Security, performance and a good, sharp price
These are probably the three things IT users care about the most – not necessarily in that order. In this issue we have news on all three fronts.
We’re pleased to announce that our chosen firewall partner has come out top in a key industry survey. There’s good news for smartphone users, with the impending release of Samsungs latest Galaxy range. Last but not least, we’ve negotiated two very good deals for you.
Read on to find out more. And enjoy the summer weather as long as it lasts.
For security, we trust Fortinet
We are constantly reviewing the solutions we use for our clients’ IT security. Our firewall of choice for the last few years has been Fortinet.
So we were pleased to see the results when Gartner released their annual survey of firewalls for small and medium-sized businesses late last year. As you can see, Fortinet was rated very highly.
Almost here – the new Samsung smartphones
The latest flagship Android phones from Samsung are about to be released, with the Galaxy S10, S10+, S10E devices set to arrive in the next few weeks.
So what’s in store for users? With a rumoured three models in the line-up, you’ll have more options than ever. The S10e or S10 Lite will likely be introduced as a less powerful, cheaper, smaller device to compete with the iPhone XR.
We’re expecting a significant hardware upgrade with features like a fingerprint sensor embedded in the screen, a ‘punch-hole’ style cutout for the front-facing camera and sensors, and even a triple lens cameras.
The processor has been upgraded to the latest Snapdragon or Exynos offering, with rumours of up to 1TB of internal storage and 12GB of RAM. The S10 range should really pack a punch for those heavy users
Unsurprisingly, this upgrade will come at a cost. Expect a price increase for all the S10 models compared their S9 counterparts.
Meet Caleb Morton
|What’s your job title, and what does it involve?|
I’m in Technical Sales. Typically, that involves designing and quoting solutions for customers, fielding general queries via email and phone, answering questions about Office 365 and ordering licensing for our many different services. I also manage a number of our customers’ accounts, dealing with general advices, queries, liaising with project engineers, and scheduling meetings to discuss future planning.
What’s your background and how did you come to be working at Fission IT?
Previously I worked in an IT retail store specialising in high-end, custom-made computers. It was an interesting job quoting and building water-cooled gaming machines and expensive 3D modelling workstations for mapping city plans in 3D.
Before that I studied a Diploma in ICT, which set me up for a career in the IT industry.
What do you enjoy most about your job?
Receiving feedback on how a solution we supplied has made a significant impact on a client’s business. Customer satisfaction is something I take personally and feedback is vital in ensuring we do the best job possible for our customers.
How do you spend your time outside work?
I enjoy travelling a lot. There aren’t many places in the North or South Islands that I haven’t been.
I also enjoy working on cars or motorbikes with friends, whether we’re spending a day detailing the exterior or just tinkering with small modifications. If I’m not at some car-related event or working in my garage, I will probably be listening to music, playing a video game or out to dinner with some mates.
Imagine the Internet 20 times faster…
You may have read about the controversy over Huawai’s 5G Internet proposal being knocked back by the government. Why does this matter? It’s because 5G is set to become the critical data and communications infrastructure that powers the world over the next few years.
5G Internet is roughly 10 to 20 times faster than 4G so there are some massive benefits. No countries have yet rolled out 5G but it’s not far off. The latest estimates are that New Zealand could have a 5G network available by late 2020.
|More peace of mind with Barracuda|
In January we raised our Barracuda partner level to Premium after completing more training. Barracuda is our chosen platform for email security, Office 365 backup and data archiving.
Office 365 outages
There were a few Office 365 outages in January and February, with a small percentage of Fission IT clients being affected. No data was lost but access to email and Microsoft Teams was temporarily affected. Our service desk was on standby and received a lot of calls about the issue.
Note there is a third party website where you can check the global status of any Office 365 outages: https://downdetector.co.nz/problems/office-365/map/
Most of us have experienced the annoyance of waiting for our computers to update while we anxious drum our fingers wanting to move onto the next task. But rather than be annoyed, it is important to remember why we have these updates in the first place. In this blog post, we will discuss 3 things to know about why updates are vital for your company’s safety.
Hackers Exploit Out-of-Date Systems
Updates and patches are there for one main reason—to fix issues that users or the developers themselves have identified. Some of these errors allow for malicious users to hack into your computer or network and wreak havoc. You can liken a computer without the most recent updates to a business leaving their front door unlocked. It only takes someone with the wrong intent to check that door and find out it is open for them to cause whatever harm they desire.
Updates Can Pile Up
When you aren’t consistent about letting your computer update, the updates pile up and there never seems like a good time for you computer to spend an hour updating. Staying on top of your updates keeps your computer safe from being vulnerable. At Fission, we suggest planning updates for a time when your network isn’t busy. Perhaps set a weekly reminder on your phone or computer to run any updates on your computer if your device is not managed by us. Make it right before your lunch break or run updates before a meeting when you won’t be needing your device so it can update without causing any inconvenience to you.
Fission Can Help
At Fission IT, we can help manage your updates so they don’t seem overwhelming while still providing all the security you need for your computers and systems. Don’t leave your door unlocked—so to speak—and encourage staff to complete regular updates. To find out more about how Fission IT Security Services NZ can help, contact us today.
Security breaches can be disastrous for a business. Stolen data can result in financial liability and loss of customer confidence. Ransomware and other sabotage will lead to downtime and even permanent data loss. To avoid such outcomes, you need a comprehensive security strategy.
Only authorized people should have access to internal software and sensitive data. All accounts need to have strong passwords. Two-factor authentication gives greater protection, so that a stolen or guessed password isn’t enough to get in. Employees should have only the amount of access they need.
Employee accounts shouldn’t be accessible over the public Internet. Telecommuting is an excellent benefit, but employees should have access only through a VPN or equivalent security.
Every computer on the network should have anti-malware software, and it needs to be regularly updated. New threats appear on the Internet every day, and any that get through to your computer can do serious damage if they aren’t caught quickly.
Spam filtering is equally necessary. If someone opens a malicious email attachment, it can mean serious trouble. If phishing mail doesn’t reach the victim’s inbox, it can’t do any harm.
Data that leaves the premises should be encrypted, and so should any sensitive on-premises data. If confidential information such as financial data needs to be stored, it should be in a hashed or encrypted form. Laptops and phones that hold proprietary information should use whole-device encryption.
Defense in depth is what this is about. Attackers shouldn’t have access to the data in the first place, but if they get it, it should be in a form they can’t do anything with.
People can delete data by mistake, or malware can destroy it. To keep it safe, you need an up-to-date offsite backup. If your only backup is on the premises and connected to the computer, it can be wiped out along with the original. The more frequent the backups are, the lower the risk. The backup needs to be encrypted both in transit and where it’s stored.
We are an IT company who provides managed IT support services that will keep your systems safe and smoothly running. Contact Fission to learn what we can do for you.
How to Lower The Cost of Your Company’s IT
Finding IT support people to fill your staff is whole different ball game. Whether it’s knowledge and expertise or you’re trying to save on payroll, outsourcing may be a better idea.
Outsourced IT support has many benefits and it’s becoming a popular way for many businesses to manage this department. Wouldn’t you rather rest assured that your IT needs are taken care of, constantly, without the extra headaches?
In this article, we’re discussing how outsourced IT support can lower your company cost.
Keep reading to learn more.
Outsourcing allows a company to seek the best support and professional service available for a particular product. Outsourced IT support is no different.
IT Support Services NZ based staff will be knowledgeable and probably considered experts in the field. Their experience, coupled with fast and effective troubleshooting and fixes will save you lots of headaches. The last thing you want to deal with when you’re trying to promote your business or sales is an IT problem.
The efficiency and speed of an IT support specialist rival no other support you can get in the field of business.
Save on Investment
Instead of investing in an infrastructure for an IT department for your business, consider outsourced IT support, instead.
Outsourcing allows you to pass the infrastructure and development of your IT needs on to the specialized staff working for you. You can make it a requirement of the contract to build the IT for your company as necessary or required.
Save on Training and Recruiting
Training and recruiting, especially for IT can cost thousands of dollars to find the right staff. You want people with specialized skills that can handle a diverse workload and fix problems immediately.
You can save time to focus on other necessary functions of your business instead of arranging training programs and other meetings necessary for your IT staff. With outsourced support, you can hand the work directly over to the experts that will provide quality work, the first time.
If you carry in-house support, your IT team are only working during business hours. With outsourcing, you can assign something at five o’ clock in the afternoon and expect it back on your desk the next morning because the IT support works on a different schedule.
Quicker Turnaround Times
Along with faster results, outsourced IT support allows you focus your attention on the business instead of IT problems.
Outsourcing puts some of the work on the outsourcing company when it comes to developing new ideas and concepts. They can help deliver faster products and ideas that may even give you a competitive edge.
Access the Best Talent
IT specialists can be difficult to come by, whether you’re looking to fill one vacancy or an entire department. It’s also an expensive position or positions to fill. But you want the best of the best, don’t you?
Access some of the best talent available by outsourcing your IT functions to specialists. They are knowledgeable and specifically trained to handle the daily needs of your business.
What if something occurs that prevents your company from running daily operations as normal? Usually, everything would stop, including IT operations.
With outsourced IT support, you can rest assured that your IT department is continuously functioning at optimal levels. No matter what stops your other daily operations from proceeding at full speed.
Consider this a risk management strategy that can even get the company back on track after a loss.
Outsourced IT support is a sure way to save your company money. Outsourcing this type of work can be done for a very low cost in comparison to doing it yourself.
When you consider that the support you’re receiving from an outsourced company is professional and experienced, there’s no question. IT is an important component of your business after all. You need it to run smoothly and efficiently to keep other operations productive.
Outsourced IT support is cost-effective for the overall function of your business.
Outsourced IT Support
There’s no sense in spending extra money on IT support when you can outsource it for a significant savings overall.
Outsourcing is a popular way for many businesses to handle their costs. It’s one of the best ways to utilize your resources to the fullest. You can even stay ahead of your competition because your IT runs smoothly with outsourced support.
The benefits of outsourcing are beyond cost savings, too. Keep these tips in mind when you’re faced with the decision to outsource IT support.
If you’re ready to see what outsourcing can do for your business, contact us. We are a managed IT service provider based in Auckland, New Plymouth and Hawke’s Bay.
FortiGuard Labs just released our latest Quarterly Threat Landscape report for Q4 of 2017. As usual, there are a lot of take-aways for CISOs, but a few items stood out. In particular, attacks were up per firm by 82% and swarm cyber attacks targeted the Internet of Things (IoT) with growing intensity.
Cyberattacks are being launched at an unprecedented rate. In fact, over Q4 of 2017 we detected an average of 274 attacks per firm, which is a staggering 82% increase over the previous quarter. The number of existing malware families also increased by 25%, to 3,317, and unique malware variants grew 19%, to 17,671, which not only indicates a dramatic growth in volume, but in the evolution of malware itself.
A deeper analysis of this trend shows that this dramatic increase in volume is probably intentional. In order to hit the maximum number of vulnerable targets before countermeasures, such as updated AV or IPS signatures can be put in place, a high volume of malware is necessary to accelerate its ability to spread more rapidly to other organizations.
But it’s not just about volume. According to our CISO Phil Quade, “The volume, sophistication, and variety of cyber threats continue to accelerate with the digital transformation of our global economy. Cybercriminals have become emboldened in their attack methods as they undergo a similar transformation, and their tools are now in the hands of many.” These increasingly sophisticated attacks are catching far too many organizations unprepared. For example, we are seeing new IoT-based attack swarms that span across malware families with new, harder to combat multi-vector attacks, along with the rapid development and propagation of new variants.
Here are just a few takeaways from this quarter’s report:
Three of the top twenty attacks identified in Q4 were IoT botnets. But unlike previous attacks, which focused on exploiting a single vulnerability, new IoT botnets such as Reaper and Hajime target multiple vulnerabilities simultaneously. This multi-vector approach is much harder to combat. In addition, Reaper was built using a flexible Lua engine and scripts to run its attacks. This framework means that rather than being limited to the static, pre-programmed attacks of previous IoT exploits, Reaper’s code can be easily updated on the fly to run new and more malicious attacks as they become available.
Devices like Wi-Fi cameras in particular were targeted by cybercriminals, with over four times the number of exploit attempts detected over Q3. The challenge is that none of these detections is associated with a known or named CVE, which is one of the more troubling aspects of the myriad of vulnerable devices that make up the IoT.
These issues are being compounded by a number of critical challenges that are slowing down the IoT industry’s ability to address this alarming growth in attacks. The first is that few IoT manufacturers have a Product Security and Incident Response Teams (PSIRT) in place that can respond quickly to new vulnerabilities. This means that after we or other researchers detect device vulnerabilities, getting that information to the right team inside their organization is often a complicated process. And second, the lack of regulations around IoT security means getting some of these manufacturers to prioritize a known threat can be even more frustrating, as evidenced by the number of exploits that have been successfully targeting known vulnerabilities for months that still don’t have an official CVE attached to them.
Cybercriminals are clearly motivated to exploit the growing interest in digital currencies. As a result, we have documented a significant spike in attacks targeted at this trend. Cryptojacking takes many different forms, and a malicious infection can result in everything from browser hang ups, system crashes, and degraded network performance to data theft and ransomware. There are three primary trends in this area, and each of them is unique in its approach.
Second, with the growing number of cryptocurrencies on the rise, and the dramatic growth in value of many of these making the news around the world, cybercriminals are looking for ways to exploit those individuals looking to cash in on a new opportunity. Which explains why we have detected a new social engineering-based attack that gets users to download malware by posing a link or attachment as a new crypto-currency wallet. This “wallet” then gets users to provide personal information during a fake registration process, while simultaneously downloading malicious malware, such as ransomware, onto their device. Ironically, criminals use a fake digital currency to gain access to a device and then demand payment with another, legitimate cryptocurrency to unlock it.
Finally, we are seeing a shift on the Darknet from only accepting Bitcoin for payment, the value of which has become unpredictable, to other forms of digital currency, including ransomware demands for payment such as Monero.
The growth in volume and sophistication of ransomware is a common thread across all of our threat reports to date. Several strains of ransomware topped the list of malware variants. Locky was the most widespread malware variant and GlobeImposter followed as the second. A new strain of Locky emerged, tricking recipients with spam before requesting a ransom. Ransomware continues to morph and leverage new delivery channels such as social engineering (e.g., cryptomining). It is also much easier for criminals to access with the emergence of Ransomware-as-a-Service models.
Steganography is an attack that embeds malicious code in images. It’s an attack vector that has not had much visibility over the past several years, but appears to be on the resurgence. The Sundown exploit kit uses steganography to steal information, and while it has been around for some time, it was reported by more organizations than any other exploit kit. It was found
dropping multiple ransomware variants. As a result, it is a threat vector that we will be watching closely in the coming quarters.
Traditional threat detection tools and signature-based antivirus are simply unable to keep pace with the volume, variety, and velocity of today’s malware. According to Phil Quade, “The stark reality is that traditional security strategies and architectures simply are no longer sufficient for a digital-dependent organization. There is incredible urgency to counter today’s attacks with a security transformation that mirrors digital transformation efforts. Yesterday’s solutions, working individually, are not adequate. Point products and static defenses must give way to integrated and automated solutions that operate at speed and scale.”
To address the challenges facing organizations today, security teams need to take a more proactive approach that includes the following:
Managing vulnerabilities. Organizations need to prioritize patching based on malware volume. At the same time, they need to implement advanced threat protection capabilities such as sandboxing to detect and respond to unknown threats before they can impact the network.
Being prepared. As attacks like cryptojacking gain momentum, organizations need to prioritize cybersecurity awareness programs, including educating users on how to recognize social engineering attacks. In addition, as new digital currencies grow in popularity among cybercriminals, organizations may want to stay informed of cryptocurrency trends as much as possible.
Fighting fire with fire. Malware continues to evolve, with new IoT-based attacks that swarm together to target multiple vulnerabilities and devices simultaneously across multiple access points. These new multi-vector threats must be met with integrated, collaborative, and automated security approaches that can pit swarm versus swarm. The Fortinet Security Fabric, for example, provides a swarm-like defense deployed across the entire distributed network. It leverages integrated security technologies and automation to identify and share events and notifications, correlate threat intelligence, and orchestrate a response that uses the combined resources of the entire security infrastructure to repel attacks anywhere across the extended and highly elastic attack surface.