Archive for January, 2023

Responding to and Securing the Future

Responding to and securing the future By Michael McCann, ANSEC IA 

What is clear is that we are moving to a more integrated digital landscape. The need for cyber security is therefore more important than ever before. And it is something in which everyone must play their part, and with the rate of cyber-attacks on the rise, we all need to be prepared. Ensuring that systems are properly configured and regularly patched is absolutely critical. 

For context, the Cyber Security Breaches Survey 2022 report from UK National Cyber Security Centre (NCSC) results show that in the last 12 months, 39% of UK businesses identified a cyber-attack. The survey also found that enhanced cyber security leads to higher identification of attacks, suggesting that less cyber mature organisations in this space may be underreporting. 

Of the 39% of UK businesses who identified an attack, the most common threat was phishing attempts (83%). Of the 39%, around one in five (21%) identified a more sophisticated attack type such as a denial of service, malware, or ransomware attack. Despite its low prevalence, organisations cited ransomware as a major threat, with 56% of businesses having a policy not to pay ransoms. 

At ANSEC, cyber response is what we do, and we see an ever-increasing sophistication in cyber threats. Organisations must work diligently to stay ahead. As a business, understanding the risk to your organisation is the first step in your defence. Many companies are investing in the latest technologies and solutions in order to improve their own automation. This includes artificial intelligence and machine learning, to better detect, prevent and respond to threats. Solutions such as Extended Detection and Response (XDR) and Security Orchestration Automation and Response (SOAR) are being used to analyse patterns in digital activity and flag potential threats. These automated processes lead to faster response times which have proven invaluable in halting a cyber-attack before it escalates. 

Some larger organisations are investigating the use of tools such as ‘honeypots’  – a virtual trap to lure attackers which means that businesses can study techniques and indicators of compromise to improve security policies and processes. 

So, what can SMEs do? 

Understanding and testing plans across all areas of business  – not just those controlled by IT -continues to be extremely important. In addressing the possible repercussions of security incidents, it is vital to ensure that all business stakeholders understand how to: 

  • invoke the plan; 
  • utilise the platform on which it will operate; 
  • have a clear understanding of the steps needed to support mitigation. 

Simulating common breaches increases corporate cognitive ‘muscle memory’ and sharpens the skills needed to execute response playbooks and runbooks, should a breach occur.  Learnings from such exercises help to improve the security and the posture of any organisation, large or small.   

Many cyber-attacks are successfully launched due to user error. Educating users and leadership boards provides a key foundation in preventing attacks from being able to progress through cyber security best practice, such as:   

  • using secure passwords; 
  • multi factor authentication; 
  • avoiding suspicious links or attachments. 

By investing in the right technologies, anticipating incidents, educating users, and better leveraging existing security assets to defend against attacks, organisations can ensure that they remain secure in the face of the ever-evolving cyber threat landscape. 

Is Cyber Insurance worth the paper it’s written?

A lot of companies are looking at Cyber Insurance, however, the article from ‘Zurich Insurance CEO: Cyber Attacks will be ‘Unisurable’  indicates there is a thought that a cyberattack may be become uninsurable, why is that? Hear from Kevin Lyons, 3rd Line Engineer, at Outsource Group talk about how to mitigate against this and limit your attack surface.

Besides potential loss of data there are days of lost or disrupted productivity investigating, restoring and rebuilding the system.

I have worked with some great people in the cybersecurity field and concluded no system can ever be completely protected; all you can do is make your attack surface as small as possible and put up as many defences as possible and hope that the potential attackers move on or a breach is limited. How do you do this?

1. Limit where company data can be accessed – if a user has three devices it is a bigger attack surface than a user having one device.

2. Think seriously about BYOD – are users accessing data with devices that have at least equivalent security to your company devices?

3. Are all systems as up to date as they can be – how do you patch Microsoft products, well generally through Windows update but what about other applications on your systems?

4. Are you running out of date systems because of out of date applications? – a company’s key system maybe does not run on the latest version of Windows so the older version of Windows is sometimes at the heart of their network potentially exposing every other connected system.

5. Do you have proper segregation in place, do external people come in and connect to your corporate Wi-Fi? – there is no feeling what their device has on it and how it could potentially interact with your systems.

6. Do you setup and review security groups for folders and applications? – if a user does not need access to a share file share/application then them having it increases the attack surface.

7. Last but not least are your users aware of the threat out there? – users sometimes think that IT is there to stop them doing something because they don’t like it; the problem is sometimes the user’s ‘solution’ actually creates a bigger security hole as they don’t understand why access is being restricted. Talk to the users and let them know what you are up against.

If there are any questions then please ask us Outsource Group or ANSEC IA LTD

#cybersecurity #segregation #cyberattack #updates #domain #userexperience #awarenesstraining #byod

Merry Christmas from all the team at Outsource Group

Wishing you a Merry Christmas and a healthy and happy New Year from all the team at Outsource Group. Thank you for your continued support and wishing you a successful 2023. We’ve had a busy year at HQ and here are some of our highlights and best bits throughout the year. 🤩

#oneteam #tech #talent #culture #growth #events #awards #charity #run #health #dreamteam #securityfirst #managedservice #cloud #telecoms #connectivity #security #thankyou

https://vimeo.com/manage/videos/783300817

HO HO HO – Santa arrived at HQ

Another fantastic effort by the team at Outsource Group. This year our chosen charity was to support Mission Christmas | Cash for Kids Northern Ireland and we had a special visitor to come collect the toys himself. 😜🎄

#christmas2022 #cashforkids #missionchristmas

IoD Director of the Year Awards

 IoD NI & AIB (NI) Director of the Year awards

CONGRATULATIONS to Eamonn BuntingOutsource Group

who has been crowned winner in the Small to medium business category at our Director of the Year Awards!

Special thanks to our category sponsor
Ulster University Business School

#DOTYA22 #leadershipmatters

Empowering Women to Lead Cyber Security

We could not be prouder of our colleague Sandra Quinn on graduating from ‘Empowering Women to Lead Cyber Security’ program. Well done Sandra, you rock 👊

#cybHERNI #Cybersecurity #femaleleaders #talent #NICyberSec #womenintech #womenincyber #inspriation Empowering-You

 

‘An exit doesn’t form any part of my definition of what success looks like’

BELFAST TELEGRAPH INTERVIEW: 15/11/2022

Terry Moore founded Outsource Group 22 years ago, and his ambitions haven’t dimmed over those two decades. A sale of the business definitely isn’t on the cards.

The managed IT services and security provider has 70 staff and is on course to employ 100 people. Last year it acquired cyber-security provider ANSEC IA.

This year, it secured three new contracts for its OSG Cloud business from transport, homeware and hospitality companies, and announced the appointment of Novosco co-founder Patrick McAliskey as chairman.

Terry says: “My aim is to grow Outsource to be the number one managed services and security provider in Northern Ireland.

“To me, that probably means sticking at it and getting the job done, and not going for an exit.

“I have an image in my head of what success looks like and exit doesn’t form any part of that definition.

“The group is at about £10m in revenue and our aim will be to push out, maybe moving to £40m.”

Our interview takes place during a wave of job losses in the tech sector, affecting big players like Twitter and Meta.

Another big headache, that’s particularly acute for tech and IT, is the dilemma over whether to coax or even force your staff back into the office.

Terry thinks the best approach is a middle of the road one. A bit of the office can do us good, he maintains. “Somebody explained it to me yesterday as, on the one hand you give your kids medicine, they don’t want it and you don’t want to have it give it to them, but everybody will feel a lot better once they take it.”

The issue of working from home has been a bugbear for new Twitter owner Elon Musk. He banned remote working, not long after sacking half his workforce.

“There’s a lot of upheaval and everyone is trying to interpret the upheaval in their own way so the story suits their own agenda,” Terry says.

“I would say that certainly there’s been a far amount of fat built into that industry over the years and it certainly feels like job losses were always coming.

“The size and economics of some of those businesses doesn’t seem to stack up unless they can continue to fuel continuous, stellar growth, and that doesn’t seem as if it was ever likely.

“But they’ll maybe confound us all and reset and go again.”

He thinks there are big questions for the industry over remote working. “There’s the idea that you just make it okay to never work in the office again, then there’s the Elon Musk approach that if you want to work from home, you work somewhere else.

“There are two extremes, and the best approach is probably somewhere in the middle.”

His own business, which includes ANSEC IA after acquiring the cyber-security specialist last year, has a routine of getting people in on ‘core days’. “It’s trying to create moments where groups of people can get together so that we get that overused word, ‘synergy’.

“It’s very hard to achieve that when people aren’t rubbing off each other and getting those wee interactions that produce something that wouldn’t have existed otherwise.

“I wouldn’t say we’re forcing it or taking a really heavy hand, but we’re trying to say that there are loads of benefits to being around each other.

“One of our best people has worked in Scotland from the day we hired him. He’s been in our building in Antrim about 10 times in the last four years. But we do have a number of roles where it’s just impossible not to come into the office, and with those, we have to say, remote won’t work.”

The company last month took its workforce on a teambuilding weekend in Spain, involving watersports and socialising. “No matter what they say, people want to be together again.

 

Outsource Group founder Terry Moore: ‘An exit doesn’t form any part of my definition of what success looks like’ – BelfastTelegraph.co.uk

Find out how we...
can help you

Get in Touch