Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

Microsoft

Google, Microsoft back UK government on cyber security

960 640 Stuart O'Brien

Major businesses including Google and Microsoft have pledged to help the UK tackle the most damaging cyber security threats.

Up to £117 million of private industry investment will be combined with £70 million of government funding through the modern Industrial Strategy to develop new technologies.

These will range from a new and secure hardware prototype that can cope with cyber-attacks, to software protected from new vulnerabilities appearing online.

The government says that with cyber threats constantly evolving, the best defence in the future is seen as developing innovative solutions that can work independently and protect against threats even during attacks. It also wants to ensure that every UK organisation is as cyber secure and resilient as possible.

Nearly all UK businesses are reliant on digital technology and online services, yet more than 30% have experienced a cyber-security breach or attack in the last 12 months, according to the government’s own data.

For example, hackable home wifi routers can be used by attackers in botnets to attack major services and businesses.

The government says businesses are having to spend increasing amounts on cyber security, up to 20 to 40% of their IT spend in some cases. And as more and more systems are connected, whether in the home or businesses, there is a need for security that is secure by design.

Business Secretary Greg Clark said: “Digital devices and online services are powering more of our daily lives than ever before, from booking a doctors’ appointment to buying online shopping. While these devices and services bring great benefits to businesses and consumers, they come with the associated risks of cyber-attacks and threats that are becoming increasingly complex to tackle.

“As we move to a more data-driven economy, nearly all UK businesses and organisations are reliant on these digital technologies and online services – but the threat of cyber-attacks is ever-present, with more than 30% of businesses having experienced a cyber-security breach or attack in the last 12 months.

“With government and industry investing together as part of our modern Industrial Strategy, we will ensure that the UK is well placed to capitalise on our status as one of the world leaders in cyber security by ‘designing in’ innovative measures into our technology that protect us from cyber threats. This will also help us bring down the growing cybersecurity costs to businesses.”

This expected joint investment will create projects to develop new solutions to cyber security over the next 5 years, with the aim of applying the findings in real-world markets through dedicated demo-projects led by business.

For example, these demo projects could include testing the new technology in the health sector to ensure a higher level of protection for patient data, or in consumer markets to ensure consumers’ personal data is fully protected as far as possible.

Dr Ian Levy, National Cyber Security Centre’s Technical Director said: “The National Cyber Security Centre is committed to improving security from the ground up, and we have been working closely with government to promote adoption of technology and practices to protect the UK.

“We hope this additional investment will drive fundamental changes to products we use every day. This is vital work, because improving hardware can eradicate a wide range of vulnerabilities that cause significant harm.”

Developing innovative solutions to cyber security will help put the UK at the forefront of the AI and data revolution, in support of the government’s AI and Data Grand Challenge.

Details on the upcoming rounds of funding for this Digital Security by Design challenge, which will likely bring together academics, research institutions, start-ups, SMEs and large businesses, will be announced later this year.

Image by Gerd Altmann from Pixabay

WEBINAR: 6 Critical Steps for Securing Office 365, Thursday 9th May at 10am BST

960 640 Guest Post

Microsoft Office 365 continues to be the most used cloud-based application adopted by organisations worldwide. As a popular productivity suite, its capabilities are broad and help users collaborate with people both inside and outside their organisation. 

A broad set of capabilities, however, creates challenges in accessing and protecting the data that is used across the various Office 365 applications, including SharePoint, OneDrive, Outlook, and Yammer. How can you effectively secure and govern data usage across these applications?

This webinar will highlight 6 important steps needed to better protect your data within Office 365.

Watch this webinar and learn more about:

· How to get real time visibility and control of risky activities across dozens of apps in Office 365

· How to protect your data from inside and outside threats

· How to protect your data while enabling multiple access methods (i.e. web, desktop app, managed / unmanaged device)

· How to ensure best practices and industry compliance

REGISTER HERE

Free Download – Microsoft Office 365 Security Whitepaper

Microsoft customers have options when it comes to Office 365 security controls—with varying coverage depending on their license level. But securing the Office 365 suite of cloud services is a shared responsibility between the cloud provider (Microsoft) and the customer.

If you want to find out how EveryCloud in partnership with Netskope can help Secure your Cloud Applications and help you to understand risky activity, protect and prevent against the loss of sensitive data and guard against cloud-based threats such as malware and ransomware.

Get in touch to schedule a demo.

Warning for businesses still using Windows 7

960 640 Stuart O'Brien

There’s just one year to go until Microsoft ends support for its ten-year-old operating system Windows 7, but as many as 43% of enterprises are still running the outdated platform.

That’s according to a new ‘Death of Windows 7’ report from Kollective.

The report, which includes data from a survey of 260 US and UK IT professionals, examines the potential costs and security threats involved in staying on Windows 7 after Microsoft’s support deadline passes.

Kollective’s research found that nearly a fifth (17%) of IT departments don’t know when the end of support deadline is, while 6% are aware of the end of support but are yet to start planning for their migration away from Windows 7.

Those that remain on Windows 7 past January 14, 2020 will either have to pay Microsoft significant sums for extended support or will leave their systems open to cyberattack. In the case of those largest enterprises, with 10,000 or more terminals, the fee to Microsoft could be in excess of $1.4m a year.

Perhaps most worrying of all, 16% of IT professionals admit to still running Windows XP and Windows Vista on some of their machines – despite support for these operating systems having ended more than three years ago.

Dan Vetras, CEO of Kollective, said: “With only a year to go, these findings should be a major cause for concern among the business community. When it came to migrating away from Windows XP it took some large enterprises as long as three years to transfer their entire systems to the new operating system, now, many firms will have to make the transition in less than 12 months. Those that fail to do so will have to pay for extended support, with the largest organizations paying more than a million dollars a year in order to remain on Windows 7.”

“Most worrying of all is that this migration is just the first step. Once businesses are on Windows 10, they will need to continuously update their systems as part of Microsoft’s new ‘Windows as a Service’ model. This means distributing increasingly frequent updates across their systems – something many IT departments will find impossible due to outdated infrastructure. At Kollective, we’re committed to raising awareness for this issue and helping enterprises solve their network challenges before it’s too late.”

Barracuda integrates with Microsoft Azure Virtual WAN

960 640 Stuart O'Brien
Barracuda Networks has announced support for Microsoft Azure Virtual WAN service through its CloudGen Firewall, extending networking security to organisations looking to deploy software giant’s solution.
In public preview since July, Microsoft Azure Virtual WAN provides optimized, automated, and global-scale branch connectivity and brings the ability to connect customers’ branches to Azure with SD-WAN and VPN devices (i.e. Customer Premises Equipment or CPE), with built-in ease of use and automated connectivity and configuration management.
 
The Barracuda connection to Azure Virtual WAN is automated: Users need only fill out authentication information and click ‘connect’. Barracuda also utilises dynamic routing protocols in the background to make sure new routes to new locations are automatically picked up and made available.
 
“Customers want choice and flexibility in the cloud, but they can’t sacrifice security,” said Tim Jefferson, VP Public Cloud at Barracuda. “By using our integration with Azure Virtual WAN, customers can have the best of both worlds — large-scale branch connectivity over Azure Virtual WAN with enhanced network security via the Barracuda CloudGen Firewall.”
 
“We’re pleased that customers looking to simplify branch connectivity and extend application workloads on Microsoft Azure now have access to the Barracuda integrated Azure Virtual WAN solution,” said Ross Ortega, Partner PM Manager, Azure Networking, Microsoft. “The integration between Azure Virtual WAN and Barracuda provides ease of use and simplification of connectivity and configuration management, hence providing optimized and automated branch-to-branch connectivity through Azure.” 
 
The integration is available now and can be leveraged by organizations using Azure Virtual WAN in the Public Preview.

Microsoft launches identity bug program

960 640 Stuart O'Brien

Microsoft has unveiled a new bug program that rewards researchers for discovering vulnerabilities in Microsoft’s Identity services up to $100,000.

Rewards offered range from $500 to $100,000 for any flaws found that impact a range of services, including Microsoft and Azure Active Directory accounts, OpenID and OAuth 2.0 standards, Microsoft Authenticator applications for iOS and Android and identity services.

On a page dedicated to the new bug program, Microsoft invites security researchers who may have discovered a security vulnerability the opportunity to disclose of the problem privately to the company so they have the opportunity to fix the issue before publishing technical details, stating that “together we can bring assurance that digital identities are safe and secure.”

Microsoft goes on to say that “a high-quality report provides the information necessary for an engineer to quickly reproduce, understand, and fix the issue. This typically includes a concise write up containing any required background information, a description of the bug, and a proof of concept. We recognise that some issues are extremely difficult to reproduce and understand, and this will be considered when adjudicating the quality of a submission.”

A full description of the program can be found here.

NHS Digital signs cyber security contract with Microsoft

960 640 Stuart O'Brien

NHS Digital has signed a support contract with Microsoft, three months after the WannaCry ransomeware attacks that targeted Windows computers.

The attacks on the NHS highlighted the need for investment, lack of infrastructure and the need for training among NHS staff, along with the fact that the NHS relies on Windows XP, an obsolete operating system that raised questions about the resilience of the service’s IT systems.

The Government recently announced it would boost investment in NHS data and cyber security above the £50 million outlined in the Spending Review, addressing key structural weaknesses as part of its commitment to improve NHS cyber security, with an initial £21 million delivered to increase cyber security at major trauma sites as a priority, along with  improvement of NHS Digital’s national monitoring and response capabilities.

The support contract with Microsoft will cover all NHS organisations throughout the UK until June 2018 and provide a “centralised, managed and coordinated framework for the detection of malicious cyber activity through its enterprise threat detection software.”

A statement by the NHS added that the service “analyses intelligence and aims to reduce the likelihood and impact of security breaches or malware infection across the NHS.”

“One of NHS Digital’s key roles is to work closely with other national partners to explore and provide additional layers of cyber security support to NHS organisations when they need it – with the aim of minimising disruption to NHS services and patients,” the statement concluded.