Contact Support

If you are an existing client to get support call us on:

+44 (0)1483 412 042

OR

Login to the portal

Support portal

If you've been given a 6-digit support code

click here

Not an existing customer?

Contact us

Where to focus your cybersecurity defences in 2021

Cybersecurity is constantly evolving; cybercriminals develop new ways of attacking individuals and organisations, while cybersecurity experts create methods to counteract these to defend and protect organisations. Verizon have published their 2020 data breach report, which is a great resource containing plenty of really interesting statistics. ramsac’s Technical Director, Paul Mew, has analysed the report to highlight some key points to help organisations to ensure they are focusing on the right areas to improve their security as we move into 2021.

 

Email phishing is rife

 

The vast majority of breaches in 2020 involved e-mail phishing attacks. Cybercriminals with a financial motivation were using stolen credentials, intercepting e-mails, changing payment information and creating fraudulent invoices to scam money from individuals and organisations.

 

“Social actions arrived via email 96% of the time, while 3% arrived through a website. A little over 1% were associated with Phone or SMS”.

 

There were also a large number of brute force password attacks and ‘password sprays’. Brute force password attacks target a website or application’s login page and automatically cycle through common passwords until the correct one is found. Password spays are a different approach, where the same commonly used password is attempted on thousands of accounts so as not to trigger an automatic lockout on those accounts.

 

Malware in decline, patching still important

 

Interestingly Verizon found there has been a steady decline in breaches from malware, including ransomware, during 2021. This is probably due to improved malware and anti-ransomware solutions such as Sophos Intercept X, and it tallies with what our support desk has been seeing, with fewer ransomware and crypto-locker type incidents compared to a couple of years ago.

Verizon also identified an interesting point around vulnerabilities, these were only exploited in around 2.5% of all breaches they reviewed:

 

“While successful exploitation of vulnerabilities does still occur (particularly for low-hanging fruit), if your organization has a reasonable patch process in place, and you do not have a state-aligned adversary targeting you, then your time might be better spent attending to other threat varieties.“

 

They also reported…

 

“…we took two samples from vulnerability scan data: organizations with the Eternal Blue vulnerability present on their systems and those without.

The systems that were vulnerable to Eternal Blue were also vulnerable to everything from the last decade or two. Once again, no, each new vulnerability is not making you that much more vulnerable”

 

This means provided organisations are patching regularly, a new vulnerability doesn’t immediately make an organisation significantly more vulnerable. It’s the organisations who don’t patch at all that are the ones suffering from vulnerability exploits (both new, and ones from ten years ago like Eternal Blue).

 

AHI and flying cars!

 

“For better or worse, the promise of fully autonomous Artificial Hacking Intelligence (AHI) is still at least 15 years away, along with flying cars.”

 

Artificial intelligence (AI) and Machine Learning (ML) are being used increasingly in our everyday life, from Netflix recommending what to watch next, to automated invoice processing. Artificial Hacking Intelligence (AHI) is where cybercriminals could in theory use AI and ML to automate attacks and find weaknesses in systems. Verizon have found that fully autonomous AHI is still a long way off, but more positively machine learning is already being used to spot attacks and take action to protect systems.

 

Protecting your organisations in 2021

 

Our advice for organisations to protect against cybercrime in 2021 is:

  • Have a strong password policy and implement multifactor authentication (MFA) on all accounts, across all systems. MFA will prevent the vast majority of attacks involving stolen credentials and is relatively quick and cheap to implement.
  • Ensure you are patching systems on a regular basis.
  • Provide users with regular cybersecurity training, including phishing e-mail testing
  • Have robust anti-malware, ideally with anti-ransomware and ensure it is kept updated.
  • Use an email system like Mimecast or Microsoft Defender for Office 365 to block malware and phishing via e-mail.
  • Ensure backups and business continuity plans are in place should the worst happen; you need to know how quickly you can restore/recover.

Organisations can never be 100% safe, users will make mistakes and it’s difficult to defend against someone who’s specifically targeting your organisation, but by putting the above processes in place will stop the vast majority of cyber-attacks.

Find out more about protecting your organisation against cybercrime

Receive our FREE bespoke IT health assessment

Start
Registration No. 26980136
Terms and Conditions | Privacy Notice
GBH Law
GBH Law
11:29 22 May 20
Changing IT support providers, like changing lawyers, is not a decision any business takes lightly or frequently. The decision is fraught with numerous questions such as whether the new team will understand my business needs, will it cause teething problems, and more importantly, will the reality match the sales pitch! We took that decision to move to Ramsac in January after ten years with another provider and we have not regretted that choice for a moment. Ramsac are simply great! From the get go we have been very well supported from the front line very helpful telephone support team right up to our relationship manager. We feel that the Ramsac team are very much an integral part of us . What however has driven us to write this review is the fabulous support we have received following a cyber attack this week. Something no business wants to happen but is increasingly a sad factor of modern cyber life. The Ramsac cyber support team were superb and really gave us first class support and guidance through what was frankly a horrible experience. Thank you Dan! Denise Herrington
The HR Services Partnership
The HR Services Partnership
17:59 16 Jan 20
We have worked with Ramsac since 2015. They offer a truly winning formula. We have been delighted by their support at all three levels: our network consultant (Colin) understands our set up and is great when we need to upgrade our infrastructure; we have ready access to our account manager who has been great with supporting our growth; and the helpdesk is always so patient for the day-to-day glitches. Very professional and supportive – thank you team ramsac!
Zoe Brooks
Zoe Brooks
13:02 16 Jan 20
Sam on the support desk is extremely knowledgeable and helpful. Every time I have rung with an issue and she has helped the problem has always been rectified smoothly and quickly!
Sarah-Jane Calloway
Sarah-Jane Calloway
16:02 06 Jan 20
Ed spent two days with us following an office reshuffle. He worked to a very high standard and was very helpful, courteous and happy to sort out anything we asked of him!
Luke Hoey
Luke Hoey
14:20 07 Nov 19
Always very helpful and will work hard to resolve any issues you have.
Richard Renson
Richard Renson
16:54 10 Dec 18
Great, helpful IT Kings and Queens
Andrew Worth
Andrew Worth
12:37 30 Aug 18
fine bunch
Colin Warner
Colin Warner
08:46 06 Dec 17
Excellent managed service provider.
Selom B
Selom B
11:58 10 Dec 16
First Class!! Responsive, knowledgeable, professional and very easy to work with - Ramsac have been a fantastic strategic IT partner for the last few years and I'm sure will continue to be for many years going forward. I would highly recommend them!
Ian Windle - Inspiring Leadership
Ian Windle - Inspiring Leadership
08:53 04 Jul 16
Great IT business, with a powerful management team. Could not recommend them more highly.
Patrick O'Luanaigh
Patrick O'Luanaigh
10:55 01 Jul 16
A truly fantastic IT support company - I can't speak highly enough about them.
Sarah Whitemore
Sarah Whitemore
11:59 20 Jun 16
I have known Dan May and Ramsac for 5 or 6 years now. Dan is such a great guy and really helpful with strategic advice and input on all things IT. He's so approachable and doesn't baffle you with IT jargon. If you are looking to outsource your IT or you have a problem you need help with Dan is definitely the one to ask.
Jonathan Richards
Jonathan Richards
12:14 31 May 16
I've worked with Ramsac for many years and whole heartedly recommend their services. They are always professional, approachable and have the rare skill of making IT understandable. Their can do attitude leaves you feeling that you are in safe hands.
See All Reviews
© 2021 ramsac. All rights reserved.