Networks
Future ready, intelligent networks for critical environments.
Designing, securing and managing the critical infrastructure powering the leading data centres across the UK and Europe.
Partnering with the UK’s leading construction contractors in delivering tech services to power future facilities.
Partnering with landlords and agents to create engaging workplaces through innovative technology services.
Empowering mid-market success and streamlining operations with co-managed IT services.
Leveraging our expertise to implement transformative technologies and services, we enable our SMB clients to focus on their growth.
We are a happy, supportive community with a clear sense of purpose and a strong team ethic.
Partnership is not a posture but a process – a continuous process that grows stronger each year as we devote ourselves to common goals.
We will dedicate more of our time and our talent to do all we can to positively impact the environment, our workforce and our community.
We are always looking for new talent. If you're looking to become a part of something great, let us know.
We create true alignment between your ambitions and the technology you need to achieve them.
Latest posts on the technology ecosystem covering cutting-edge industry trends, expert advice, valuable insights and thought leadership.
From award wins to sustainability, team events and coverage in the media - stay up to date on everything OryxAlign with our latest news.
Explore current and future trends across the technology landscape with our comprehensive selection of videos, infographics and guides.
Ransomware attacks have been causing havoc for over thirty years and their popularity lies in their ease. These programs can be easily found at affordable prices on the dark web. The history of the web is littered with ransomware examples. In this article, we’ll tackle three and cover how to protect against ransomware.
This highly sophisticated attack affected the company’s website, it’s internal applications and users of the image.canon photo storage site.
10 terabytes of confidential data was stolen. It was carried out by the organised cyber criminals, The Maze Gang.
John Shier, security advisor at Sophos believes that like many enterprises, Cannon’s mistake was a failure to build a security foundation on the principle of least privilege. I.e. giving Cannon team members as little access as possible depending on what their role within the company required.
In addition, Rakesh Kharwal of Cyberbit – a cyber security training platform – believes training is the solution:
“The right approach is to turn to immersive training in a virtual environment where cybersecurity analysts can experience real-world environments and real-world attacks.”
News of Honda’s global operations being disrupted by a suspected ransomware attack broke on 8th June. It resulted in employees being unable to access email and internal servers.
The ransomware in question – Ekans – was relatively new and special in its ability to skip the individual devices and constrict the entire network.
Oz Alashe, chief executive of cyber risk firm CybSafe believes Honda’s vulnerability was down to their employees working from home. In his words;
“The coronavirus pandemic has created a sizable remote workforce which has increased businesses’ attack surfaces and heightened existing vulnerabilities.”
This thinking ties in nicely with the thoughts of Chris Kenney, CISO at the security optimisation platform AttackIQ. He believes Honda’s security was inadequately set up to effectively contain potential threats.
“The fact that the ransomware affected global operations, inclusive of factory operations,
is an indicator their network may not be segmented and isolated in a way to prevent ‘jumps’ between different business functions….
One department getting hit with ransomware shouldn’t impact other core business processes.”
One final point to speculate over is that Remote Desktop Protocol (RDP) was the attack point. Honda has revealed that some of their machines had RDP access publicly exposed. This is an easy win for cyber attackers. Without segmentation, this win is even easier.
GPS maker Garmin reacted badly to an attack that compromised its website, customer support and its apps.
Garmin’s technology, namely their smartwatches, made this attack particularly worrying. The data at stake here was highly sensitive; location and personal health data.
There have been the typical responses from cybersecurity experts. Torsten George of Centrify reminded us that security awareness programs would have been the first line of defence for Garmin. He also stated that businesses should create application whitelists so that only specific programs could run on certain computers.
However, another large lesson for Garmin was one in crisis management. As mentioned, large amounts of sensitive user data was at risk here. Given this, Garmin’s public response was a particularly bad one. They broke the first rule of crisis management by meeting initial reports of the attack with silence. Then finally it addressed things with some mostly unhelpful Tweets.
Source, Twitter
Three days later a little information was fed as a short “frequently asked question’s page.” This failed to address customer questions regarding how their personal data or payment information was affected. An equally unrevealing email followed the day after. Finally, on the Monday, when services were being restored, a little more information was given.
This series of events proved that data or financial loss can be the least of a business’s worries during a security breach. Insufficient communication can result in a catastrophic trust and reputation loss.
How to prevent ransomware from ruining your business is about remembering various best practices.
As we’ve seen above, sufficient training, developing black and whitelists, principles of least privilege, and segmenting to isolate security weaknesses will all play a role. Plus, having adequate backup should go without saying.
However, if/when your ransomware protection fails, as we’ve seen above, sometimes the most important task is acceptance and good communication. With sufficient backup technology, data losses can be mitigated. But an inadequate PR response can cause damage that’s far harder to repair.
OryxAlign can help protect your business by bolstering your Cyber Security. A good first step starts with understanding the Cyber Security services you need; learn more.