Wavenet

Who Are CyberGuard?

Wavenet — 29/11/2022

Back in September 2022 MIM Patron CyberGuard (part of the Wavenet Group) hosted a Made Masterclass to support members in strengthening their cybersecurity. As part of this event, Nick Johnson provided more information on just who CyberGuard are, which you can discover in the clip below.

Nick Johnson, Head of Advisory Services, who has worked for over two decades in IT and Security, delivered a 15 minute presentation to discuss:

- How increasing your focus on cyber security can add value to your business

- Why the use of automation and continuous testing in cyber security need to be adopted as standard

- Where to start when maturing your Cyber Security posture

If you missed Nick's event, then you can watch it back in full now on Made Talks, or watch the short clip below. For further support from CyberGuard (part of the Wavenet Group), you can get in touch on 01299 873800.

What is Penetration Testing?

Wavenet — 02/08/2021

Penetration testing (or pen testing) is a vital tool that businesses can use to ensure their data remains safe and secure against a wide variety of cyber threats. The process essentially consists of running a simulated attack on your current cyber defences and identifying where any weaknesses may be. Once these weak points have been identified it becomes much easier to develop a highly effective cybersecurity strategy.

Pen testing acts as an incredibly efficient way to identify these weaknesses as many businesses and business networks have never previously suffered an attack. It is only in the aftermath of such an attack (or simulated attack) that these issues become clear.

Penetration testing differs slightly from a vulnerability assessment in that there is a simulation (or ‘ethical hack’) that takes place. When carrying out vulnerability tests, you are merely getting an overview of systems in place and potential areas of risk. When used in conjunction with one another, penetration testing and vulnerability testing are powerful tools against any potential threat.

Benefits of Penetration Testing

The benefits of pen testing are there for all to see. In the modern age, businesses simply cannot afford to be reactive to cyber threats. Doing so costs companies around the world millions each year. As well as being a proactive approach, there are various other benefits associated with penetration testing.

Proactive

As we mentioned, by assessing the risks your network faces you are taking a proactive approach to cyber threats. It is much easier to keep malware out of a system than it is to get rid of it once infected.

Helps to Identify Specific Areas of Weakness

Pen testing generates very specific and accurate reports. Employing experts to ‘hack’ a network using the same techniques and reacting to the same elements as malicious hackers would, a clear and accurate picture is painted.

Produces a Clear Plan of Action

Once the testing has been completed a full report is compiled, complete with actionable steps to prevent malicious attacks. We can support you through the process of implementing these points to ensure network wide compliance and overall security.

When Should I be Pen Testing?

Conducting penetration testing is always a good idea. That being said, there are some key periods when businesses can particularly benefit and when carrying out testing is slightly less disruptive.

Changing IT Infrastructure

If your company is already planning changes to its IT infrastructure, pen testing is the perfect tool for identifying alterations that need to be made to security. It is also useful to conduct another test once the changes have been made in order to assess their effectiveness.

When Launching New Products or Services

When launching new products or services your business may be exposed to new threats that you have not prepared for or even considered previously. Carrying out pen testing is a great way to mitigate these.

In the Event of a Business Merger or Acquisition

When substantial change happens to a business, such as going through a merger or acquisition, new threats can become apparent. This may be due to an infrastructure overhaul or website migration.

Checking Compliance With the Appropriate Security Measures

If you’re running an audit of your current security measures then penetration testing is another element you should add. Simulating hacker activity provides incredibly useful insight that is otherwise difficult to obtain.

Bidding for Large Commercial Contracts

It goes without saying that if your company is involved in bidding for large contracts then you become an attractive prospect to malicious hackers. Make sure you’re protected against the worst outcomes by ensuring your security measures are up to scratch.

Using or Creating Custom Web Applications

If your organisation uses or builds custom applications then you need to ensure they are not a point of weakness. Particularly with new applications, it is important to conduct security analysis that includes pen testing.

Cyber Guard and Penetration Testing

Our team of experts are highly skilled at conducting these ‘ethical’ hacks and identifying security issues that your business may need to address. Cyber Guard is CREST accredited, ensuring peace of mind that we only use both secure and ethical methods during testing.

We are also part of the Tigerscheme Certification. This scheme verifies us further as technical security experts approved by the National Cyber Security Centre (NCSC).

Get in touch with our team today for full information on how Cyber Guard can help protect your business against malicious threats.

Why is Patch Management important?

Wavenet — 14/09/2021

As individuals, we will likely patch our home devices on an ad-hoc basis. Our programs and services either all have their own automatic patching, or we’ll simply download patches as they become available, and if we know about them. In a business or organisation running anything from dozens to hundreds or thousands of different endpoints, there needs to be a system in place to manage and ensure the patching process. The first line of defence against hackers for any business should be an up-to-date, properly patched and sanitised IT system.

The importance of proper patching procedures goes right to the basis of the business. This is not just a security consideration, but one that affects operational efficiency. If different teams or departments are operating with different versions of the same software, productivity and efficiency can suffer as a result. There is a risk of costly downtime while any issues are fixed; so, enterprises need to ensure that parity is maintained between all different instances of software, services and operating systems in use.

But it is the vulnerability to cyber-attack that is the most dramatic effect of poor patching. Bache Brown & Co, a leading Chartered Certified Accountants firm, explains [1]: “As with any business, IT is crucial to our success, and if our business is at risk of a cyber-attack, it can cause severe losses, from reputational damage to downtime disruption…All the main tools we use…rely heavily upon IT, so all of our systems need to be working efficiently and securely otherwise we would not be able to operate as a business.”

On the security side, proper patching is the first and best defence against vulnerabilities, one of the most troublesome security risks due to their unpredictability and potential severity. Developers work hard to discover and fix any vulnerability or flaw in the software they provide, but a zero-day vulnerability is one that is not yet known to either vendors or creators. If hackers discover this vulnerability first, they can exploit it, infecting a business’ devices with ransomware or causing a costly customer data breach.

Most of the time, a zero-day is reported or discovered and fixed by the software providers before hackers can significantly capitalise on it. However, if a patch isn’t implemented at the user end, a fixed zero-day effectively remains an unfixed zero-day for the user. The original software provider can do nothing to protect a business that doesn’t implement their patches. The infamous Equifax breach from a few years ago was caused by a failure to fully apply patches to known vulnerabilities. One obscure server was left unpatched, allowing the hackers an entry point into the system.

It has been estimated [2] that at least 60% of data breaches are caused by known, unpatched security vulnerabilities ‒ so proactive patching is the best policy. A patch management service gives businesses a specialised team who can take a proactive approach to organising and managing the patching process. It can provide a clear scope of which software and services are critical to the business and improve uptime and security. But is it really necessary to use an external specialised team for this?

Don’t manage alone

For many businesses, the approach to patching goes no further than the policy level. As important as it is to keep all the enterprise’s systems up to date, it is often left to the individual users to make sure their devices are in line with the company’s requirements. Effective oversight and enforcement of this kind of approach is often impossible, especially in larger organisations. Placing the responsibility to stay up-to-date on employees increases user friction, harming productivity and increasing the likelihood of non-compliance. Many organisations struggle to patch in a timely manner, with over 40% of companies taking longer than a week to deploy security patches.

A priority for 2021 is ensuring that patch management is implemented on all remote devices, in response to the workplace changes made by the Covid-19 pandemic and the lockdown landscape ‒ many of us are now working from home using either our personal devices or an authorised remote device owned by the business. This has decentralised the workplace to an unprecedented degree, making coordination with system updates more difficult than ever.

The key to successful patching is to always use legitimate patching sources, directly from the vendor. Attacks against SolarWinds and Ukrainian banks recently demonstrated why. Hackers are always looking for potential vulnerabilities to exploit, and sometimes an insecure patching process can create just as much risk as unpatched systems. Supply chain attacks can compromise update sources or create fake updates that result in users directly downloading malicious software when they think they’re keeping themselves secure.

We saw a long, destructive example of this last year with the SolarWinds/Orion attack [3]. The US-based IT vendor SolarWinds, and its management software Orion, was compromised by probable state-sponsored hackers. Malicious code was injected into an Orion update, which then found its way into the systems of many SolarWinds client organisations, including several US government departments, during normal update procedures. It was a case of doing harm while attempting to be good.

Another type of supply chain attack that abused the update process became known as a ‘Magecart’ attack. In 2018, British Airways became a victim. Details from around 400,000 customers were stolen; and in October 2020 British Airways was fined £20 million by the Information Commissioner for the incident. Magecart takes advantage of failures to manage patching and updating.

On rare occasions, even official patches will introduce new zero-day vulnerabilities – or reintroduce known vulnerabilities. In 2019, Apple’s mobile operating system iOS inadvertently restored a previously fixed security vulnerability that would allow hackers to take complete control of a user’s device.

In-house management of the patching process might be tempting, but with all the issues and pitfalls that can affect a business’ security and productivity, this often becomes unworkable. Companies not only need to ensure that all relevant endpoints have proper oversight, but also need to be on-guard for fake patches, supply chain vulnerabilities and even security issues from the official patch sources. Again, going directly to the vendor can mitigate any doubt. It’s impractical to leave everything to individual employees but automating updates to always accept the latest patch can be difficult to set up effectively and reduces the business’ ability to respond to new security threats.

Making patching work

It’s clear that as the business, IT and cyber security landscapes have evolved, patching can no longer be an afterthought ‒ but it remains a complex and difficult process that is too often ignored or got wrong. An external patch management service allows for a specialised team to not only make sure every endpoint and service is in line with the business’ requirements, but also monitor new patch releases and scan for supply chain vulnerabilities. OGL Computer, along with its cyber security division CyberGuard Technologies, has partnered with many organisations to provide the kind of responsive, proactive and adaptive patch management service that enterprises need in 2021 and beyond.

The positive results of a patch management service, and other specialist cyber security services such as EDR and SIEM are best observed in action. Bache Brown & Co’s Director commented on the scope of help that OGL’s patch management can provide: “CyberGuard and OGL have vastly improved our efficiency and contributed to our business growth. Their effective IT support for any workstation issues is greatly appreciated and they have significantly enhanced the security for our file server. They were also very resourceful with their assistance in us becoming GDPR compliant.”

OGL can work with businesses to not only improve their patch management procedures and systems, but tailor the service to the business’ individual needs, creating the most effective solution for any given situation or requirement. As Bache Brown & Co’s director observed, “The service is fully managed and tends to operate behind the scenes. It ensures that our software is up to date so that we never have any problems, offering us peace of mind. We also have a daily report from OGL identifying any issues, which constantly keeps us informed of any potential problems.”

For more information on OGL Computer’s Patch Management service, check the information page [4], for answers to key questions about patch management [5].

References:
[1] https://www.ogl.co.uk/bache-brown
[2] https://www.darkreading.com/vulnerabilities---threats/unpatched-vulnerabilities-the-source-of-most-data-breaches/d/d-id/1331465
[3] https://www.blackhatethicalhacking.com/articles/free-access/solarwinds-supply-chain-hack/
[4] https://www.ogl.co.uk/patch-management
[5] https://www.ogl.co.uk/why-do-i-need-patch-management

Tackling the cyber threat to manufacturing businesses

Wavenet — 10/11/2021

The manufacturing industry has become a major target for ransomware attacks. The reason is simple: if criminals can cripple the operational technology that controls the manufacturing plant, a company will rapidly come to its knees. With no product to sell, any company will fear for its existence – and with that fear, the criminals believe any manufacturing company will be more likely to pay a sizable ransom to stay in business. Sophisticated cyber criminals understand this. They choose and research their targets and set their ransom to the maximum amount they believe the company can afford to pay.

For many years, the manufacturing industry didn’t worry about cyber threats. Its operational technology (OT) was air-gapped from outside interference, and was therefore safe from external compromise. This is no longer true. The advent of the fourth industrial revolution – otherwise known as business digitisation – has eroded that airgap. IT and OT are now totally interdependent. Bringing down a manufacturing company’s IT will almost certainly have a knock-on effect against its OT.

A classic example was seen in the U.S. with the recent ransomware attack against Colonial Pipeline. Colonial rapidly shut down the pipeline and paid the attackers’ demand for almost $5 million in bitcoin. The immediate assumption was that Colonial’s OT had been compromised. But this wasn’t true – it was Colonial’s payment IT that was crippled. Having no ability to be paid for its oil was as destructive to the firm as having no oil to sell.

But it gets worse for the manufacturing industry. Small firms might believe they won’t be targeted because attackers know they cannot afford to pay a large ransom. While it is true that they may not be targeted by the big gangs, they are still subject to untargeted spray and pray attacks. These attacks can use large scale spam and phishing campaigns that simply compromise any target that is within reach – the gangs neither know nor care who they are.

A recent example was the July ransomware attack against the UK’s Northern Rail. Northern Rail was ‘taken back’ by the UK government last year. The UK government does not pay ransoms. Any criminal gang that targets companies for big pay-outs would know this – that in fact there was no possibility of gaining any return from the attack. Northern Rail wasn’t targeted – it simply got in the way.

There are other reasons for small companies to suffer ransomware – they may be the victim of a supply chain attack against a larger enterprise. A small manufacturing company may well supply goods to a larger manufacturing company. If the small company can be compromised, it could yield trusted credentials into its larger customers’ systems – who could then be targeted with ransomware for a much larger sum. But since they’re already inside the small company, the criminals will drop ransomware there as well – either just because they can or even to cover their tracks.

Cyber-attacks and ransomware cannot be avoided

The UK Government’s Cyber Security Breaches Survey 2020[1] states, “Almost half of businesses (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (68%), large businesses (75%) and high-income charities (57%).

This is almost certainly no longer accurate. The survey used data from 2019 – that is, from a pre-pandemic Britain. Since then, attacks have increased, ransomware has surged, and the combined effects of Brexit and pandemic have weakened the financial standing of most small businesses.

Detailed ransomware figures for the UK are hard to find and of doubtful accuracy. Companies prefer not to admit being breached, and will often quietly pay a ransom rather than face the censure of government advice not to pay. A study by Sophos[2] in 2018 followed bitcoin transfers and concluded that about 233 victims worldwide had paid a SamSam ransom. This is many times more than the number of companies that admitted to being breached, and relates to just a single type of ransomware from a single criminal gang.

The unanswered question today, is how many companies already struggling with the economic climate can afford to pay a ransom – or ignore it and face the consequences – and still manage to recover?

Ransomware has evolved into something now known as a double extortion attack. The attackers breach the target, steal confidential and personal information, and then drop the ransomware. The first extortion is a demand for money (usually bitcoin or other cryptocurrency) to release the encrypted files. If the victim refuses to pay, the second extortion comes into effect: the attackers threaten to expose or sell the stolen data.

This is a double whammy for the victim. First it must cope with the business destructive effect of the ransomware, and then it must cope with either or both confidential data leakage and data protection fines. The UK’s current data protection law is effectively still GDPR, and could lead to a maximum fine of £17.5 million or 4% of global turnover, whichever is the larger.

Integrated defence that can cut across the attackers’ kill chain

Manufacturing and other industries cannot avoid being attacked. The only way to cope with the destructive and expensive nature of ransomware is to prevent a successful attack. This is not easy. The old advice to ensure good backup to allow easy recovery of encrypted files is no longer sufficient – the modern attacker may reside within the target’s network for weeks, preparing the attack, selecting the files to encrypt, and disrupting or destroying backup procedures.

The solution lies in an integrated defence that can cut across the attackers’ kill chain. This will require at the minimum sophisticated endpoint detection and response software, solid access protection, and effective Active Directory protection to prevent lateral movement around the network by any resident attacker.

This is difficult and expensive for the average SME. Not the least of the difficulties is finding, hiring, and affording the specialist skills required to manage the security defences 24/7 in a time of economic duress and cyber skills shortage.

The simplest, most efficient, and cost-effective solution is to transfer the entire cybersecurity problem to a third-party managed security service provider (MSSP). But it is important to choose the right MSSP.

A co-operative, hands-on approach to security, rather than simply providing a security management dashboard and sitting back is necessary. As is working closely with partner and clients to understand each individual enterprise and its unique needs. Combining industry-leading security technology, a breadth of expertise and this collaborative approach enables MSSPs to tailor bespoke IT and security solutions that fit each company’s needs.

[1] https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020

[2] https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf

VMware Carbon Black: up to 6 months FREE

Wavenet — 15/11/2021

CyberGuard Technologies - part of the OGL group - has announced its Black Friday / Cyber Monday offer which is now live and open to all Made in the Midlands members... Up to 6 months free VMware Carbon Black next-gen anti-virus.

With more employees working remotely, endpoint protection has never been more important. A security tool that provides ransomware and malware protection while facilitating threat hunting and incident response, VMware Carbon Black is a comprehensive endpoint protection solution against cyber-attacks.

CyberGuard’s offer is open to all MIM members who will receive the next-generation anti-virus product – VMware Carbon Black – and CyberGuard managing it 24 /7/365 from the company’s UK-based Security Operations Centre (SOC), which is operated by experienced, knowledgeable and accredited staff.

Carbon Black’s products are only available through partners such as CyberGuard Technologies. As every organisation is different, pricing depends on factors such as the number of endpoints and the subscription term.

The protection offered by VMware Carbon Black and the access to the SOC included in the offer provides peace of mind, especially in the run up to Christmas and with employee shortages.

The Black Friday / Cyber Monday offer is 36 months of VMware Carbon Black and SOC support for the price of 30, 24 months for the price of 20 and 12 months for the price of 10. Enquiries to be received by Cyber Monday (29th November 2021) with contract signed by 31st December 2021.

VMware Carbon Black: Next-gen anti-virus summary

Protects user endpoints
No compromise to system performance
24 / 7 / 365 monitoring by CyberGuard experts

There is no 999 emergency service if an organisation’s network is compromised and held to ransom.

CyberGuard guarantees a first response in 15 minutes to any critical or high alerts picked up by VMware Carbon Black, its next-gen anti-virus solution, and a resolution within 1 hour.

For Black Friday/Cyber Monday, the company is giving away up to 6 months FREE – so there is an opportunity to get protected and line up cyber experts in case of an attack.

Enquiries

To make an enquiry, please visit our special offer page: www.ogl.co.uk/carbon-black-anti-virus-special-offer.

How to Build a Cyber Security Strategy in 2022

Wavenet — 28/06/2022

With cyber-attacks on the rise and nearly 40% of all UK businesses reporting a cyber attack this year alone, creating a robust cyber security strategy has never been more important. There's no denying that cyber-attacks pose a significant risk to business operations, potentially causing irreparable damage to both finances and reputation.

With technology constantly evolving and advancing, the methods that cybercriminals use to gain access to your data are becoming more sophisticated year on year. Attempting to stay on top of your cyber security isn’t easy, but it also isn’t impossible. The first step is choosing a cyber security strategy that suits you and your business.

Article overview

This article focuses on the two main types of a cyber security strategy, proactive and reactive. It explores the methods within those strategies and will provide you with a step-by-step guide on how to best protect your business and build a reliable cyber security strategy.

To read this article in full, click here.

How to Improve Cyber Security When Working from Home

Wavenet — 26/05/2022

From unstable Wi-Fi connections to attention-seeking pets, remote working poses several challenges for employees and employers alike. However, none of these issues are as important as cyber security when working from home.Because the biggest threat always comes from the inside, you need to ensure that remote employees are as safe as in the office. Read on as we break down how to do exactly that.

Always use a VPN

Virtual private networks (VPNs) are encrypted connections from a device to a network. In a few words, they turn public networks into private networks. Often used by private users to get around geographically restricted websites, VPNs are also great at protecting employees from potential cyber security threats. By providing secure and remote access to a network, VPNs can prevent network attacks and limit access to file stores or databases.

There is one extra perk to VPNs. Employers can also use them to filter a user’s network traffic, blocking access to social media websites or streaming services.

Establish security protocols

Never leave your employees in the dark. All employees working from home should receive security guidance explaining how to access company files via a VPN or how to spot with a potential phishing email.

Enable two-factor authentication

Implementing two-factor authentication (2FA) is an easy way of providing an extra layer of security. By granting access to a system only after presenting two or more pieces of evidence of identity, 2FA offers protection from unauthorised access. A password plus an authenticator app (such as Microsoft’s) is one of the most common 2FA combinations for companies.

Have separate work and personal devices

With working from home becoming common practice, employees are relying more and more on their personal devices. In fact, a recent survey found that more than half of the employees working from home use their personal devices for work. There are several reasons why this is extremely dangerous. To start with, the employee’s software might be outdated, making their system more vulnerable. On top of that, data in private devices is unlikely to be encrypted, leading to the easy spread of sensitive information.

Having separate devices will reduce the chances of sensitive data being transmitted to personal accounts. It can also provide some helpful separation between professional and private mindsets, helping staff to maintain a healthy work-life balance.

Invest in training

You wouldn’t assign a project to an employee who hasn’t been properly trained in that specific area. Similarly, it is unfair to expect your staff to know the ins and outs of cyber security without proper training.

Because home-working usually means working without supervision, employers need to pay particular attention to cyber security training. From phishing to man-in-the-middle attacks, hackers will always target the least cyber-savvy employees to get their hands on sensitive information. In fact, a report from the UK’s Information Commissioner’s Office found that 90% of all data breaches were the result of internal mistakes.

Let us help you

If you really want to improve your company’s security, it’s imperative that you proactively manage threats, start creating your cyber security strategy today with the help of our team of security experts.

Start protecting your business.

FREE Vulnerability Test Exclusively For MIM Members Worth £1,500

Wavenet — 13/10/2021

One of the UK’s leading cybersecurity and technology experts for the manufacturing industry - OGL is offering a free Vulnerability Test for Made in the Midlands (MIM) members. OGL supports over 1,000 businesses in the UK with their IT solutions and cybersecurity needs, many of which are MIM members.

During the course of the last year or so, many businesses have moved to an online operation. Whether it be administrators or sales teams, working remotely makes businesses more vulnerable to cyber attacks. In addition, causing a manufacturing plant to cease production could be a relatively simple task for an attacker if little protection is in place. A security breach has a huge detrimental impact on supply chains, customers, staff, reputation, intellectual property, and of course profitability. Cyber-immunity protects all 6.

The OGL Group, including CyberGuard Technologies, was founded in 1976, and is the preferred technology partner to businesses all over the UK. Over 140 of these are manufacturers - demonstrating their capability to support MIM members in critical areas of their business. Fellow members that OGL already work closely with include: C Brandauer, Big Bear Plastics, Lanemark Combustion and Nufast.

The Vulnerability Test from OGL gives manufacturers a second opinion from a fully accredited, third-party viewpoint. This is a unique chance for businesses to have their critical infrastructure checked and assessed, totally free of charge.

Since joining Made in the Midlands in June 2021 OGL have already identified easily-fixed security issues for many MIM members, and as manufacturers are becoming increasingly vulnerable to cyber-attacks, this test is almost crucial.

Charles Addison, Managing Director of the Made in Group said:

“The OGL Group was selected as our IT & Cyber Patron Partner for their excellent reputation for supplying tech services and cyber security to the manufacturing industry. Please do take the chance to have a free vulnerability assessment and ensure you’re taking adequate steps to protect yourself in the face of ever-increasing, sophisticated cyber threats.”

Book your FREE Vulnerability Test, Please call 01299 873 800 or email security@cg-tech.co.uk to secure your Vulnerability Test in the next few weeks.

A New Hybrid Normal - The digital Covid landscape

Wavenet — 19/07/2021

On 19 July, the UK may end its COVID-19 lockdown after several months of gradually loosening restrictions. Originally planned to lift on 21 June, the existing partial lockdown has been extended by four weeks, demonstrating the unpredictability of the pandemic and its consequence on business.

The effect of these lockdowns has been massive on business. To reduce the transmissibility of the disease, office workers have been urged to work from home wherever possible -- and both business and staff have responded positively.

We live in an age of unprecedented connectivity. Companies have used this connectivity to accommodate the concept of remote working – sometimes called telecommuting or work from home (WFH). At the height of the lockdown, 60% of the UK’s workforce was working from home[i], proving that we may not need to be as strict about traditional office spaces as we assumed. According to a report by Microsoft[ii] and YouGov, almost 90% of UK businesses have at least partially embraced the practice of allowing their employees to work from home.

But with the prospect of lockdowns finally ending, is this just a temporary stopgap ‒ will things go back to exactly how they were? That is unlikely – the world may have been forced into remote working by the pandemic, but now that both workers and companies have seen new benefits and possibilities, it may not be possible to go back to the way things were. ‘Normal working’ is going to mean something new that will likely encompass both home and office: "a new hybrid normal."

A fresh perspective, new possibilities

The pandemic is one of the worst global events we have seen in decades, but it has provided the opportunity to explore new ways of thinking. A greater level of flexibility and accommodation to working arrangements is showing surprising benefits to employers and staff. Many employees have reported feeling happier and more motivated being allowed to work from home, achieving a better work-life balance [source: Microsoft survey], and in some cases productivity has increased rather than decreased because of this.

Business is seeing benefits beyond simply better motivated and more productive workers. Research has shown that employees allowed to work from home are more likely to remain loyal to the company[iii]. If a business embraces the idea of hiring new workers on a remote or hybrid basis, this gives greater access to talent from a wide geographical area, rather than being limited to an easy commute distance. In sectors with a pronounced skills gap, such as cybersecurity and IT, this could be a godsend. Even the day-to-day overheads of running the business can decrease with flexible working ‒ if the office space doesn’t outright downsize, utilities and maintenance costs will reduce due to decreased usage.

Even the global environment benefits from allowing people to work from home wherever possible. Over the last year, The UK’s greenhouse gas emissions saw the biggest reduction since records began in 1990. With half the workforce working from home, UK workers are estimated to have saved a collective £2 billion per week [source: Finder.com stats]. With more workers able to save on commuting costs, a little more disposable income can help produce a trickle-up effect and help to revitalise a struggling economy.

In today’s world, the essential IT infrastructure for hybrid working is already mostly in place. All a worker needs is a device to work with and an internet connection – something that at least 97% of UK households already have. Many business-oriented applications like Microsoft 365 have remote collaboration and file-sharing built in. However, this ease of access to remote working can be a dangerous double-edged sword.

New paradigm, new problems

When an organisation’s staff are working from home, connectivity becomes a foundational necessity for the business. A ‘disaster’ before COVID could be a fire, flood, massive security breach or ransomware. For the remote workplace, we need to add a simple internet outage or loss of service -- and the reliability of internet connectivity, broadband availability and ISP support will vary greatly between different households.

Any enterprise needs to consider how much of an investment remote-working infrastructure will be. While the technical minimum is already in place for many organisations, this will not be enough on its own to keep the business secure and productive. Compatibility and employee relationship management need to be carefully considered ‒ if one employee prefers to work on their MacBook using Pages, but another can only handle documents made in Word, this is going to create frustration and time lost as they convert formats back and forth.

Cybersecurity is even more critical to the robustness of the remote working infrastructure. Flexible working creates a much wider attack surface than a traditional office. As well as the business’ central network, each worker has his or her own array of devices connected to their home network.

Workers need to connect to their business from home, so any security breach works both ways. A compromised home network gives attackers a potential ‘in’ to attack the business directly. If the office network is breached, hackers could move on to every single employee, making this an excellent way to spread ransomware or harvest personal data.

Flexible and hybrid working can bring great benefits, but they also bring difficult questions and obstacles. Implementing an effective remote-working infrastructure is a minefield of IT, cybersecurity, and logistics. How much oversight does the business need over its employees while they work from home? How are remote meetings going to be arranged and conducted? How can everyone stay accountable to each other to make sure the enterprise runs smoothly? Businesses need to consider all these questions, and no two organisations will be exactly alike. How can companies maximise the rewards of hybrid working without compromising integrity and security?

What we need going forward

Traditional office spaces are not going away, but neither is the reality of COVID and a post-lockdown world. Organisations that try to ignore the changes of the last two years will be left behind. With all the benefits that a new normal of hybrid working can bring, there are only two obstacles to fulfilling this new potential and reaping the benefits: securing the new decentralised infrastructure and enabling employees. Sixty-two percent of UK remote workers want better technology to be provided by their employers [source: Finder.com stats].

No two enterprises are alike, therefore there is no one-size-fits-all solution. Businesses must account for their own specialisation, ethos, the skills and needs of their employees and a changing marketplace. Embracing hybrid working without careful planning could be disastrous. At the same time, making the necessary evaluations, creating a plan and implementing everything the business needs to fully enable flexible working will take a lot of time and resources. Executives need to coordinate with their various departments and teams and involve the entire organisational hierarchy to map out the business’ needs. With the prospect of lockdowns ending soon, time is a precious resource that companies cannot afford to waste.

The problem is not simple. Getting visibility into a distributed remote workforce without being too intrusive to fall foul of privacy regulations yet still knowing where sensitive data is held; controlling remote collaboration so only the right people see specific data or documents; choosing the right video conferencing solution and operating it securely; and ensuring secure communications between central servers and remote endpoints, are just the start of new concerns.

Remote staff may be using their home computers for work – but home computers are notoriously insecure. How do you ensure corporate level security on remote computers that you do not own? And the inevitable accompanying increase in cloud services brings a host of problems – the least of which could be the return of unfettered and unvetted Shadow IT.

Rather than attempt to navigate this minefield from limited in-house resources with the danger of leaving one or more weaknesses, it is better to call on the services of an experienced managed service provider – such as OGL Computer[iv].

The best path forward is to engage a specialist organisation to non-intrusively evaluate the business and create a plan of action going forward. This may be easier said than done; extensive industry expertise is needed as well as keen insight into a business’ needs ‒ and the flexibility to create a bespoke solution that will meet the needs of the enterprise post-lockdown. OGL Computer’s IT Solutions[v] are unique in being able to meet all these requirements, making sure businesses have all they need to meet the New Hybrid Normal. More than just the cyber essentials, any business adopting hybrid working needs a full IT infrastructure to provide managers and employees with ongoing IT support for the rocky transition into a post-lockdown world.

References

[i] https://www.finder.com/uk/working-from-home-statistics

[ii] https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWxzz5

[iii] https://resources.owllabs.com/state-of-remote-work/2019

[iv] https://www.ogl.co.uk/

[v] https://www.ogl.co.uk/it-solutions

Steve Bennett Celebrates 20 Years at OGL

Wavenet — 31/01/2022

A huge congratulations to Steve Bennett who recently celebrated 20 years at OGL.

Steve looks back on the last 20 years:

“Before starting at OGL, I was working for Granville Technology Group, working in IT in the retail sector. After seeing a local job advert for OGL, I applied for a position in B2B Technical Sales and remember arriving at Kidderminster Harriers for the first interview to be greeted by Sam Byrne and Neil Morris, being presented with a piece of paper and pencil, and asked to go and prepare for 5 minutes. The brief was to sell them a pencil and the rest is history…

“20 years on, I have seen the company grow, more than doubling in size from when I started, not to mention the product and services portfolio that we see today. It certainly has moved on from HP E80 Servers and Wyse terminals!

“I have had various roles at OGL and have progressed through the business from Existing Hardware Sales, Account Management, New Business, and Pre-Sales as a Solutions Architect – I really can’t believe where 20 years have gone. The staff I work with, many of which have become personal friends over the years, really make everything worthwhile. I am proud to have been a part of the success and growth of the business over the past 20 years and look forward to progressing my career with OGL for the next 20.”

Colin Dennis, Steve’s manager, congratulates him on his 20 years at OGL:

“Steve and I have only officially worked together for a few months in the newly formed Pre-Sales team; however, it is absolutely clear that he is the “go to” person for our company pre-sales. He has the fairly unique skill of being both technically knowledgeable but also the ability to get customers to totally trust his opinion, allowing him to close a sale.

“Unofficially, I have of course worked around him for the last 14 years whilst I have been at OGL. Steve is always helpful, calm, considerate and a true gent. Nothing is too much trouble and he is totally committed to getting a quality job done. He is a tremendous asset to OGL and I would like to congratulate him on his 20 years’ service. OGL is a better place for having Steve at the heart of its team.

“Outside work he has a passion for clay pigeon shooting, and as long as he continues to let me beat him when we shoot he has a long and continued career ahead of him . Congratulations Steve, and here’s to another 20 years!”

The Best Methods for Protecting Against Ransomware in 2022

Wavenet — 02/03/2022

Ransomware has made internet users around the globe shake in fear for more than 25 years. Plainly speaking, ransomware is a form of malware that uses encryption to block the target’s information. Once the attack is successful, cyber-criminals demand a ransom to provide access back to the original user — hence its name. Put simply, it’s a form of extortion.

With encryption so in vogue at the moment, ransomware is growing more and more complex. However, there are still ways to protect yourself from this kind of attack. In this post, we’ll walk you through the best methods for protecting against ransomware in 2022.

Backup your data in different places

It seems obvious, but that doesn’t make it less important. Being locked out of your files or systems can be devastating to a business, and not only because it could bring your company’s activities to a halt. A blocked system without a backup will immediately put you in a weak negotiation position with the cyber-criminals, who will demand a hefty payment.

As usual, prevention is key. In the unfortunate event that you are hit by ransomware, having secure backups ensures that the attack is not a critical blow to your business. It’s best practice to have several backups in different unrelated locations – for example, in the cloud and other off-site locations.

Use a safe VPN

With remote working taking over, employees are increasingly relying on cafés or co-working spaces to get a break from their own homes. Unfortunately, this popular practice is as dangerous as it is convenient, as connecting to a public Wi-Fi network makes your computer more vulnerable to attacks. However, you can reduce the risk by implementing the use of Virtual Private Networks (VPNs) across your company.

And you shouldn’t stop there. Cyber-criminals have got more creative in recent years, using VPN servers to start ransomware attacks. Make sure your VPN is properly protected by enabling multi-factor authentication and changing login credentials every few months.

Only allow trusted applications

The system administrator ought to ensure that all applications running on company devices are 100% trustworthy. As an Administrator you can also set rules that forbid non-admin users from installing applications. On top of that you can use a next-generation anti-virus tool to identify any apps or processes running that could be potentially harmful.

Build email protections

This is one of the simplest yet most effective methods for protecting against ransomware in 2022. Keep your firewalls up to date, establish automatic scans of all emails and notify users of out-of-network emails to prevent them from clicking on them.

Prepare for an attack

When it comes to cyber security, you need to put yourself in the worst-case scenario. This is particularly true of ransomware attacks, which have hit multinational companies with disastrous consequences. For example, Renault-Nissan lost control over their industrial processes in 2017.

The best way to prepare for a potential ransomware attack is to stage one. Learn about your weaknesses by arranging a mock ransomware attack with a trusted cyber security company.

Let us protect you from ransomware

At CyberGuard, we have a range of bespoke security services that will test your business’ defences against a ransomware attack.

OGL Kidderminster Site Undergoing Major Refurbishment

Wavenet — 29/10/2021

OGL has been experiencing significant growth across its three trading divisions and has invested in a number of surrounding properties around its current site in Kidderminster with a view to accommodating the growing workforce. Work on the Kidderminster site has been ongoing for a couple of years to include a new modern, welcoming reception to create that great first impression for visitors, a suite of modern meeting rooms overlooking a garden sat at the heart of the site and a relaxing lounge area.

All the office buildings are undergoing modernisation to provide staff with a clean and fresh working environment, a much welcomed addition following the recent extended periods of home working. Whilst staff still enjoy the benefits of hybrid working, it was important that staff have a positive experience when they are in the office.

The buildings have not only been refurbished internally but the exterior has also been updated with a contemporary cladded look which is now the backdrop for OGL to showcase its refreshed brand image.

Customers and other visitors to the OGL site are greeted by our friendly receptionist against a backdrop of a modern and bright space with a soothing branded water wall. Behind the water wall they will find a coffee bar, lounge area and two large digital screens where they can catch up on the latest news as well as watch a series of adverts and videos showcasing the work we do. Down the corridor you will find five meeting rooms including an Executive Board Room, each carrying a different colour scheme and posing a series of inspirational messages. Large glass doors brighten up the offices with natural light and provide views out to the garden where employees can enjoy summer lunches and company BBQs. As winter approaches and the nights draw in, our brand is still a focus thanks to some stunning halo lighting!

We’re excited to share images of the refurbishment and even more excited about the future as we continue to grow and expand our solutions and services to meet the changing demands of our customers and to leverage new and emerging technologies. Our staff and our customers are so important so this investment is our way of ensuring they have a great experience.

If you would like to visit OGL & CyberGuard Technologies premises, and talk to us about IT and cyber security, we'd be delighted to show you around. Please contact Lee Reece on lee.reece@ogl.co.uk or call 01299 873873.

How Cybersecurity Can Protect Your Business Value

Wavenet — 28/11/2022

We are focusing here on a Made Masterclass hosted by CyberGuard (part of the Wavenet Group) - as MIM Patron - in September 2022. This virtual event aimed to support members of Made in Group in strengthening their cybersecurity.

Nick Johnson, Head of Advisory Services, who has worked for over two decades in IT and Security, delivered a 15 minute presentation to discuss:

How increasing your focus on cyber security can add value to your business
Why the use of automation and continuous testing in cyber security need to be adopted as standard
Where to start when maturing your Cyber Security posture

If you missed this event, then you can watch it back in full now on Made Talks, or watch the short clip below.

OGL Celebrates 45 Years in Business

Wavenet — 27/08/2021

This week sees OGL celebrate 45 years in business. It marks a great achievement and is testament, not only to our ability as an organisation to continually evolve and keep pace with the ever-changing world of technology, but also to every member of staff and customer who has contributed to our success.

Debbie Barton, Operations Director, commented: “We have come a long way since our roots selling typewriters and accounting machines and we’re really proud of the business we have become. Over the years we have seen some tough times, from economic recessions to the more recent Covid pandemic. But each time, we pull together and come through it stronger and more determined. On behalf of the Directors, I thank you all.”

It wouldn’t be a birthday celebration without cake so OGL staff were treated to specially made cupcakes delivered to each department's kitchen (which were decorated with balloons, of course!). Thank you once again to all our staff and customers for helping to make OGL the success that it is today. Here's to another 45 years!

Mental health in the cyber security industry discussed

Wavenet — 29/10/2021

Last month, Sean Tickle, Head of CyberGuard Technologies - OGL's cyber security division - was approached to feature in a podcast by H4unt3d Hacker (a podcast dedicated to discussing and sharing information around cyber security). Sean's episode features lots of discussion around the industry in general, but towards the end of the podcast the topic turns towards the importance of mental health and how working within a stressful environment can lead to burnout and a decline in wellbeing.

At OGL it's something taken very seriously, and which Sean is a particular advocate of. Sean goes into detail about the importance of maintaining mental wellbeing – not just for himself, but also for those in his team. The recent pandemic may have helped to normalise the need to manage mental health in addition to physical health but there are still steps that everyone can take to ensure that they and their colleagues are managing to maintain their work-life balance, avoid burnout and be happier overall.

Some key strategies from Sean include:

One-to-one sessions and general catch-ups with others; simply to check everything is going well.
Having a flexible work-life balance; this includes working from home and prioritising personal needs as and when the situation arises.
Mindfulness; taking time for yourself and recognising when you may be “burnt out” and in need of some time away from work stressors.
Recognise the signs in others; it’s important to care for yourself but it’s also important to let others know that you care about them too. You never know what someone else is going through, and simply starting the discussion could be all that someone needs to improve their day.

Sean also recommends the Medito Foundation app, which includes a specific section around mindfulness in the workplace, including guided meditations and courses for improving sleep, productivity and stress/anxiety management. More information can be found here.

We all can benefit from taking steps to improve our mental health and sometimes it can be difficult to recognise when we might not be coping as well as we would like. Sometimes, a problem shared over a coffee and a chat is a problem halved.

The full podcast can be found below (discussions around mental health start around 1:06:00):

https://youtu.be/thTh2zaXfUw

Time for a radical rethink of your Disaster Recovery plan?

Wavenet — 21/07/2021

Is your businesses’ disaster recovery strategy as robust as you think?

Bad things happen - worse than we expect, and when we least expect them. Years ago, those bad or disastrous things could be summarised as physical 'fire, flood or theft'. Today, a disaster is more likely to be digital - the sudden and catastrophic loss of access to our digital information.

A disaster recovery (DR) plan is a set of protocols to enable us to recover from a disaster. The problem is that most DR plans are rooted in physical disaster. Few have kept pace with business transformation into the digital age, leaving many companies exposed to existential digital disaster.

What is disaster recovery today?

OGL Computer’s solution architects work closely with businesses to create the most effective, complete disaster recovery technology provision tailored to the individual needs of each company. We have observed many emerging trends in disaster recovery, some positive and some in need of a radical change of thinking.

Throughout the 20th century, disaster recovery for business was oriented around physical disasters – fire, flood, quakes, physical theft and so on. Although DR plans today have changed to reflect the online world, many are still rooted in the safety of physical premises and storage locations. But today, only 3% of disaster incidents leading to data loss and business downtime are caused by natural disasters[1].

As the business landscape has become more and more cyber-oriented, and as digital transformation continues, there are more ways that an enterprise can be crippled without any physical damage. In 2019, an organisation undergoing a ransomware attack could expect to lose an average of 16 days to operational disruption.[2] Ransomware attacks, severe data breaches and service provider failures all need to be accounted for just as much as any hardware failure or natural disaster ‒ but not all businesses are fully adjusting to modern requirements.

At this point it is worth differentiating between data backup and DR. DR must include backup, but backup alone is not disaster recovery. Consider ransomware. Some variants - and this seems to be an increasing trend - are destructive. They can leave computers unusable. So, even if you can recover lost files from a backup, you are not quickly back in business if you have no infrastructure to use the files. There is already a long history of destructive attacks, even as far back as 2012, when the Shamoon [3] attack against Saudi Aramco 'floored' 30,000 workstations for 10 days. DR is not simply the ability to recover data, but the ability to return the business to normal operations efficiently and speedily.

The problem became more difficult in 2020. The Coronavirus pandemic and advances in sharing and remote productivity technology are leading to increasingly decentralised workplaces, with dispersed staff working on personal machines in many different locations. With this increasing diversity in business models, disaster recovery plans need to be more bespoke; templates or ready-made protocols are becoming less and less likely to be effective for most enterprises.

A particular problem area observed by OGL is found in the data backup and storage element of DR. We have seen many disaster recovery plans that recommend storing backup data in the same physical premises or on the same network as the operating devices. This is a weakness. A disaster could compromise the working device and the backup devices at the same time. In fact, a primary focus for many ransomware gangs today is to infect the network and compromise any local backup before seeking to encrypt the business files ‒ effectively neutralising any backup.

The converse is also seen. If data is backed up to a different premise, many plans do not account for access to this new location. Especially with COVID-19 opening the world’s eyes to lockdowns and restrictions of movement, businesses need to be more aware than ever of how they will manage data extraction and retrieval under different circumstances.

Common failures in DR

OGL’s solution architects have observed numerous common mistakes and errors among businesses. In our work to build tailor-made DR solutions for our customers, we have identified several of the most common failures.

Data backup is the cornerstone of disaster recovery, but many businesses fumble this essential step. While 90% of companies do back up their critical data, daily backups are only performed by just over 40% of businesses. [4] Daily backups are vital for shortening or eliminating downtime when data is lost – which is necessary, as in 2019 42% of businesses experienced downtime due to data loss.

The most critical, director-level data often gets stored on local devices. This creates vulnerable endpoints that may put highly sensitive data at more risk than necessary. Businesses need to keep track of where data is being stored and ensure that sensitive data is only held on appropriate devices.

We also see many organisations conflate cloud sharing with cloud storage. Microsoft 365, for example, offers a limited period in which accidentally lost data can be retrieved, but this is not a permanent backup or an effective part of disaster recovery. Microsoft 365 and similar services are intended to allow decentralised collaboration on projects, not to store or preserve data for long periods.

Physical backups need special consideration under COVID-19 and any similar emergencies. With ever-changing quarantines and lockdowns, many businesses may find that their physical premises are inaccessible. Thought needs to go into the accessibility of the backups; if data is being backed up onto tapes, and if the location storing those tapes is inaccessible, is that really a functional backup? Storage into a cloud platform such as those from Datto or Veeam are much more robust.

What makes a good disaster recovery plan?

Finding the right cloud solution is more important than ever as the business landscape moves more towards decentralisation and more workers telecommute. Most consumer-level cloud services like OneDrive, DropBox or AWS buckets will not be enough in terms of security or data integrity. Finding the right managed cloud solution is a vital part of any DR plan to meet all data security needs while keeping that data accessible. When combined properly with secure on-site backups, this can let many organisations simply keep on working even in the face of a disaster scenario.

Physical data storage is also vital to incorporate into a comprehensive data recovery plan. This encompasses everything from the location and accessibility of the building in which the data is stored to the environment where the storage devices are kept, and the physical storage medium used. For long term storage, products like Veeam Backup & Replication in the cloud or Datto’s SIRUS or ALTO hardware devices include verified backups, restore options for any scenario, instant virtualisation and ransomware protection.

Once the DR plan has accounted for making both cloud and physical storage as secure and robust as possible, planning for business failure conditions is vital. Unforeseen events can and will happen. However well your data is stored and backed up, it is important not to assume your business is invulnerable. DR plans should have a clear, realistic RPO and RTO (recovery point objective and recovery time objective) and protocols should be put in place to determine what data is most critical to business operations and how to restore it in the event of a disaster.

The most important part of any disaster recovery plan is asking the right questions. It has never been truer to say that there is no one-size-fits-all disaster recovery plan. Every aspect of a prospective DR strategy needs to be questioned – is this necessary? Is this effective? Does this account for the business’ biggest vulnerabilities?

For this reason, delivering a complete DR solution in-house is neither cost-effective nor time efficient. An expert consultation service that will work with a business and find fresh ways to challenge potentially stagnant thinking will be the best way to protect against the growing diversity of threats as we move into 2021.

OGL offers a range of on-premise and cloud-based data backup and disaster recovery solutions. Speak to one of our DR Consultants today to find out more.

References:
[1] https://www.ogl.co.uk/why-is-a-disaster-recovery-strategy-important
[2] https://www.coveware.com/blog/2020/1/22/ransomware-costs-double-in-q4-as-ryuk-sodinokibi-proliferate
[3] https://www.theregister.com/2012/08/29/saudi_aramco_malware_attack_analysis/
[4] https://www.helpnetsecurity.com/2020/04/03/back-up-data/

The Digital Transformation of Manufacturing

Wavenet — 04/01/2022

If you're working in the manufacturing sector, no doubt you've experienced in an increase in the importance of your IT in the running of your factory floor, plant, production line and / or other manufacturing processes. And the term "digital transformation" is probably familar to you.

Carry on reading to discover what digital transformation is, the opportunities it presents to manufacturers and how to tackle it...

What is digtial transformation?

Digital transformation refers to the increased and integrated use of information technology within everyday business processes. It is the use of computerisation to streamline the use of business data. The introduction of digital transformation has been growing for several years, but the combined pressures of Brexit and the pandemic have made it more important and more urgent now than ever before — and no more so than within the manufacturing sector.

Manufacturers need to take every opportunity they can to stay competitive and keep costs down. The only long-term hope for many is sweeping modernisation – and modernisation for the 2020s means digitalisation.

Most companies already use computers, but they tend to have been introduced in a haphazard manner over many years. Business processes have often become constrained around the computers they use, leading to inefficiencies in the firm’s operations.

Digital transformation is the process of updating business processes and implementing modern integrated information technology across the entire business infrastructure. [i]

This involves a major and potentially intrusive restructuring of business processes and is best done with the help of an experienced third party, leaving the business to continue running its business while the third party works to improve its efficiency. [ii]

The value of digital transformation to manufacturing

IDC has predicted that by 2022, at least half of all manufacturers worldwide will have been digitalised. Given the UK’s unique challenges, this figure may be even higher domestically. For example, the only way to effectively counteract post-Brexit supply chain disruption is to adopt a flexible, responsive business strategy. The only way this is possible is through increased visibility, active inventory and distribution monitoring and more efficient administration within the enterprise – none of which can be fully realised without an effective and comprehensive digital solution. [iii]

Downtime is one of the costliest hazards in manufacturing. Although often caused by equipment failure, downtime as a result of supply issues, staffing issues or a cyber security breach cannot be disregarded. Digitalisation affords greater visibility into the causes of downtime and allows more flexibility and efficiency in remedying errors. Deeper insight into the organisation ensures that potential downtime can be minimised or prevented.

Supply chain and resource issues can almost always be solved by giving greater transparency and visibility to team leaders. Digital solutions can give manufacturing enterprises actively monitored, live-updated inventories, detailed productivity metrics, and perhaps even advance warning of any upcoming supply chain issues. Cutting down on all inefficiency along the supply chain minimises disruption and decreases time to market, streamlining the whole organisation. [iv]

In the UK, digital transformation is also helping to close the engineering skills gap. The workforce of qualified engineers has been shrinking and aging, and as of 2017 there was an estimated shortfall of 69,000 workers qualified to level 3 or above. With students and younger people less likely to pursue engineering qualifications, digital manufacturing allows vital roles to be filled by workers with more widely held computing qualifications. [v]

Supply-chain based demand has been surging across many industries as economic activity has increased following the slump during the brunt of the Covid pandemic. Manufacturers that aren’t modernising risk floundering and struggling to fulfil the renewed demands placed on them, thus losing business to more competitive suppliers. No matter the size of the enterprise, the question faced by UK manufacturing is not ‘if’ it is time for digital transformation, but ‘how’ to do so now.

Obstacles to digital transformation

The benefits of digital transformation are extensive, and the consequences of failing to adapt could be dire. However, it’s much easier to recognise the need for digital transformation than to fulfil it. The manufacturing industry is incredibly diverse. With so many of today’s manufacturers being SMEs, each organisation will have unique capabilities, growth prospects, goals, and most importantly, unique needs. With digital transformation being inherently ground-breaking, there is no guidebook, no well-trodden path to successful digitalisation.

The split of expertise is perhaps the greatest obstacle for team leaders trying to digitally transform their manufacturing organisation. Management in manufacturing, especially in smaller enterprises, need to understand the physical, material needs of the manufacturing process as well as the personal needs of the staff. Without a separate IT department, a manufacturing leader also needs to thoroughly understand IT and data. Implementing digitalisation in the enterprise requires in-depth IT expertise, even though manufacturing leads can’t afford to specialise in IT.

Communication and collaboration are vital, especially for manufacturers where business usually takes place on the ‘shop floor’. Productivity apps such as Microsoft 365 and cloud-based storage can be a godsend for administration, sales, supply management and planning – especially in a nation that’s waking up to the value of flexible workplaces and work-from-home. No digital transformation would be complete without some form of cloud connectivity that meets the business’ needs. But selecting and implementing the right solution – if an off-the-rack, commercial cloud service that ideally suits the enterprise even exists – is a tall order for management.

Manufacturing enterprises, especially in the UK, must walk a tightrope with their budget and cannot afford to operate at the reduced profit – or even temporary loss – that in-house restructuring entails. When businesses live or die on their ability to minimise disruption, deliberately undertaking the extensive disruption that can follow from a poorly planned or rushed digitalisation can make any form of digital transformation a hard sell to senior management. [vi]

Managed services in the supply chain

Manufacturing enterprises face one significant obstacle on the path to digital transformation. Implementing the infrastructure changes necessary to take advantage of digital manufacturing requires heavy investment of both time and capital. It also requires extensive knowledge of not just the business’ individual needs, but specialist knowledge in IT, technology and cyber security. With the economic tension facing many manufacturers, the risk of slowing production for any length of time or allocating floorspace and budget to the digital aspects of business can feel prohibitive.

Manufacturers are being put between a rock and a hard place. There is no choice but to innovate and update in order to stay competitive, but enterprises can’t afford to pause or reduce production in order to implement the changes they need. Managed service providers – MSPs - offer a lifeline in these circumstances, as well as being a natural fit for the manufacturing industry.

It is vital for manufacturers to focus their time and resources on their core competency. An MSP allows for a cost-effective solution, bringing specialist knowledge of cyber trends, experience with digital transformation and dedicated support to any enterprise. It offers greater flexibility to respond to changes in the market, while allowing the enterprise to stay focused on production. OGL has been working with many manufacturing organisations, like Made in the Midlands, to help optimise and revitalise technology. [vii]

The UK government has recently invested £53 million into research centres dedicated to developing technology in manufacturing industries. With the government’s stated goal to make smarter, more competitive manufacturing a priority for enterprises of all sizes, it has never been a better time for businesses to modernise and become as technologically competitive as possible. [viii]

A good, experienced MSP with a responsive support network is the most streamlined and non-destructive way to achieve this. Make sure to take a look at OGL’s material on digital transformation for more information, and get in touch for any advice on how digital transformation can fit within your organisation. [ix]

References

[i] https://www.ogl.co.uk/hesitant-to-digitalise

[ii] https://www.ogl.co.uk/motivai

[iii] https://www.idc.com/getdoc.jsp?containerId=prUS46967420

[iv] https://www.manufacturing.net/home/article/13184256/manufacturers-lack-supply-chain-visibility

[v] https://www.raeng.org.uk/publications/responses/closing-the-stem-skills-gap

[vi] https://www.ogl.co.uk/SOTreport2020

[vii] https://www.ogl.co.uk/ogl-becomes-patron-partner-to-made-in-the-midla

[viii] https://www.ogl.co.uk/software-solutions

[ix] https://www.ogl.co.uk/digital-transformation-for-wholesalers

How to Protect Against Social Engineering Attacks

Wavenet — 19/07/2022

What is social engineering?

The term "social engineering" refers to a multitude of actions undertaken by cyber criminals that relate to human interaction. While some cyber crime is committed through penetrating a network directly and exfiltrating data, other methods are just as effective. The most popular methods of social engineering among cyber criminals are phishing, baiting or quid pro quo attacks.

How do social engineering attacks work?

A misconception about social engineering attacks is that only gullible people fall for them, this is not the case. In their simplest form, social engineering attacks are centred around you, the individual. The cyber criminals' main objective is to build your trust and reinforce their legitimacy. Some cyber criminals will establish direct contact with their target, often through email but sometimes over the phone. The objective of the cyber criminal is to obtain sensitive data such as passwords or credit card details.

Although social engineering attacks are harder to predict than other kinds of malicious activities, that doesn’t mean there’s nothing you can do about them…

Continue reading

To continue reading this article please visit our website. The full article takes a deeper dive into what social engineering is, how it works and more importantly how to best protect yourself and your business from a potential attack.

To read this article in full, click here.

OGL Computer Services Group Joins MIM to Further Protect Manufacturers from Cyber Crime and Drive Digital Transformation

Wavenet — 13/07/2021

IT solutions and cybersecurity provider OGL Computer Services Group has joined Made in the Midlands as their latest Patron Partner. With the manufacturing sector becoming an increasingly attractive target for cybercriminals, OGL Computer Services Group and its subsidiaries, CyberGuard Technologies, and OGL IT Solutions, help manufacturers protect themselves from cyber-attacks and harness the power of IT.

Established over 45 years ago, OGL is the preferred technology partner to over 1,000 UK businesses, including growing and mid-size businesses and multi-site enterprises. Over 140 of these UK businesses are manufacturers, many of whom are Made in Group members - highlighting the company’s capability to support Made members in critical areas of their business.

Many manufacturers are experiencing attacks from cybercriminals because of the disruption that can be caused by shutting down manufacturing processes – something that is becoming more and more regular. CyberGuard Technologies has an enormous amount of expertise in mitigating this threat to manufacturers by utilising and deploying a whole range of tactics, techniques, and procedures to defend and protect networks and systems.

Alongside heightening cybersecurity threats, the manufacturing industry is also feeling the pressure to digitalise its operation, a result of the pandemic. OGL IT Solutions support manufacturers to make the shift into the digital era and take advantage of the many benefits technology can bring to their industry.

Talking about how OGL found out about the Made in Group, Paul Colwell, Chief Technical Officer for OGL IT Solutions & CyberGuard, said:

“We’ve been aware of the Made in Group for a good number of years and had the pleasure of exhibiting at Made in the Midlands events in the past. We’ve been impressed by the way the Made in Group supports its members and wanted to be part of that. We were delighted when a MIM’s Managing Director contacted us about becoming a Patron Partner due to our reputation in the manufacturing industry.”

OGL believes that now is the perfect time to join MIM due to the sector experiencing significant changes in working practices. Paul added:

“We are seeing an increase in the need, and a keen interest in, adopting new technologies to support a growing mobile/remote workforce. The sector is also falling victim to regular cyber-attacks which is driving many manufacturing businesses to look at ways to strengthen their cybersecurity posture. Both of these require technical expertise, experience, and access to industry-leading products, all of which we have in abundance.”

OGL is looking forward to meeting fellow members of the Made in Group at Made Events and welcomes the challenge of creating bespoke IT solutions for members in the future. As for what members can expect from OGL, Paul concluded: “Members now have somewhere to turn and can look forward to gaining peace of mind that they have a fully-endorsed IT and cybersecurity provider at their disposal.”

Protecting your “Big Six” from Cyber Crime: Essential Info for Manufacturers

Wavenet — 18/11/2021

On Tuesday 14th December at 11:15am, MIM Patron OGL will be hosting a Masterclass for members of Made in Group on "Protecting your 'Big Six' from Cyber Crime: Essential Info for Manufacturers".

The OGL Group is the preferred technology partner to over 1,000 UK businesses, including growing and mid-size businesses as well as multi-site enterprises. Over 140 of these UK businesses are manufacturers, many of whom are Made in Group members - demonstrating our capability to support Made members in critical areas of their business.

Chief Technical Officer, Paul Colwell, MIM’s IT & cyber security Patron Partner – will be discussing all things cyber security. It’s a hot topic for Made in Group members right now, as cyber criminals are turning their attention to the manufacturing industry, realising the chaos they can cause (and hefty ransom they can demand) by halting a production line or compromising operational technology.

Paul will explain what the “Big Six” are and why getting cyber security in place to protect them is essential work for business owners and company directors. Plus, hear stories about how we’re already getting numerous Made in Group members on the road to cyber security.

Paul from OGL has over 10 years’ experience in exploiting technology to deliver benefits for business. In recent years, working closely with leading names including HP, Microsoft, WatchGuard, AlienVault, Carbon Black and VMware, he has focused on driving the implementation of cutting-edge cyber security solutions to tackle the growing issue of cyber-crime amongst UK SMBs.

You can expect to find out more about the following topics:

Protecting your “Big Six” (what are they?)
Cyber crime in the manufacturing industry (why is it such a hot target for criminals?)
The road to cyber maturity (we can help…)
Helping MIM members (real stories!)

These events will also be used as your chance to learn about how you can fully utilize your Made membership. This will entail a 15-minute presentation followed by 30 minutes of breakout discussions.

Members of Made in the Midlands and Made in Yorkshire can sign up now for this virtual event taking place on Tuesday 14th December at 11:15am, using the button below.

SIGN UP NOW

Top 10 Cyber Security Threats in 2022

Wavenet — 19/04/2022

Like everything else on the internet, cyber security threats evolve at an astonishing speed. From automated ransomware attacks to cloned websites, hackers and scammers have upped their game in recent years to make our lives more difficult.

On top of everything, the advent of home-working has brought brand new cyber security threats to be reckoned with. Let’s have a look at the top 10 cyber securiity threats in 2022.

Malware

A blanket term for any sort of malicious software, malware exploits security holes in a computer’s operating system or server. It comes in different forms, from spyware programs that monitor your browsing habits to trojans that open a backdoor for attackers.

However, all forms of malware have one point in common — the user always downloads or installs them unknowingly. Popular sources of malware include peer-to-peer file-sharing programs (such as torrents) or downloads of free software. Once the malware is installed, cyber-thieves will use it to extract personal data for financial benefit. You can get rid of malware with specific software, but as usual, prevention is better than cure.

Formjacking

Formjacking is a type of cyber-attack where hackers insert malicious JavaScript code into a website. Usually, attackers will target payment page forms, leading to sensitive information being compromised. The hackers can then use the information themselves or sell it for a profit on the dark web — where it’s difficult to track them. Any website that processes payments can become a victim of formjacking. In recent years, even giants such as Ticketmaster and British Airways have been affected.

Cryptojacking

The word “crypto” has become unavoidable in 2022, and hackers have also made sure to co-opt it with this innovative cyber security threat. Basically, cryptojacking is the use of other people’s devices to mine cryptocurrency — profiting off someone else’s computer or online server. If you think this doesn’t sound as dangerous as other forms of cyber-attacks, think again. Because mining demands an incredibly high amount of processing power, cryptojacking can seriously slow systems down and cause unnerving performance issues.

Internet of Things attacks

The Internet of Things (IoT) is exactly what it says on paper — physical objects that make use of the internet. The broad scope of IoT makes security issues even more challenging. Because of their limited computing capacity and short development cycle, IoT devices often lack built-in security systems, making them extremely vulnerable.

Attacks on IoT can lead to distressing real-life consequences. Smart appliances can suddenly turn against you and turn your life upside down. For example, hackers might be able to access smart locks and expose your home to burglars. Other common IoT attacks include the manipulation of smart thermostats or kitchen appliances.

Social engineering

With most cyber attacks, it’s your computer that you want to prepare against a potential threat. But with a social engineering attack, what needs preparation is not the computer but its user. In short, social engineering involves manipulating computer users into performing certain harmful actions or divulging confidential information. By exploiting human error to access private information, these attacks drive users into unwillingly disclosing sensitive data such as credit card details or passwords.

Phishing is probably the most common form of this kind of threat. By copying a website’s HTML code, hackers pretend to be a legitimate business and trick users into divulging sensitive information. The UK has seen an alarming increase in phishing during the pandemic, with hackers impersonating trusted services such as Royal Mail or the NHS.

There is only one way to avoid this kind of cyber-attack — training your staff.

Zoombombing

Two years after the start of the pandemic, it’s fair to say that homeworking is here to stay. This radical change of the way we work won’t come without its own cyber security issues. With millions of workers meeting online through Zoom and other video-calling platforms, criminals have taken to hijacking these calls. From damaging a company’s reputation with obscene or divisive comments to acquiring sensitive information, zoombombing has proven to be a fruitful avenue for hackers.

Denial-of-service attack

A denial-of-service (DoS) attack occurs when the perpetrator disrupts or blocks the normal functioning of a computer or an entire server. Sometimes, this can be very simple. Flooding is one of the most common DoS attacks — the aggressor oversaturates a server’s capacity, rendering it unusable. Suspiciously long load times for easily accessible files or sudden losses of connectivity can be signs of a DoS attack.

Cloud vulnerabilities

“Cloud” is one of those inescapable buzz words that has now become part of our daily lives. In recent years, companies and private users have embraced the cloud as a digital storage room, freeing up space in their devices. But the cloud comes with a caveat — security. The most common risk associated with cloud infrastructure is unauthorised access, which can easily lead to a data breach.

Frustrated by the high-security levels in big companies, hackers have started targeting small businesses. In the UK, one SME is hacked every 19 seconds, with the average cost for a data breach for SMEs standing around £16.1k.

Unprotected mobile devices

Following the pandemic, more and more people are using their personal phones for work. This can be extremely dangerous, as these personal devices have not passed the strong security tests to which office equipment is usually subject. Contrary to popular belief, smartphones are as vulnerable to cyber security threats as desk computers. For example, the spyware Pegasus allows hackers to target an iPhone’s microphone and camera, as well as read texts and collect passwords.

Man-in-the-middle attack

A man-in-the-middle (MITM) attack occurs when the hackers insert themselves between two parties who believe to be communicating with each other in complete privacy. In other words, it is effectively a new form of eavesdropping.

MITM attacks are usually linked to unencrypted or poorly protected Wi-Fi access points. By connecting to the same router, attackers can easily detect the weak points in a computer’s security system and intercept sensitive information. With more employees working from libraries or cafes than ever before, MITM attacks are becoming more popular every day.

How to protect yourself from potential cyber threats in 2022

At CyberGuard, we offer a range of services that will protect your business from cyber threats. From Pen Testing to Managed SIEM, we provide security solutions up to date with the fast-evolving world of cyber security.