Posts Tagged

IT Support

Assigning Macros

Elizabeth Technology April 25, 2023

If you’re getting sick of having to, say, embolden and italicize words in your program over and over, have no fear – you can reduce the number of steps you have to take to do that (and many other tasks) using macros!

How To Make a Macro

The process is simple! To add a macro to a button on your mouse for use across the computer, follow these steps as listed by Microsoft (this document has pictures): https://support.microsoft.com/en-us/topic/how-do-i-create-macros-bd0f29dc-5b89-3616-c3bf-ddeeb04da2fb

To do so in Word, here: https://support.microsoft.com/en-us/office/create-or-run-a-macro-c6b99036-905c-49a6-818a-dfb98b7c3c9c

And Excel, here: https://support.microsoft.com/en-us/office/quick-start-create-a-macro-741130ca-080d-49f5-9471-1e5fb3d581a8

As with anything you do that could change the functionality of a button or mouse click, be very careful when assigning buttons certain actions! You don’t want to remove your ability to do something important (like right-clicking) by adding a macro that closes Word every time you try to paste something without using the keyboard.

Macros as a Malicious Entity

Programs like Word and Excel can come with macros designed to run as soon as the program is opened, and not every macro is harmless. Some do things like making hundreds of new documents, some can corrupt your drive, and most of them try to take over the other documents on the computer when they’re opened. This is why recent editions of Microsoft Office products warn you that you shouldn’t open a document outside of Safe Mode unless you trust it’s source. An ordinary-looking .XLSM document can completely brick your hard drive if it comes with the macros to do it!

This is also why you should always verify the sender of an attachment before you open an attachment, even a .pdf. Malicious attachments using macros can be used to steal the contents of the target’s email address book and send those addresses malicious emails too, continuing the cycle and spreading the document until it gets somewhere with valuable information. An early version of this, a macro called “Melissa”, would bait users into opening the document in Word, and then hi-jack their Outlook to send it’s bait email to the first fifty contacts in the victim’s address book as the victim (read more here at the FBI site: https://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519). Melissa itself may be obsolete, but the technique sure isn’t.

Worse, because the macro is coming from an application, it’s already compatible with anything that’s using that application. Mac is not spared this time. A malicious macro can open hundreds of garbage word docs on a Mac too!

How to Bind Keys For Everyday Use

Elizabeth Technology April 18, 2023

Firstly, check out what bindings your operating system of choice already has built in to the program!

Here’s Microsoft’s list of pre-existing keyboard shortcuts: https://support.microsoft.com/en-us/topic/dcc61a57-8ff0-cffe-9796-cb9706c75eec

And here’s Apple’s: https://support.apple.com/en-us/HT201236

Microsoft

To start, let’s look at Microsoft’s limitations. Every shortcut must start with the CTRL key. The second key must always be either ALT or SHIFT. The third key can be almost whatever you want on the keyboard (any letter, number, or punctuation mark, just not special characters) but there can only be three keys. Additionally, the shortcuts you make are going to override the originals, so it’s important to read the list above and consider which ones you’re okay with potentially overriding.

According to the Perkins School for the Blind, one of the easiest ways to set up custom bindings to open specific programs within windows is to:

1) pin the program to the task bar,

2) right click it,

3) right click it’s name in the menu that pops up in step two (may take a second)

4) left click “properties”

5) click the box that says “Shortcut Key”

6) type in the desired shortcut combination by pressing the keys

7) click ‘OK’.

After this, you can remove the program from your taskbar if you don’t want it there. The key combination should then open your desired file! Take note, though – if you used the same key binding as something already bound, it will overwrite whichever one came first.

You should also write down what you made so you don’t lose track.

Apple (Mac)

Apple’s weaknesses are different! When you create a shortcut using a binding that is already used elsewhere, the binding you make won’t work, and the system keeps it’s defaults. However, like Microsoft, you can only use a key once in a particular shortcut.

To make your shortcut on a Mac:

1) Open Settings, then tap Accessibility.

2) Tap Keyboards.

3) Tap Full Keyboard Access and turn it on.

4) Tap Commands.

5) Tap a command, then press a custom key combination to assign to it.

6) Tap Done.

You can also create keyboard shortcuts for many specific commands within apps!

1) Choose the Apple menu, go to “System Settings”, click “Keyboard” (you may have to scroll to see it), then click “Keyboard Shortcuts” on the right.

2) Pick “App Shortcuts” on the left, click the Add Button (may look like a plus sign),

3) Click the Application pop-up menu, then choose either a specific app or “All Applications”.

“All Applications” will let you set a shortcut for a menu command that appears in many apps, while picking the specific app will only set a shortcut for that app. If the app doesn’t appear in the list, hit “Other”, and find it in the box that opens there.

4) In the menu title field, type the menu command for which you want to set a shortcut, exactly as it appears in the app – including the “>” character (use ->), any ellipses, or punctuation.

5) Click into the Keyboard Shortcut field, press the buttons you want to use for the shortcut, and then click ‘done’.

Basic Adobe Acrobat Reader Instructions

Elizabeth Technology April 4, 2023

Adobe Reader is a free program offered by Adobe, that allows users to read PDFs. However, it cannot edit them, at least not for free!

Adobe Acrobat DC

Adobe Acrobat is a paid-subscription product that allows users to read and edit PDFs.

How Do You Set One As Your Default Program?

For Windows Users (10 and 11):

Right-click the PDF, choose ‘Open With’, click ‘Choose Default Program’, and then select your preferred PDF program from the list it provides. (If you have both Adobe Acrobat Reader DC and Adobe Acrobat DC, you should generally select Adobe Acrobat DC – it has more features!) If you want it to always use the program you’ve picked, select the checkbox at the bottom that says “Always use this app to open .pdf files” at the bottom, and hit ‘Okay’.

 For Apple Users:

Click the PDF file’s icon in the finder to select it. Go to ‘File’ in the top left, and select ‘Get Info’. Click the triangle next to ‘Open With’ to open the dropdown menu of programs, and select your desired program from the list (if it’s not there, it may be available under the option for ‘Other’). Click ‘Change All’.

Social Engineering as a Hacking Tool

Elizabeth Technology January 17, 2023

You may have heard by now that LastPass suffered a pretty big breach, although thankfully no user passwords were outright compromised (you should still enable 2FA on anything LastPass touched though – the URLs of the websites were lost in the breach so hackers could attempt to brute-force into an account they know you’ve visited).

The attack in question wasn’t a hack in the traditional sense, but a social engineering attack. The hacker(s) created a fake account in order to fool a developer into sharing credentials, at which point they stole data from the development environment to use later in a large-scale attack.

Change your passwords and enable 2FA wherever you can – if you’ve been using LastPass’s recommended 8 character long passwords, or anything that’s not truly random, you should upgrade your password to a longer one. 8-character passwords are no longer an impenetrable wall like they used to be, so longer, more random passwords or even passphrases that are multiple words long are better!

Remember: don’t listen to accounts claiming to be people you know if you don’t recognize the email address, and always check the address carefully for spelling mistakes. It does not matter if they know your name or if their email tag says ‘mom’ – both of these things are easy to make happen. Social engineering attacks include phishing attacks, so following the protocols for phishing can help avoid social engineering breaches as well. If someone calls you and demands you take immediate action, either by threatening or promising a gift that will disappear if you don’t respond ASAP, remember to pause a minute to really think about what they’re asking for, and verify thoroughly.

Similarly, if your work uses badges to control who enters the building, you shouldn’t hold the door open for people you don’t recognize as coworkers – this is known as ‘piggybacking’ and it takes advantage of the fact that most people want to be polite and will hold the door.

This is far from a comprehensive list, so always keep your eyes peeled – identity theft and social engineering can come from any direction!

Microsoft ‘Buddy Programs’

Elizabeth Technology January 12, 2023

Outlook vs. Exchange

Microsoft Exchange handles your emails. Rather, it handles them behind-the-scenes: you generally don’t have to get into Exchange to get your emails, just Outlook. Outlook is your mail client, the thing you use to send mail and look at the mail you’ve received, while Exchange is your mail server, which manages the resources needed to get the mail to you in the first place.

Since it’s a business feature and not a consumer one, the odds are you won’t be interacting with it very often (we do because we administrate business mail accounts!). Exchange also handles things like sharing or un-sharing mailboxes, as well as backing up your emails.

OneDrive vs. SharePoint

SharePoint is like Exchange, but for OneDrive, Teams, and a handful of other products! One large difference though is that SharePoint is designed to be a usable library as well as an archive. SharePoint allows you to design ‘sites’, (which are more like collections of files instead of websites) that can store and share files in the same way Google’s suite of services does, meaning team members who have access can modify the host file in real time. That way, you don’t have to merge files! If you’re worried about someone getting access to files they shouldn’t, SharePoint allows you to add and remove people on an individual basis. Additionally, most Microsoft products keep a log of changes made, although it doesn’t go back forever.  

Where OneDrive only backs up files for one person, and those files aren’t available unless shared, SharePoint handles the backing up and the sharing at the same time.  

More Antivirus is Not Always Better!

Elizabeth Technology August 9, 2022

Built-In Antivirus

Microsoft Windows has come with it’s own antivirus for quite some time. Windows 10 and 11, for example, came with Windows Defender built in and on automatically unless another antivirus was installed, at which point it would automatically switch off. Windows Defender by itself is plenty of defense for the kind of run-of-the-mill threats you’d run across browsing unsecured websites or trying to download games from websites other than big, trusted ones like Steam (given you’re listening to it when it suggests you double-check the source and double-check that you meant to download a .exe file) but some people would rather have this protection from a paid-for antivirus like Kaspersky or McAfee. The fact that those programs cost money doesn’t necessarily mean they’re better, but it can be a peace of mind thing – complaining about something that cost money means that some penalty can be extracted if the user isn’t satisfied, even a penalty as small as a partial refund.

This Computer’s Not Big Enough for the Two of Us

Windows Antivirus is unique for automatically stepping down when another program steps up. Many others don’t!

Antiviruses do not get better the more that you have. They interact in ways that step on each other’s toes and lead to false alarms. As an example: say a computer has both Norton antivirus and McAfee antivirus installed. McAfee will try to scan the computer for new threats upon startup, but will be interrupted by Norton, who interprets the file-checking as potentially hazardous behavior. Norton isn’t wrong, because ransomware will often sweep through files in some way or another, but it doesn’t recognize McAfee, and almost no other program has a reason to do that anti-viral scanning. Thus, Norton then tries to report McAfee to you! Some antiviruses have safety rails that literally will not let you whitelist (whitelisting refers to telling a program that a file or action is okay, or ‘whitelisted’) certain executable programs, so you get stuck in this horrid, unbreakable loop of antivirus fingerpointing every time you boot up your computer.

These interactions actually make your computer less safe – if both antiviruses have deadlocked themselves out of scanning because the other one says it’s a virus, your computer is not being scanned. That’s bad! Scanning is not completely foolproof, and a regular residential antivirus won’t necessarily be able to catch or handle something industrial grade, but it catches plenty of small things like trojans before they become serious problems that can cripple your computer.

Your computer is much better off with just one brand of antivirus on it at a time. Instead of more, buy better. And if you’re unsatisfied with one brand’s performance, completely uninstall it before you install the program you replace it with. Not only does that prevent them from interacting in a negative way, it also prevents the previous program from hassling you to renew it with pop-ups (McAfee is infamous for this). Either way, it’s going to save you some annoyances!

And in Other Realms

The antivirus problem is a pretty unique one because most programs don’t interact with every file on your computer in the way that they do. Two art programs are not going to start fighting over which one you should use, for instance. However, some other cases can be pretty similar. Like VPNs! Having more VPNs is going to slow down your computer without much additional benefit. The way a VPN works is that it takes your request, encrypts it, sends it to a server, unencrypts it, completes the request, encrypts it again, and then sends it back to you. This keeps your ISP from seeing this request, but it doesn’t necessarily anonymize the data – after all, the VPN’s server has to unencrypt the data to actually complete the request, so the VPN knows what the data is, and it knows where the request is coming from in the first place. The VPN has the same visibility the ISP initially had. Adding more VPNs to your computer will not solve this problem, it will just move it down the chain, and add extra time to each request you make in the meantime as it bounces around VPN servers.

If you only need to protect your data from the coffee shop’s open Wifi or want to watch Netflix Canada, the kind of VPNs you see advertised on Youtube will be able to do the job – the data won’t be strictly, unsubpoenably anonymous, but it will be encrypted and rerouted well enough to make those two things happen. If you’re trying to search for things that nobody can know about, you’d be better off downloading TOR (which stands for The Onion Router), a popular VPN with an excellent reputation for encryption and security. Using TOR to do illegal things is illegal, of course, but the act of downloading it and using it by itself is not.

Intro To Phishing, And How To Avoid It

Elizabeth Technology July 14, 2022

What is Phishing?

Phishing is the action of sending someone messages with the intent to deceive them into parting with information they otherwise wouldn’t have shared. While it’s commonly used to try and steal logins, cookies, and other digital data, it can be used to snatch things like government-assigned identification numbers, important medical information, and more.

It’s also not limited to email, despite the common perception – ‘smishing’ is phishing over text using things like fake verification texts, and the ever-popular phone scams can phish by pretending to be a bank or other service that the victim may actually use.

What’s the Risk?

Getting your PII (your personally identifying information) stolen is kind of a nightmare. You probably don’t need me to explain all the ways identity theft can really screw up your credit and reputation!

If a scammer gets ahold of the login to your bank service, and you don’t have 2FA enabled on your account, they can do quite a bit of damage to your account by requesting cards, making fraudulent purchases, or transferring out money. Even if your bank has policies to protect you and undo all that mess, it’s still going to be a very frustrating and anxious few weeks of reclaiming control of your account, communicating with the bank, and the bank trying to track down the phisher (if they even can). That’s just one login!

Aside from the big, important services like your bank and utilities, getting your password and login stolen from a service you don’t consider important can still really suck. It can even lead to the phisher getting into the services you do consider really important. Take a smishing attempt that looks like Fedex has tried to deliver a package, but couldn’t. Were you expecting a package? If you were, you’re probably a little concerned. You don’t notice there’s a typo in the text, or that the number it sent from is different than usual. You click on the link, and it leads you to Fedex Smart Delivery manager, prompting you to log in. If you type in the login, then you just gave them your Fedex credentials! That doesn’t sound like a big deal – Fedex is easy to reset, right? But it is a big deal. Your address is in Fedex. You have your telephone number in Fedex. Your delivery history is in Fedex. The phisher can use some of that information to open accounts in your name that they don’t intend to pay for, which can impact your credit score. Plus, if you reused that password anywhere else, you have to reset it everywhere it was used, because odds are the phisher is going to try and get into everything they can to gather more data and steal working accounts.

How to Better Protect Your Accounts

All of this sounds really painful. Luckily, there are a few tips that can make your information safer! Firstly, don’t re-use passwords. You may groan at the thought, but reusing a password for services makes it much easier to steal an account of yours if they get that password via a site breach or a scam. We recommend a password manager like LastPass – it makes it much easier to store and create unique, strong passwords for every site!

Secondly, you’ll be better protected if you use two-factor authentication on every website that has the option to. If you do fall for a phishing scam, the scammer won’t have the code necessary to get in! Of course, some scams are sophisticated enough to think of that beforehand: Craigslist, for example, had a bad rash of scammers a while back who would “text a code” to a seller “to make sure they were a real person”. The seller then gives them the code, and the scammer now has a Google Voice number with the seller’s phone number as the verified number behind it! They just social-engineered their way into bypassing 2FA. This is why you should never give out verification codes – especially if you didn’t request them. Instead, it might be time to reset the password of the account that verification email came from. Just don’t click any links in those verification emails, either: go straight to the home page of the site instead to log in. The verification email might be a phishing attempt all by itself, hoping you’ll click a fake link to the website!

How To Avoid it in the First Place

It’s better if they never get to test 2FA at all. There are a few key tips to avoid phishing scams. Firstly, is there a sense of urgency? Your utility companies aren’t going to call and say they’ll shut off your water without at least a few mailed reminders that your bill is due! The same goes for your bank. If they demand that you resolve a problem right then, right there, out of the blue, it’s probably a phishing scam (if you’re nervous it’s not a scam, call the alleged company using their number off of their Google page or their real website). This goes for both phone and email phishers.

 If it’s an email or a text, ask yourself if you were expecting an email or a text from that company. If you get a Fedex text update that you didn’t sign up for, it might be a phishing scam. If you got a notification from Walgreens that your photos have finished printing, and you didn’t print any photos, it might be a phishing scam. They want you to click or tap the links they include to see what’s going on. Spelling errors are also a common tell – it’s not impossible for a company to make spelling errors in their communications with you, but they won’t be littering the page with them! Phishing scams do that to weed out people who know better so they won’t waste time on targets that won’t crack.

You should also check the sender of the email! Spoofing is a technique that attaches a real name that you might know to an email address or phone number that definitely doesn’t belong to them. Anyone can set their name to George Smith or Big Company Customer Service in Gmail, but they can’t change the email address they’re sending from. If it’s [email protected] and not [email protected], for example, it’s probably a phishing scam.

The same goes for caller ID, although it’s getting harder and harder to tell real calls from fake ones – scammers can set their name to something like “Hospital” or “School” to make it more likely you’ll pick up. Some more sophisticated operations can even make it look like they’re calling from a different number altogether, using VOIP technology to match the area code of the caller to the person being called. Just like in the urgency tip, you should be able to call a legitimate company or organization like a school back from the number they have on their website, or the number you know to reach them at. If they’re really resistant to you hanging up and calling back for reasons that don’t make sense, it might be phishing. Unfortunately, some scam calls are really tough to pick up on, and the FCC can’t do much to stop them if they’re not in the US. Many people today don’t answer their phone unless they were explicitly expecting a call as a result, and phone companies themselves sometimes offer up call and text screening.

Spear Phishing

Spear Phishing is much more sophisticated by default. It’s a scam that can’t just be blasted out to 500 people, they want to get you! They’ll use every trick in the book they can to get you to click a link or give out information you shouldn’t. If they think you have valuable information on your company, for example, they may send an email pretending to be a coworker by using spoofing, and they will write more carefully to avoid misspelling anything. If something doesn’t feel right, it’s important to check the ‘coworker’s’ email address for spoofing, which should stop most spear phishing attempts in their tracks. If you examine the entire domain name for misspellings, you may find one! For example, somebody using [email protected] or [email protected] instead of [email protected] might snag a few people who didn’t look closely enough. A scammer may also try to use a line like “I’m locked out of my work email, so I’m using my personal one” to try and impersonate your coworker. Many organizations have policies against using personal addresses for this exact reason – how can you verify they’re with the company if they’re using Gmail or Yahoo? Anyone could make an account with their name at that point! In this case, if the coworker didn’t warn you or share this address with you beforehand, you shouldn’t interact with the email further. Don’t click any links or attachments in the meantime.

You can even forward the email to IT! If you’re worried that the coworker really needs that sensitive data (which fits into creating a sense of urgency, like mentioned above) consider the risks of falling for a phishing scam vs. the risks of standing your ground when you didn’t need to. A phishing scam can completely pull down your entire operation, lock up or steal files, and wipe computers of their data, setting a company back with nearly nothing. Not giving information out to an email address you don’t recognize can delay a project or annoy a client, yes, but it’s much better than wrecking your organization, in which case you’ll also delay projects, but for much longer as your company recovers from a phishing-based security breach. Better to be safe than sorry!

Future of working: The growing need for robust remote working solutions

Jeff Technology, Trends February 1, 2021

What does the future of work really look like? Unlock the full potential of cloud-based solutions.

Where the first initial lockdown, back in March last year had forced most companies into an abrupt digital setting, the two that have since followed only solidified this. This transformation has now manifested itself so that companies have become significantly, if not completely, reliant on remote, digital solutions to remain functional. As a result, the growing need for robust remote working solutions has surged, causing traditional and antiquated workplace solutions to fall by the wayside.

 

Embracing digital transformation and unified workplaces

The evolution of digital transformation has fast-tracked the online revolution, meaning elaborate predictions of future working are now not so distant. The boundaries between working from home and in the office are now completely blurred as we find ourselves marching through 2021. The need for physical office space now seems redundant as we can work just as we did before, if not better, from home and exceed productivity and collaboration standards.

 

A far stronger focus is now on the availability of IT tools as workforces rely on these methods of remote solutions to remain as collaborative with their colleagues as possible. For example, proprietary business communication platforms have completely revolutionised the way we communicate, collaborate and generally work as they dealt with the majority of the population pivoting to remote working. State of the art interactive, virtual meetings via a browser promotes efficient collaboration and strengthens the performance of organizations, while necessary commutes can be reduced or in some cases avoided.

 

What’s more, the capabilities to provide quality engagement between employer and employees is now of utmost priority. As we navigate a more digitized year than ever before, employees should be equipped with most efficient solutions that IT managers can source within minutes, instead of days or even weeks so that effective communication internally can also benefit.

 

This ‘future of working’ model can be achieved through introducing personalized digital workspaces accessed through a browser of any device, anywhere in the world. Perfectly suited to the new home and office split, innovative cloud technology enables organizations and their staff to access any of their applications hosted on-premise or in the cloud, as well as internal and external web applications instantly.

 

Understanding the challenges

The sudden pivot to mass remote working, however, has not been as smooth sailing as initially thought after all. For companies still operating in traditional virtual environments, remote working solutions often lack flexibility to include legacy or GPU intensive applications that are traditionally running on a desktop or on-premise solutions. Though, it is not too late to innovate and take the first step towards cloud-based technologies. It cannot be stressed enough that cloud computing is here to stay and can offer these types of businesses a life line before it’s too late and fall completely behind digital transformations and breakthroughs.

 

Additionally, let us not forget that the internet is no doubt a dangerous place. A world now mostly operating online, puts the traditional-based IT infused companies, even more at risk. In fact, there are several emerging cyber threats with an impact that have never been seen before. Due to existing Enterprise software protection solutions that are decades old and vulnerable, many businesses are left exposed and ‘easy’ to attack. And now, with the entire UK workforce being told to work from home, where possible, investing in secure and reliable solutions has never been so crucial for the online safety of not only a business, but its workforce.

 

Companies can look for intelligent cloud-based solutions that combine the benefits of streaming an online workplace effortlessly with complete trust in the solution to resolve exposure to hackers. For example, when using the cloud, client-to-site VPN connections are no longer required as a result of migrating systems to the cloud, meaning there is no point of attack for trojans. Furthermore, no end device within an organization will be able to access an application server as the direct communication between the user and the target system can be completely ruled out with cloud software.

 

Yet, it is all types and sizes that can be affected. Even multinational companies fall victim to cyber hacks, often involving over 1000 employees due to vulnerabilities in outdated architecture. Investing in state-of-the-art cloud solutions that include cyber insurance will become a new box to add to the IT checklist in 2021 and beyond.

 

What’s more, new cloud technologies have emerged and seen acceleration in adoption, thanks to the influx of home working such as Everything-as-a-Service (XaaS). This type of solution enables all IT services to be offered in the cloud for workforces as they work remotely. XaaS not only provides remote workers with advanced flexibility but ensures enhanced security due to it encompassing the likes of other solutions such as IaaS, PaaS and SaaS.

 

How cloud can help create the ‘anywhere office’ for the millennial workforce

Implementing an efficient cloud adoption strategy

If the multiple lockdowns have taught us one thing, it is that cloud adoption is no doubt proving to be one of the most efficient ways to secure and sustain the demands of a digital workforce. Now in 2021, we hope to reach some kind of normality as the dust will hopefully settle on the Covid-19 pandemic. Remote working is now here to stay and it will be up to business leaders to make sure they have the correct and most efficient cloud adoption strategy in place, for their employees. Armed with the right cloud solutions, businesses have the potential to simplify their IT ecosystems and procure solutions without committing to large upfront investments.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.weforum.org

3 ways to fill worrying cybersecurity gaps

Jeff Technology, Trends February 1, 2021

As businesses of the future evolve to be more digital and more shared, the need to prepare to avert a cyber pandemic – with potential even more than the coronavirus to upend our lives – has never been more urgent.

 

We need to strengthen our strategic response to the risks before we invest in tactics. Our plans must work harder and smarter to address capability gaps.

 

A common agenda will build the confidence and competence to achieve the resilience we need.

 

If humanity ever needed reminding of our interdependence, the pandemic has brought that home. As we scale up our response to the crisis, through largely digital means, our interconnectedness grows exponentially. And with it our vulnerability to the risk exposures of the virtual world. In fact, businesses of the future are evolving to be more digital and more shared. The need to prepare to avert a cyber pandemic – with potential even more than the coronavirus to upend our lives – has never been more urgent.

 

For a moment, let’s think of the unthinkable. A world without phones and internet, with idling trucks, trains and planes because fuel pumps and charging stations are incapacitated; banks shuttered; food supply chains broken; and emergency services made all but unavailable. This bleak vision would be inevitable if electricity supplies are cut off by a cyberattack.

 

In a scenario such as this, we know, that the ensuing swift blackout would be crippling. Unfortunately, we also know that a crisis of this scope, sophistication and impact is not just possible but something we are currently dealing with – albeit in a different context.

 

Global Technology Governance Report 2021

Last month, a group, believed to be Russian, gained access to over 18,000 systems – belonging to government and corporations – through a compromised update to SolarWinds’ Orion software. We were unprepared to prevent the attack because the bad actors slipped through the exact whitelisted software supply chain we trust. Even more regrettably, the software supply chain allowed them to access the network of FireEye – the US-based cybersecurity giant known for investigating and remedying some of the world’s most high-profile breaches.

 

While FireEye’s customers remained largely unimpacted this time, the moral of the story is that no one and nothing is immune. Our sources of cyber-protection – software updates or defending partners – can be the Trojan Horse where everything around us devolves into chaos.

 

Well before we learnt these tough lessons in the final weeks of a rather challenging 2020, the World Economic Forum questioned whether our individual and collective approach to managing cyber risks is sustainable in the face of the major technology trends taking place.

 

Although there’s an array of resources to manage cyberattacks, we still have a long way to go before we can, as a whole, effectively counter these threats. We need to strengthen our strategic response to the risks before we invest in tactics. Our plans must work harder and smarter to address capability gaps in three areas:

 

  1. More coordination

Consider the SolarWinds attack. It did not directly hit its intended targets. Instead, the attackers surreptitiously built a chain of offence, that included non-government agencies, security and technology firms along with educational institutions, to inch unnoticed towards their real targets for espionage.

 

They knew they’d find their mark through our digital interconnectedness. We can turn this same intertwining of infrastructure to our advantage. Research tells us that hackers attack computers with Internet access—every 39 seconds on average. If we all shared threat intelligence, across borders, across the private and public sector, across industries and competitors, the collective intelligence could only move us forward faster.

 

An invaluable first step would be to develop more open systems, while adopting common standards and taxonomy in cybersecurity. This will serve us better to integrate and train our teams to drive holistic security. Global spending on cybersecurity solutions is projected to exceed $1 trillion cumulatively over the five-year period from 2017 to 2021. We must reprioritize these budgets to align with shared goals including collaborating to overpower organized cybercrime and the private-sector technology nexus with nation-state attackers.

 

  1. More sophistication

The Global Risks Report 2020, articulated how the digital nature of the Fourth Industrial Revolution technologies is making our landscapes vulnerable to cyberattacks. For example, it is estimated that there are already over 21 billion IoT devices worldwide, slated to double by 2025. Attacks on IoT devices increased by more than 300% in the first half of 2019 alone.

 

The report, observes how “using ‘security-by-design’ principles to integrate cybersecurity features into new products continues to be secondary to getting products quickly out into the market.” Our current approach of bolt-on security needs to be reimagined to create stronger build-in standards, including SDLC-security quality certification, that makes software partners more accountable for security assurance. Along with this discipline in securing the supply chain as meticulously as we secure our products, we need better design architecture to tackle the challenges at hand.

 

  1. More human capital

At the same pace that AI is growing useful in cyber defence, it is also enabling cybercriminals to use deep learning to breach security systems and harness data sets to improve response to defence.

While we can battle machine with machine, nurturing a strong pipeline cybersecurity talent, will give our defence an edge. We need better problem finders in greater numbers to work with our problem-solving machines. And this time, they need to be embedded in the complete lifecycle of our processes. Every person in the ecosystem must understand his or her role with respect to cybersecurity and be accountable to deliver to metrics and standards for cybersecurity quality. As of 2019, there were an estimated 2.8 million cybersecurity professionals worldwide, against a need for over 4 million.

 

If there is one lesson from dealing with the pandemic, it is the need to take each other along as we move forward into a more secure future. The very nature of a pandemic is such that no one is really safe unless everyone is safe. A cyber pandemic is no different. It is in shared trust and a common agenda that we can build the confidence and competence to achieve the resilience we need.

 

We’re Elixis Technology

In the ever-changing, technology-centric world we live in, it’s vital to have an I.T. solution source you can count on. At Elixis Technology, it is our mission to help businesses — big and small — produce the results their customers demand, with technology that actually works.

.

News Source: https://www.weforum.org