary GDPR proceedings.

David Silsby, Network Utilities Sales Director, believes this continued partnership will be beneficial to prospects and customers: “This new GDPR legislation puts the responsibility on companies to make sure their networks are as secure as possible, which will mean much more than just protecting the companies data it means protecting the whole infrastructure. No one can afford to ignore GDPR and working together with EfficientIP, Network Utilities will be able to offer customers a more enhanced security offering.”

David Williamson, EfficientIP CEO, is also looking forward to a continued partnership: “The addition of Network Utilities to our partner group is key to bringing new adaptive security solutions to their customers. The past two years have seen a dramatic increase in cyber security attacks, and DNS has been confirmed as being a weak point of the network infrastructure. We have the solution for this in our 360° DNS Security, and Network Utilities has the expertise to apply it as part of their offering.”

Network Utilities will be hosting a webinar with Martin Wellsted from EfficientIP on the 3rd May.  Register here and find out more about DNS exfiltration and how to prevent the unauthorised transfer of data from your organization.

EfficientIP webinar Twitter v2

 

Webinar – GDPR It’s coming, and it will impact your business

Are you confident in how to use and process your customer information in the light of GDPR?

  • Will your data processing involve the collection of new information about individuals?
  • Will your data processing compel individuals to provide information about themselves?
  • Are you using information about individuals for a purpose it is not currently used for, or in a way it is not currently used?
  • Will the processing require you to contact individuals in ways, which they may find intrusive?

If you answered YES to any of the above questions then you should take the time to watch our on demand webinar and find out about your obligations and how GDPR will affect you and your organisation.

Register your interest to attend our GDPR workshop – If you would like to join our GDPR workshop on the 19th April, please fill in your details below to register your interest and I will be in touch with an invitation and full agenda.

Thank you
Kara

Securing Your Network & Keeping You Compliant in 2017

Happy New YearWishing you a very Happy New Year and a warm welcome back to the office after the Christmas break.

We’ve been working hard to continue to make sure that we offer you the best IT networking & security solutions the industry has to offer. This short update will give you links to valuable resources you may find useful at the start of this year to help you keep your networks secure, fast & compliant. So please take a look and sign up for (and share!) the webinars & events coming up over the next few weeks some of the topics include; cloud security, AI and machine learning, endpoint security, threat prevention and the GDPR.

Cato Networks logo

Security in the Cloud – Are you ready to join the revolution?
Webinar – 25th January

We are delighted to announce our partnership with Cato Networks. Cato Networks is rethinking network security from the ground up and bringing it into the Cloud. Cato connects your branch locations, mobile users, physical and Cloud infrastructure into a secure and optimised global network in the Cloud. Intrigued? Join our webinar on the 25th January to find out more.

Register here for the Cato Networks webinar.

Blackfoot UK logo

GDPR – What you need to do NOW to make sure you are compliant in 2018
Webinar – 22nd February

One of our best attended webinars at the end of last year was around GDPR, so here’s another chance for you to get up to speed. Your customers are more and more aware of their entitlements around data protection; they want privacy rights and strong protections. But are you confident in how to process your customer information in the light of GDPR? Join our webinar for invaluable hints and tips on how to get GDPR compliant NOW.

Register here to attend our GDPR webinar.

Palo Alto Networks logo

Threat Prevention & Advanced Endpoint Protection
Workshop – 8th March

We continue our strong partnership with Palo Alto Networks in 2017 and are pleased to announce our first Ultimate Test Drive workshops for 2017 will be taking place on Wednesday 8th March at Palo Alto Networks, 140 Leadenhall Street, London, EC3V 4Q.

We will be running 2 free sessions on this day, you are welcome to register for one or both sessions.

Session 1: 09.30 – 13:30
Threat Prevention, Ultimate Test Drive

Session 2: 14:00 – 16:00
Advanced Endpoint Protection, Ultimate Test Drive

Register here to attend one or both Ultimate Test Drive sessions.

Cylance logo

Know the Truth
Workshop – 23rd March

Another partnership we are keen to announce is with Cylance. Cylance protects your endpoints against advanced malware with the world’s first antivirus built on artificial intelligence and machine learning. It’s AI and machine learning-based tools prevent threat execution, before the damage is done. It doesn’t simply protect against known threats, it identifies and defuses never-before-seen attacks.  Join our ‘Know the Truth’ workshop on Thursday 23rd March 2017 in central London to find out more.

Register here to join our Cylance endpoint protection workshop.

That’s it for now. If you would like further information on any of the above – and you just can’t WAIT until the dates listed – please get in touch. We’ll be on the case.

Happy January,
Network Utilities Team

Privacy Is a Human Right; do you understand your data obligations?

On Thursday we gathered together with clients at information security consultants Blackfoot UK’s head office in London to talk about a trending topic in the IT world today.

Data and Cyber Security Matters in a Post Brexit World.

David Silsby our Sales Director welcomed us on this very chilly morning reiterating the Network Utilities ethos of “Identity should be at the heart of everything we do; the identity of the individual and the device is key! Remembering Who is on your network, What they are trying to access and How is critical to ensuring your network remains secure, fast and compliant.”

Next up was Matthew Tyler, CEO of Blackfoot UK and our keynote speaker for the day. Giving us a time hop into the past where we learned some interesting facts. The European Convention on Human Rights (ECHR) came into effect in 1953 and is an international treaty to protect human rights. The definition of privacy as in Article 8 states “A right for one’s ‘private and family life, his home and correspondence’ to be free from unlawful searches”.  In the UK human rights are protected by the Human Rights Act 1998. Matthew went on to explain how the internet has changed the economics of data and contributed to the erosion of privacy, he also detailed current privacy laws and how Brexit will change the future. Below you can see the 8 principles of the Data Protection Act, governing the use of personal information which we must comply with, unless an exemption applies, the principles state that data must be:

  • Used fairly and lawfully
  • Used for limited, specifically stated purposes
  • Used in a way that is adequate, relevant and not excessive
  • Accurate
  • Kept for no longer than is absolutely necessary
  • Handled according to people’s data protection rights
  • Kept safe and secure
  • Not transferred outside the UK without adequate protection

Data is an extremely powerful tool in today’s business world. Knowing your customer well can create a tailor made customer experience. The future of business intelligence is evolving and we will soon start to see new services and businesses arise to help us harness the power of this business intelligence.

iot_of_ransomware

Protecting your customer’s data has never been more critical

The cost of a data breach can have a huge impact on you and your business including; bankruptcy, reputational damage, legal implications and of course loss of data. You need to have the appropriate security in place depending on the value of the data you hold i.e. credit card details or email addresses. Do you know the value of your data? Do your staff know what risky looks like? And are they fully trained and aware of the implications of clicking on a malicious links, for example? Research tells us you are only as strong as your weakest link, and that in most cases is your staff.

This brings me onto 5 key questions posed by Matthew around what you need to be asking yourself and your business to truly understand the type of data your business holds.

  1. Do we know what data we have?
  2. Do we understand its potential value and the associated risk?
  3. Do we know who could want our data (for good or bad)?
  4. Do we understand where our data is and who can access it?
  5. Do we know what protection our data needs?

The cost of a data breach

The Cost of a Data Breach

* IBM Security 2016 – Cost of a Data Breach Study

If you would like to know more about European regulations and what’s changing in the UK, how to keep your customers data safe and the implications of personal data being lost or misused then you can download Protecting Data and Privacy to get a full overview. Remember you are only as strong as your weakest link!

Will the defenders ever be faster than the attackers?

Our Principal Technology Strategist, Malcolm Orekoya shared his research on the current threat landscape. Did you know that 89% of breaches had a financial or espionage motive?

In order for us to understand cyber security we need to understand the cyber-crime world. These attackers have the same technology advancements that we do and they are always one step ahead. The resources are available for anyone online and you can even pay for “cyber-crime” support. Organised crime is evolving quickly due to underground criminal networks and the so called dark web. The tools are getting smarter and depending on what these criminals are after they will attack in different ways.

“Analysis of known bad malware found that the 91.3% of that malware uses the Domain Name Service (DNS) to carry out campaigns.” Cisco Annual Security Report 2016

There has been an explosion in ransomware and exploit kits are sophisticated. “The Angler exploit kit is one of the largest and most effective exploit kits on the market. It has been linked to several high-profile malvertising (malicious advertising) and ransomware campaigns. And it has been a major factor in the overall explosion of ransomware.” Cisco Annual Security Report 2016

“33% of the malware observed in 2016 research used encryption.” Trustwave Global Security Report 2016

Most legacy platforms cannot see encrypted traffic therefore there is a loss of visibility. Malicious users are aware of this vulnerability and that you don’t have visibility so exploit this lack of visibility to insert their malware into your network. It’s crucial for you to have network visibility in order to be able to effectively apply security policies.

Education

People are your best network defence, but only if they are educated to understand the risks. We advocate creating a data security awareness culture. The one constant factor that exists in all layers of security is the human element. The idea here is to educate people on common threats and their various guises, test their understanding and responses to this education over time, review the results of such tests and then repeat the entire cycle periodically over and over again. You can read Malcolm’s full blog Stop Phishing Attacks – Harness the Power of Your Human Sensor Network – Here.

It’s not if; it’s when!

You need to collaborate to stay ahead of the trends and the cyber security landscape. Think ahead to prevent future attacks. Think of the cost and rewards of investing in your network security vs the risk of not doing so. Ask yourself, can you afford to lose it all when you do get attacked?

SC Magazine recently ran a survey on 900 business and IT decision makers across the UK – EU GDPR – nine out of ten don’t understand it. A staggering 91% of respondents have concerns about their organisation’s ability to comply with GDPR. This regulation will come into effect in 2018 and the penalties will be high, that might seem like a long way away but it’s just around the corner, and you’ll need to be prepared.

Talk to specialists who are confident about compliance and threat prevention. Talk to Network Utilities.

Upcoming events:

We will be hosting another webinar on the 22nd February 2017. To find out more on your obligations and how GDPR will affect you and your organisation join our webinar with information risk, security and compliance specialists Blackfoot. You can register here.

t: 020 8783 3800 e: sales@netutils.com

About Network Utilities
Identity Centric Networks & Security

Network Utilities (Systems) Ltd have been providing identity centric network and security solutions to organisations ranging from Telecoms and ISPs to large corporates and SMEs for over twenty three years. Partnering closely with both industry leading and niche technology vendors to bring customers the best solutions the industry has to offer. Read more at www.netutils.com.