Don’t make it easy for hackers

Some things in life are best kept simple. But taking this approach with cyber security isn’t one of them, and a simplistic approach to password management can have undesired consequences for your business.

There are several understandable reasons passwords are the norm. For users, passwords are familiar, convenient, and easy to understand. For administrators, passwords are easy to implement, supported by existing infrastructure, require no new hardware, and cost nothing. As a result of those factors and others, nearly all the devices and services we use require password authentication.

When it comes to preventing data breaches with secure authentication, passwords can be a serious problem. That problem is seriously compounded by the fact that so many businesses still rely on them to provide secure access.

This article from Barracuda looks into how to reduce reliance on passwords to provide a much-needed security boost.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

Threat Spotlight: The remote desktop tools most targeted by attackers

Remote desktop software allows employees to connect into their computer network without being physically linked to the host device or even in the same location. This makes it a useful tool for a distributed or remote workforce. Unfortunately, remote desktop software is also a prime target for cyber attack.

Among the security challenges facing IT teams implementing remote desktop software is that there are many different tools available, each using different and sometimes several ports to operate. Ports are virtual connection points that allow computers to differentiate between different kinds of traffic. The use of multiple ports can make it harder for IT security teams to monitor for and spot malicious connections and subsequent intrusion.

This article from Barracuda takes a look at the most commonly attacked tools, and how to reinforce to guard against attacks.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

Leading to manage cyber risk – CIO report and checklist

The security end goal for all organisations is cyber resilience. 

Effective prevention and dedication measures are, and will remain, a critical cornerstone of security strategies, but companies shouldn’t stop there.

What matters is how the organisation prepares for, withstands, responds to, and recovers from an incident. And this depends on people and processes as much as it does on technology.

Barracuda’s new CIO report: ‘Leading your business through cyber risk, explores how challenges relating to security policies, management support, third-party access, and supply chains can undermine a company’s ability to withstand and respond to cyberattacks.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

What is data poisoning, and how to stop it

Sounds vicious doesn’t it! But as we’ve been exploring, nothing is off limits to hackers. Here we focus on data poisoning and manipulation, and how to guard against it.

Gen AI that power AI tools, chatbots, search queries, and more, are known as large language models (LLMs). These LLMs are trained on vast volumes of data and then use that data to create more data, following the rules and patterns they’ve learned. Good quality data leads to good outcomes. Bad data to bad outcomes. It didn’t take cyberattackers long to figure out how to turn that to their advantage.

There are two broad categories of data attack: data poisoning and data manipulation. They are very different, but both undermine the reliability, accuracy, and integrity of trusted — and increasingly essential — systems.

This article from Barracuda gives you all you need to keep your critical systems safe.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

Remember AOHell? How hackers are using AI for phishing

Phishing attacks are one of the most successful and damaging types of threat activity, and they have been that way for a long time.

The first attack recognised as phishing was launched in 1995 using a Windows application called AOHell that targeted users of the America Online (AOL) service. It exploited vulnerabilities in AOL’s software to steal passwords and credit card numbers, send mass phishing emails, and creating fake accounts. Since then, nothing has been off limits to hackers.

So it’s only natural that now AI tools are here, hackers are able to exploit them for phishing and other malicious activity. This article from Barracuda looks into how phishing attacks have evolved over time, and how to combat them affecting your business through GenAI.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

 

Closing vulnerabilities in your apps

Web apps allow users to work faster and more flexibly. They also contain vulnerabilities hackers can – and do – exploit.

To give you some context, in 2023, web applications were the main means of breach hackers used. They featuring in 80% of incidents and 60% of breaches.

Why web applications are a top target for attack

First, many web applications carry vulnerabilities or configuration errors. Second, many contain extremely valuable information, such as personal and financial data. A successful breach will give attackers direct access to that data. Barracuda research shows that 40% of IT professionals who’ve been involved in ethical hacking believe web application attacks are among the most lucrative for cyber-attackers, and 55% say the same for APIs.

How to close vulnerabilities

This e-book takes an in-depth look at three critical attack vectors — API vulnerabilities, bot attacks, and client-side attacks — as well as how organisations can fill the gaps in their application security and protect against these evolving threats.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

The role of AI in email security

Email remains the most common initial attack route for cyber criminals. And with employees making more use of AI tools, the problem is about to get worse for IT teams.

Infiltrating an organisation via an email-based attack can happen at any level — phishing is not only targeted at senior directors. Once attackers have got an individual’s credentials then they can gain access. Once inside the network with one set of credentials, attackers can more easily move laterally and gain more permissions and fuller access. Even access to an employee’s mobile can be escalated into wider network access.

Early email fraud messages were often badly written and frankly unbelievable. Criminals relied on a ‘spray and pray’ approach – sending out thousands of messages in the hope that a few would stick. Traditional gateway defences are quite adept at dealing with these high-volume attacks. Barracuda’s own data shows that 16% of all email traffic is this sort of high-volume attack such as spam, malware, and other emails with a malicious payload. You still need gateway defences to stop these attacks as they remain a real danger.

This eBook from Barracuda outlines why traditional security gateways can’t cope, and how AI can keep you safe from phishing attacks.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

Quishing 101: Everything you need to know about QR code email attacks

You may have seen our recent webinar about Quishing and the threat it represents. If you missed it, or want to know even more, this article lays it all out!

Quick Response (QR) codes are two-dimensional barcode that allow users to share website URLs and contact information or make payments. While QR codes have made our daily lives easier, they have also opened new avenues for cybercriminals to exploit. Also known as quishing, QR code phishing attacks are on the rise and present a significant threat to users and organisations alike.

▶ Get the Quishing 101 from Barracuda.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

5 shortcomings of VPN

Are your users using VPNs to access documents, files, and applications remotely?

Unfortunately, legacy VPN products are falling short of performance and security standards. The result? Employees have been known to proactively install commercial VPNs that are not provided or sanctioned by their companies, to protect their devices and data.

Unfortunately, these well-intentioned efforts can pose an even greater security risk for their company than doing nothing at all. While the use of VPNs has increased drastically in recent decades, the challenges far outweigh the benefits, especially for organisations that use such services on a daily basis.

Recent research from our partners Barracuda has shown that VPNs compromise security through exposure of sensitive data, place limitations on data storage capabilities for free users, consume a device’s processing power (which can ultimately allow service providers to sell bandwidth for profit), and reduce internet speeds overtime.

▶ Read this article from Barracuda to find out the 5 shortcomings of VPN.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

The MGM cyber attack and your business

The MGM network was recently hit through a social engineering-style cyber attack. After gaining entry, the threat actor escalated their privileges to achieve administrator privileges in OKTA and even global administrator privileges to MGM’s Azure tenant, collecting and dumping passwords along the way.

In response to the breach, MGM unsuccessfully attempted to shut down network access to sensitive devices. After electing to not pay the ransom, the hackers launched BlackCat ransomware to cause widespread destruction and disruption.

▶ Read this article from Barracuda to find out the recommendations for your business to solve increasingly creative and aggressive ransomware attacks.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.