Griffiths brings 26 years of IT experience to lead Infinigate UK from 1st August 2020.

The global COVID-19 pandemic fundamentally transformed how we live, work and interact with one another. As organisations across the world re-architect how their workforces securely connect and communicate in the new work reality, it's never been more important to stay abreast of the fast-moving cyber threat landscape.

The Coronavirus outbreak continues to hold the entire world hostage, and healthcare facilities are at the forefront of this struggle. The fact that hospitals and pharmaceutical labs are overwhelmed with work and research makes them more vulnerable to malware attacks than ever before. Saving lives is their top priority and everything else comes next. Malicious actors don’t seem to care about the importance of these commendable efforts, though. They are waging a cyberwar against medical organizations as if the COVID-19 emergency weren’t underway.

If you ask most people who work in our industry to describe the difference between HTTP and HTTPS, they might say the latter is the secure version. They may even go further and explain that HTTPS uses an SSL certificate to secure the connection between the user’s web-browser and the web-server hosting the web-page.

But surprisingly, many do not know the details of how an SSL certificate works; the reliance on third-party trust, and why we will soon be facing a wave of problems with root certificates expiring.

There are a few businesses which have been proven to thrive in the conditions we find ourselves in today; and telecommunications companies are one of them. Whether it be Zoom, Webex, GoToMeeting or any other provider of teleconferencing software, the demand for such solutions and services have soared, as large swathes of the population now adjust to new working from home requirements.

As COVID-19 spreads and major cities go into lock down, more and more businesses are sending employees home to work remotely. The need for social distancing has become very real very quickly and has seen companies scrambling to implement remote access solutions as quickly as possible. 

We live in unprecedented times. Despite there being a number of occasions in recorded history where ah a medical emergency has befallen humanity; there has never been so many of us and never has there been such disruption to our economically interconnected world.

Recent research carried out by Check Point white hats has exposed a vulnerability in the Philips Hue lighting system, which utilises the Zigbee wireless protocol, and could compromise both home and corporate networks.

If there is one thing which unites us all in the world of IT security, it is the desire to eliminate known vulnerabilities so that we can continually improve and build upon what we already know. But did you know that a standard deployment of Microsoft Windows Server 2016 RTM, contains over 800 pages of known vulnerable configuration settings, according to the CIS (Centre for Internet Security)?

Every few months or so, there is a breach penalty which stands out among others. In this instance, it is the Dixons Carphone, which has been the recipient of a £500,000 fine in response to exposing the details of 5.6 million payment cards.

Every so often there is a seismic change in the IT security industry that creates a new benchmark upon which everything is measured. One such case of late, is an area that has remained unchanged for the large part of two decades – B2B file transfer.

The festive season is nearly upon us; and while you might be dreaming about cookies of the sugary and Christmas themed type, European judges have other ideas. The other type of cookie – and most likely the more frequent – are those used on websites to store small amounts of information on our local endpoints to assist with functionality.

Picture a heist. Picture that heist involving a hundred million people or more. Picture how that may look; imagine how that might sound. You’d be forgiven for imagining simultaneous full-scale bank robberies with alarms blaring and guns blazing, but this isn’t what heists look like anymore. Heists are silent. Heists hit millions, even billions, at one time from one remote location.

As the use of cloud technology continues to thunder along, it has given rise to a number of new industries and opportunities for IT teams globally. One example of this is the use of cloud-based security solutions - hosted by a provider and usually sold on a flexible subscription license.

We have all heard of hacked baby monitors, transport ticket machines infected with ransomware and internet connected vehicles being hacked. But, what does this have to do with enterprise networks?

With the McKinsey Global Institute estimating that 127 new IoT devices are added to the internet every second; and Gemalto reporting that only 33% of IT teams believing they have control over IoT devices on their networks, it feels as though a storm is brewing.

After working in this industry for over a decade, you very quickly get used to “the next big thing”. Sometimes it is no more than a storm in a teacup which peaks the attention of marketers but nobody else; other times it goes on to define the next few years (sometimes longer) of IT strategy and discussion.

SECaaS seems to be in the latter category - and there are two reasons why I think that is the case.

When thinking about automation in our workplace IT networks, it is easy to get carried away and conjure up sinister Bladerunner-style robots who work in-place of humans, slowly replacing us one by one.

So here we are. At that juncture which we have all be expecting, where warning and preparation meet reality. The GDPR has delivered intention of its first astronomical penalty value, with British Airways in its cross-hairs, to the tune of £183 million.

After last years high-profile data breach, it was expected that British Airways would be made an example of; and what an example it is.

We are often told that security is a game of when, not if - data breaches and cyber attacks for a long time have not been a roll of the dice but instead, a ticking clock. Cybercrime is such a lucrative and somewhat untraceable activity that the cross-hairs do not discriminate.

For some, it might have felt like the GDPR was a little bit of an anti-climax. Relative hysteria in the build up to May 2018 has not led to the end of marketing departments, mass administration of fined companies or denial of service by DPIA's.

Instead, in the 12 months since its enforcement, all has been a little quiet.

Or has it?

In today's IT environments, you would be hard pushed to not find some element of cloud usage. Whether that be email, storage or virtual machine hosting and computational power, this is no more evident than the 2018 growth statistics for Microsoft's Office 365; sitting at between 2 and 3 million new accounts added each month.

Whether you’re trying to increase revenue, reach, engagement or simply integrate systems, Application Programming Interface (API) utilisation is a must. We are in the age of big data, AI and machine learning, and there is no better way to exploit these data sources across multiple platforms and services than through the utilisation of APIs. APIs are no longer created just to meet a technical requirement, they are published with specific business goals in mind. With all of the big players out there offering a vast range of APIs, coupled with its wide spread adoption, the security implications were always going to be significant.

If there is one topic which most channel partners are keen to address, then it is managed security services. Keen to be more than just peddlers of security software; and wanting to provide a wider service, channel partners are faced with a bountiful marketplace of small-to-medium sized businesses who desire high-grade solutions with lesser pricing and more flexibility.

With all the headline breaches focusing on the more high profile victims of cyber breaches, you could be forgiven for thinking that the SMB sector is overlooked by hackers in favour of the big prize targets such as Ashley Madison, Three Mobile, Facebook, Yahoo, LinkedIn and Target. That isn’t the case, SMB’s are in fact taking the brunt of cyber-attacks and in some cases providing a route into the bigger high profile targets…