If there is one thing which unites us all in the world of IT security, it is the desire to eliminate known vulnerabilities so that we can continually improve and build upon what we already know. But did you know that a standard deployment of Microsoft Windows Server 2016 RTM, contains over 800 pages of known vulnerable configuration settings, according to the CIS (Centre for Internet Security)?

Every few months or so, there is a breach penalty which stands out among others. In this instance, it is the Dixons Carphone, which has been the recipient of a £500,000 fine in response to exposing the details of 5.6 million payment cards.

Every so often there is a seismic change in the IT security industry that creates a new benchmark upon which everything is measured. One such case of late, is an area that has remained unchanged for the large part of two decades – B2B file transfer.

The festive season is nearly upon us; and while you might be dreaming about cookies of the sugary and Christmas themed type, European judges have other ideas. The other type of cookie – and most likely the more frequent – are those used on websites to store small amounts of information on our local endpoints to assist with functionality.

Picture a heist. Picture that heist involving a hundred million people or more. Picture how that may look; imagine how that might sound. You’d be forgiven for imagining simultaneous full-scale bank robberies with alarms blaring and guns blazing, but this isn’t what heists look like anymore. Heists are silent. Heists hit millions, even billions, at one time from one remote location.

As the use of cloud technology continues to thunder along, it has given rise to a number of new industries and opportunities for IT teams globally. One example of this is the use of cloud-based security solutions - hosted by a provider and usually sold on a flexible subscription license.

We have all heard of hacked baby monitors, transport ticket machines infected with ransomware and internet connected vehicles being hacked. But, what does this have to do with enterprise networks?

With the McKinsey Global Institute estimating that 127 new IoT devices are added to the internet every second; and Gemalto reporting that only 33% of IT teams believing they have control over IoT devices on their networks, it feels as though a storm is brewing.

After working in this industry for over a decade, you very quickly get used to “the next big thing”. Sometimes it is no more than a storm in a teacup which peaks the attention of marketers but nobody else; other times it goes on to define the next few years (sometimes longer) of IT strategy and discussion.

SECaaS seems to be in the latter category - and there are two reasons why I think that is the case.

When thinking about automation in our workplace IT networks, it is easy to get carried away and conjure up sinister Bladerunner-style robots who work in-place of humans, slowly replacing us one by one.

So here we are. At that juncture which we have all be expecting, where warning and preparation meet reality. The GDPR has delivered intention of its first astronomical penalty value, with British Airways in its cross-hairs, to the tune of £183 million.

After last years high-profile data breach, it was expected that British Airways would be made an example of; and what an example it is.

We are often told that security is a game of when, not if - data breaches and cyber attacks for a long time have not been a roll of the dice but instead, a ticking clock. Cybercrime is such a lucrative and somewhat untraceable activity that the cross-hairs do not discriminate.

For some, it might have felt like the GDPR was a little bit of an anti-climax. Relative hysteria in the build up to May 2018 has not led to the end of marketing departments, mass administration of fined companies or denial of service by DPIA's.

Instead, in the 12 months since its enforcement, all has been a little quiet.

Or has it?

In today's IT environments, you would be hard pushed to not find some element of cloud usage. Whether that be email, storage or virtual machine hosting and computational power, this is no more evident than the 2018 growth statistics for Microsoft's Office 365; sitting at between 2 and 3 million new accounts added each month.

If there is one topic which most channel partners are keen to address, then it is managed security services. Keen to be more than just peddlers of security software; and wanting to provide a wider service, channel partners are faced with a bountiful marketplace of small-to-medium sized businesses who desire high-grade solutions with lesser pricing and more flexibility.

What is it that you think of when reading or hearing the term "machine learning"? Chess playing robots? That gadget that cuts the grass of your lawn while you enjoy your new-found spare time? or the terminator relentless chasing Sarah Connor through a movie franchise and TV series?

From smart automated homes to WiFi enabled children's toys, this Christmas was a bounty for manufacturers of gadgets and gizmos offering internet connected functionality. Otherwise known as IoT or the Internet of Things.

But, what exactly is IoT and what concerns does it bring to companies and organisations who adopt such technology?

There is a very good chance that you have used multi-factor authentication (sometimes referred to as two-factor authentication) at some stage over the past few years, even if you are not familiar with the term.

By now I am sure you have seen and read enough IT security "predictions" for 2019. As cynical as it may seem, I often chuckle at the alignment of an author's predictions and the solutions and services that they sell. Coincidence? Or good marketing?

AI, ML, DL... we live in an age of jargon which is sometimes hard to keep up with. You probably have a general awareness of what artificial intelligence (AI) is or you may even have worked with an IT solution which professes to use AI in some manner.

There are many myths surrounding the creation and naming of Black Friday, that yearly American imported shopping bonanza, which seemingly includes almost anything these days. Including, the dark web where it was reported that cyber criminal gangs were selling stolen credit card details at a limited discount.

With the final months of 2018 in full swing, every vendor, marketing agency and outlet will be busy evaluating the events of the year; and looking into their crystal balls, in an attempt to predict the trends of 2019.

Despite it being punished under the Data Protection Act 1998, the penalty handed out to Equifax recently in reaction to their catastrophic handling of a widely reported data breach in 2017, has pushed the issue of data protection and the GDPR right back under the spotlight.

If you have been following our blog for the past few weeks, you will know that we have been focusing on the well-known virtues of third-party managed IT security solutions, otherwise known as managed security services providers (MSSPs).

For anyone who works in IT or compliance, you will be more than aware that the year 2018, has been seen more than its fair share of new regulations and updates to industry standards. This year alone we have seen the introduction or update of:

It seems that every IT-related conversation involves some element of cloud today. From cloud-hosted email, to cloud-hosted file storage and even cloud-based telephony through the use of centrally hosted VoIP services.