Five minutes with…Anthony Brennan-Hazell, Service Delivery Manager VCG
VCG provides seamless access to world-class cyber security, network infrastructure, data centre, unified communications and connectivity supported by managed services – that are tailored to our clients’ business needs and outcomes. We are committed to helping our customers thrive in an increasingly competitive landscape by creating agile, efficient IT solutions that are easy to consume and adapt and scale with your demanding growth requirements.
We adopt a ‘customer first’ approach and are committed to business outcomes and results. We align the right resource and capability to deliver the optimum customer experience whilst helping you build and maintain your competitive advantage through the use of world-class IT solutions.
In this article we will meet Anthony Brennan-Hazell, Service Delivery Manager (SDM)
Name: Anthony Brennan-Hazell, joined VCG in April 2021
1. What attracted you to the role of Service Delivery Manager (SDM)?
‘I’ve enjoyed various roles in my 16 years working within IT Service Management, including managing 1st and 2nd line support teams. More recently I moved into Service Delivery which has allowed me to bring together two big passions of mine, assisting clients and providing the best service to help them grow their business.’
2. Why is the role of SDM so crucial?
‘My key focus is on customer satisfaction, developing measurable KPIs used to drive improvement, which in turn will continue to build upon VCG’s high customer service standards. The Service Delivery Team have regular interaction with customers helping build powerful and long-term partnerships.’
3. What makes the VCG team different?’
‘VCG provides 24/7 specialist support for our customers and has a large in-house team to ensure that our customer’s networks are always monitored and ‘always on’. As an experienced IT Managed Service Provider (MSP) with access to the latest technologies, we continue to emphasise maintaining certifications with vendors and developing our teams through technical training. VCG currently has six Apprentices working within our Customer Services team and has seen many Apprentices develop and grow into qualified and very valued team members throughout the business.’
4. Have you noticed any key trends or changes for the MSP in recent years?
‘Yes, definitely and in particular since the Covid-19 Pandemic. Our customers need quick and efficient responses in order for them to operate efficiently and profitably. Cloud technologies are increasingly popular to assist with growth aspirations and as Security is often right at the centre of our customers’ strategy, we often take a lead in planning the right steps and solutions to ensure that their business is protected.’
5. What do you think the next big focus will be post pandemic?
‘Digital transformation is essential for the modern business, especially as remote and hybrid working has accelerated at a pace nobody could have anticipated. We will continue to work with each of our customers to ensure that a careful approach is taken when planning their transformation strategies. MSPs allow businesses to distribute much of the day-to-day maintenance and operation of infrastructure, network and other digital services – allowing their in-house IT leaders and teams to work on other key IT priorities.’
To find out more about VCG and how we can manage your networks with a 24/7 technical support service, contact the team today!
0161 406 1860
The importance of Managed Security in the post Covid-19 world
VCG CIO Andy Peters-Smith explains the key role of the MSSP.
The post Covid-19 world is, I am sure we would all agree, going to be massively different than what we have been used to previously. Staff will be more distributed, working from home will be the norm and not an occasional request, office time will be more staggered with video being a key enabler, meaning restrictions and control much harder to manage.
What will surely happen and is already happening, is the start of a race by enterprises of all sizes and across all sectors (from consumer banking, to government departments and even the judiciary) to move away from a distributed IT model and towards the ‘Cloud’.
This will be the new operating model for business in the future. Let’s face it, this has been the direction of travel for most organisations for some years but the Covid situation has accelerated this process. The adoption of new IT has been driven by necessity and the immediate business needs, not through the normal business refresh cycle, accelerating the process by five years in some cases.
This new operating model will transform business for good. Who needs offices and the burdens that go with them, who needs to see their employees every day when you can measure their performance easily enough? And look how we now control meeting times over these new channels!
But of course, it is easy if you are a start-up, or a ‘Cloud first’ enterprise or not waylaid by older technologies. But if you are an older enterprise, you will have a multitude of technologies that you have adopted over the years. In which case that means there will still be a physical presence somewhere that has to be maintained.
But even if you are a start-up or a ‘cloud first’ enterprise you may still have data centre/s as part of your cloud and even multiple cloud platforms (Azure, AWS, Google, Rackspace, IBM, etc.).
And regardless of either model above, there will still be the pressure to protect employees working outside or in the office, protect the enterprises IPR and Data, comply with legal regulations and compliance standards.
All of which means the post-Covid-19 enterprise will need to be able to monitor multiple different platforms across multiple different technologies to understand the status of its security estate and be able to categorically know it is safe and secure.
Albeit that enterprises will be moving to these cloud services the issues that we used to see across the enterprise estate has not changed. Previously we sought to provide Security Incident and Event Monitoring (SIEM) to bring sense to the security estate and then as an MSSP a Security Operations Centre (SOC) based service was offered on top of the SIEM. The SOC service brought clarity, priority, and stability to the SIEM making it an effective enterprise tool.
Amazon and Microsoft have made astounding leaps forward in their ability to manage security within their environments, to alert and describe events along with supporting remediation advice. Cisco with Security X have at last provided a security management tool that offers a rich seam of data on incidents and events on their technology. Endpoint security companies have likewise increased the information feed they can offer.
Now and going forward enterprises will need Managed Security Services Providers (MSSP) as partners to be able to take alerts and logs from all of the above sources (and more) and make their SIEM or management platform show clearly the enterprises status in real time. And potentially to compliance or regulatory standards whether in or out of the office!
And that can be done today. But not all MSSP’s services are equal which means that one person’s SOC service is another’s Monitoring and logging service.
To be clear, the service that the customers will want from an MSSP in this new climate will need to be able to interpret, prioritise, inform, advise and potentially remediate anything that it sees on any platform that it is monitoring. Along with providing a 24x7x365 service on a SIEM or management platform capable of supporting the customers complete operation.
For IT teams and security operations teams the pressure of BAU means that very often the commencement of events that should be investigated is missed, passed over as it takes too much time to investigate. Any platform monitoring an enterprise needs to be able to illustrate immediately and exactly what is occurring in the security estate.
Despite what the board thinks, the IT guys don’t need another screen to watch, they want one screen that provides all the information all of the time.
On top of that they want:
- Clear visual representation if issues and problems
- Access to expertise NOW! Not as an add-on after talking to a sales person
- Strong, available and business led reporting
- Provide appropriate advice and recommendations
- Regular feedback meetings
- An easy deployable platform that can be as flexible as your business; regardless of where devices are whether they are virtual or physical, whether they are in Europe, Asia or the Americas and regardless of brand.
Get in touch to talk to us about our full security offering, including our Monitoring and Alerting services. Discover how we can make your network scalable, flexible and fully managed with 24/7 service and technical support.
Five reasons businesses are moving their security to a Managed Services Provider
Cyber Security threats are continuing to increase in size and complexity, and pose greater risks to enterprises than ever before. The malware and threats we face now are extremely difficult to remediate. Enterprises are slowly coming to realise that their IT management teams are not Cyber Security experts, and consequently skills outside of the enterprise are required.
With a Managed Security Service that bridges the skills gap, enterprises of all sizes can be more secure in their day to day operations.
Here are five key signs that indicate when a business should consider partnering with a Managed Security Service Provider (MSSP):
Are you ignoring alerts? Enterprises ignore security alerts because they get so many and ultimately find them useless. According to a recent study, the average enterprise generates nearly 2.7 billion alerts from its devices per month. A tiny fraction of these are actual threats – less than one in one million. More than 31 percent of the study respondents admitted ignoring alerts altogether because they think so many alerts are false positives, and more than 40 percent feel the alerts they receive lack actionable intelligence. If you are ignoring alerts, you could use an MSSP as a frontline of defense, limiting the opportunity of false positives and offering actionable information. VCG Monitoring and Alerting can not only manage alerts for you and provide the added analysis you need to justify action, VCG can and will resolve the real threats as part of the service.
Are you making the same mistakes? Enterprise IT Management teams are so overwhelmed with threat management and response they don’t have the time to debrief afterwards to analyse what worked and what didn’t. This is an important part of the process because there is something to be learned from each event that can help when dealing with future events. If you are repeating errors then VCG SOC services can help. VCG will analyse every alert and provide information back to you that will help you learn from each event and improve future response.
You have many different cybersecurity solutions. Most organisations have a multitude of cyber security platforms and often from different vendors. Some security standards encourage vendor diversity, to provide defence in depth. Even if you have done your homework and created a complimentary environment for your cyber security estate, it is impossible to see what is happening on each one all the time. The VCG cyber security monitoring and alerting can take in the output from the platforms and centralise all the solutions and data together for better incident management.
You don’t know when or how incidents are resolved. Because of the variety of platforms, all of which are being updated at least daily, it is difficult to find out how a threat or threat treatment was resolved. VCG Monitoring and alerting platform can provide complete visibility from alert to resolution so you know the exact, at-the-moment status of each and every threat, as well as how it was resolved.
Your CEO needs the company to be trusted! There is a real need today for companies to be trustworthy in their dealings. Managing the data from their customers, for their clients and for the brand of the business is critical. Trust these days is earned (business to business) by either accreditation (Cyber Essentials, ISO27001, PCI-DSS and others) or by simple proof. That proof, although it exists on all the devices in your enterprise, is in silo’s. VCG’s Monitoring and Alerting allows an instantaneous assessment of an enterprises Cyber Security status and can produce on an ad-hoc basis a report that can be shared with business partner organisations.
Learn more about a Security Managed Service from VCG, or speak to one of our customer experience team to see how a Managed Service can work for you.
How a Security Managed IT Service can boost productivity during the home-working boom
Less than a year ago regular home working was a perk enjoyed by just 5% of the UK’s 32.6 million workforce. Now, due to Covid-19, remote working is no longer a perk, it’s an essential ingredient in business continuity.
Fifty of the UK’s biggest employers have said they have no plans to return all staff to the office yet and the Bank of England’s executive director for financial stability recently said social distancing guidelines meant there would be no “sharp return…to dense office environments” for the foreseeable future.
The challenge for IT teams has been refocusing their cybersecurity efforts from office-based networks and devices to cloud-based remote solutions which rely on employees’ domestic internet connections and personal devices.
At the start of lockdown, switching IT focus was typically done at speed with continuity the goal, rather than market-leading cyber security.
Now, however, IT teams are having to ensure long-term, mass remote working can be achieved safely.
New and emerging digital technology
It isn’t just that more employees are working offsite. There is also an unprecedented reliance on new and emerging digital technology which employees are using to connect, collaborate and remain productive while out of the office.
Video conferencing and messaging platforms such as Cisco Webex have kept operations running for businesses of all sizes and sectors. Data from Ofcom reveals, for example, more than seven-in-ten UK workers are now making video calls at least weekly – up 35% from pre-lockdown.
This increased level of employee connectivity comes with increased risk. The more employees remotely access resources on their corporate network, the more they use cloud-based software and the more they use unprotected personal devices, the greater the vulnerability. Now, more than ever, organisations need greater visibility of their remote worker’s activity when they are working from home – what are their employees doing, what websites are they accessing and what devices are they using? The most effective cybersecurity solutions create a secure and visible connection between the home worker and the corporate resources they use.
Building a secure foundation for growth
Widespread home working has transformed and dramatically increased organisations’ so-called ‘attack surface’. But organisations that can effectively and confidently secure their networks are then free to grow their businesses, increase productivity, capitalise on flexible working opportunities and give all their employees the high-quality IT user experience they need.
The big challenge is ensuring IT teams have sufficient expertise, resources and personnel to protect their networks 24/7, 365 days a year from an ever-changing and increasingly complex adversary.
This is where investing in a managed cybersecurity service pays dividends. A managed security service enables you to confidently outsource the job of protecting your networks, safe in the knowledge that you’re getting a cost-effective solution and freeing up your IT teams to innovate.
A market-leading managed security services provider (MSSP) such as VCG, can implement a wide range of cybersecurity measures designed to enable your employees to safely access your network from home. These measures range from establishing secure VPNs, to managing firewalls and much more.
For example an MSSP can monitor remote network access and activity, collecting, analysing and logging all activity across your entire IT infrastructure. It can also:
- Identify and remediate threats on the corporate network
- Secure connections from all devices and locations
- Increase visibility of user activity
- And respond to incidents as they occur.
MSSPs’ detailed cybersecurity knowledge
Covid-19 and the dramatic switch to remote working has transformed the technology landscape almost overnight. Understanding how to build robust security infrastructure in this rapidly evolving environment is an uphill battle and requires teams to continually invest in new skills, technology and resources.
An in-house IT team may have little or no experience of installing, calibrating and running the cybersecurity solutions needed in the ‘new normal’. A market-leading MSSP such as VCG, however, will have detailed experience having partnered with clients to understand how they operate, their objectives and manage their cybersecurity requirements accordingly.
Other benefits of partnering with an MSSP include reduced costs thanks to economies of scale, access to unique cybersecurity expertise and tools and improved scalability, so you can be sure of extra support in times of need.
A market-leading MSSP, such as VCG, will focus all its efforts on investing in the skills and technology needed to defeat the cybersecurity threats organisations are likely to face from increased home working. It will also leverage its links with vendors to ensure its partners benefit from the latest and best cybersecurity technology. An MSSP can also guarantee technical support 24 hours a day, 365 days a year – something organisations may struggle to achieve with a smaller in-house team.
At a time of great uncertainty and increasingly complex threats it pays for organisations of all sizes to build meaningful partnerships with experienced cybersecurity providers. The organisations that can secure their networks as part of a holistic business strategy will be able to empower their employees, unlock productivity, foster collaboration and even confidently grow their businesses during these challenging times.
The rise of experiential stores
Despite the headlines proclaiming a high-street apocalypse, it’s rapidly becoming clear that bricks-and-mortar retail isn’t dead – it’s boring retail that faces the death sentence. With consumers spoilt for choice online, they need ever-more compelling reasons to set foot inside a store and the ace in the retailer’s pack is experience. E-commerce can usually beat physical retail when it comes to price, speed and convenience, but conventional stores can get the upper hand when it comes to theatre, excitement and the dispensing of nuanced help and advice. Here are three retailers and brands that are championing the cause of experiential retail in a bid to boost footfall and drive sales.
Dr Martens steps up a gear
Iconic shoe brand Dr Martens, which boasts 109 outlets across the UK and US, is a definite trailblazer when it comes to instore customer experience. Digital experiences include the use of virtual reality, powered by Oculus, to give instore customers a ‘tour’ of the company’s original UK factory. Dr Marten’s has also invested in gif booth technology which encourages customers to share their purchases on social media. Analogue experiences include instore barbers offering customers free haircuts and tattoo artists on hand to customise shoes (old and new).
The brand’s flagship London store also has a mini gig venue called The Boot Room, which has hosted up-and-coming bands including Brit Award nominees. Needless to say, the brand has invested in great instore digital networks, including customer Wi-Fi, and promotes all of this activity on social media, encouraging customers to share their new styles and gig experiences online as well.
Lush takes experience to a new level
Handmade cosmetics retailer Lush has steadily made a name for itself with instore experiences aimed at educating consumers about its environmentally friendly and socially aware products. Now the retailer has raised the bar even further with its latest concept store and customer experience destination.
The store in Tokyo’s busy Shinjuku station has been described by the retailer as “an experimental, imaginative retail space showcasing Lush’s innovation in technology, with exclusive product drops, and new ways to shop”.
One of those new ways to shop at Lush is the ‘shoppable window’, supported by the recently launched Lush Labs app platform, which is available in English, Korean, Japanese and simplified Chinese on iOS and Android.
Visitors can use the scan function to browse product information while in store, at home or via the storefront window, where a 24-hours-a-day display allows passers-by to scan and shop curated collections and product drops.
Lush says using the so-called lens technology to demonstrate products and information is a move towards minimising packaging and reducing water wastage by showcasing products using video.
The retailer says the digital signage has been introduced to match the shop to the urban landscape of Shinjuku, and it includes a four-storey 1,024cm x 352cm external LED screen. The content broadcast at the store is said to reflect the mood of Shinjuku at that time and aims to capture the attention of passers-by and commuters.
Samsung redefines the store
The natural evolution of experiential retail can be found at mobile phone giant Samsung’s new ‘store’ in Kings Cross, London.
Here there are no tills and no shelves with price-tagged products, instead the emphasis is in encouraging consumers to play and interact with Samsung’s products without the pressure of a sale.
Inside the recently opened 20,000 sq ft space, consumers can find a range of Samsung-powered tech ranging from gaming lounges and connected kitchens to 3D printing stations. Car fans can try out the world’s first digital car cockpit, and there’s also a hi-tech DJ booth where visitors can mix their own soundtrack on the light-up keypad and send it to their friends. A decked-out Galaxy S10 phone lets visitors draw on and decorate a giant 10m-wide screen, creating their own shareable work of art. It’s not uncommon for tech-hungry consumers to spend the best part of their day in the store trying out the different installations and immersing themselves in the Samsung brand.
Creating in-store customer-pleasing experiences obviously takes investment in essential digital network infrastructure, such as broadband connection, Wi-Fi and cyber security, but the fate of retailers such as Toys R Us, which shunned experience and tech investment, show the alternative. When necessary retailers are creating the budget to plough back into the necessary technology. Earlier this year, for example The Foschini Group, which owns Hobbs, Phase Eight and Whistles earmarked £27.2m for tech and digital development in the short to medium term. It’s this kind of foresight that can elevate retail from dead boring to exciting, experiential and profitable.
VCG proud to support the NHS Nightingale Hospital at the NEC
Two weeks ago, VCG was asked by our client, The NEC, to help design and provide a completely new network for the emergency deployment of the NHS Nightingale Hospital at their Birmingham site in response to Covid-19.
NHS Nightingale Birmingham provides an additional facility for patients with Covid-19, helping to ensure there is enough critical care capacity within the system. The day 1 facility will initially provide 500 beds, with the capacity to scale up to 4,000 beds.
Axonex were already working with The NEC on a number of projects, including a network transformation project across their entire UK estate. To help the NEC in their additional requirement for NHS Nightingale, we were approached to deliver a network that was both scalable to support the required capacity but also a fully resilient, medical-grade solution.
Setting up these facilities is an enormous organizational challenge. Alongside the NEC, University Hospital Birmingham, MOD and other providers, the VCG team worked to have the network solution up and running in less than two weeks.
We’re immensely proud of the VCG engineers and project team who have dedicated their professional and personal time to install over 150 network switches connected to new structured cabling in just 7 days.
Image: The VCG team on-site at the NEC
VCG have worked closely with the NEC and Cisco UK team to utilise the latest network technology with Cisco DNA (Digital Network Architecture). The VCG NOC team will provide on-going support to the NEC IT team, supporting their team to ensure critical services remain live and support the hospital in its full capacity.
“In difficult times, it’s been fantastic to see the teams at VCG and The NEC dedicate themselves to this project. I am immensely proud of our team for their support and dedication, especially given the risks around social distancing during these worrying times.
Yet we know our role is a small piece of the puzzle compared to all the medical staff on the frontline and many others working around the clock to complete a project that would normally take months, even years. These organisations and individuals have come together to work collaboratively as we work towards the collective goal.
Our admiration and respect go to all the medical staff dedicated in providing the highest standard of care to those that desperately need their help in these difficult times.”
Andy Peters-Smith, VCG
Secure remote working – how VCG is helping customers
In response to COVID-19 organisations are moving their workforce to the virtual workspace. The speediness of this rollout by our customers has been fantastic.
The first step taken by IT teams has been to quickly enable the workforce to access corporate resources when working from home, when they need to. However, with the speed and scale of this roll out, protecting your remote workers is a challenge.
In this blog we’ll outline some of the key security considerations and how VCG are helping customers work not just remotely, but securely, and how to prevent breaches at a time of increased risk.
Secure VPN access
A VPN client like Cisco AnyConnect will help ensure end-to-end encryption, prevent man in the middle attacks and ensure data integrity, but there are some additional decisions that need to be considered.
Some organisations will send all user internet activity (corporate and non-corporate) back through the corporate firewall for deeper inspection, malware analysis and content classification etc. While this is secure, it effectively doubles the bandwidth for a single remote user vs. an office user. As a result, many customers are now finding the Internet connection to be a bottleneck.
To ease bandwidth congestion organisations can forward only corporate requests via the secure VPN connection. Great, but how do you ensure your users are protected from accessing non-corporate domains on the internet that could pose a risk to them and the data they can access, or from using unapproved applications or accessing sites in breach of corporate usage policy?
Protect users everywhere with DNS security
The answer here is Cisco Umbrella. Umbrella provides security for users at the DNS layer, forwarding all DNS requests to Umbrella to identify whether a domains content category is associated with malicious intent (such as phishing, malware, crypto-mining, command and control etc). If so, Umbrella will block access to these sites before the user can connect. As Umbrella is a cloud delivered service, and with no required connection to the corporate VPN, your users will be protected whether working from home or from the local coffee shop (when they re-open).
Verify the identity of your users
Finally, we have the question of user verification and device posturing. The last thing you want is a misplaced corporate laptop or stolen log on credentials to be able to access your network via the VPN, or a device that is vulnerable through outdated operating systems, browsers or anti-virus potentially causing a breach. Cisco Duo enables both Multi-Factor Authentication (MFA) and device posturing. With these in place, when a user enters their credentials, they will also be prompted for a second input such as a code via text, a call to a mobile device with authentication or as simple as a push notification via the Duo App to a registered smartphone. Duo can also confirm operating system, browser and anti-virus are all up to date before permitting access, and if not up to date, inform the user on the actions that need to be carried out in order to gain access.
Trial Umbrella and DUO for your business
To see how these solutions can improve your security posture for remote workers, VCG can help you set up free software trials of Cisco security solutions within your own organisation and environment.
VCG boost Customer Success Practice with Cisco’s Advanced Customer Experience Specialization
The right IT solution has been planned, purchased, configured, delivered and implemented on time, but has the wider business perceived the investment as a success? Actually, many businesses will never see the full value of their IT investments from their solutions providers. With a transition to more cloud-based services and OPEX investments, the gap between the ‘potential’ outcome (whether that’s user adoption, feature adoption, meeting time frames for deployment etc.) vs. ‘actual’ is growing as organisations struggle to effectively adopt new cloud technologies. That’s where customer success comes in.
So, what exactly does customer success mean for VCG, and more importantly, to our customers?
Put simply, customer success is a business methodology that ensures our customers get the most from VCG products and services. It starts by asking ‘WHY?’ What is driving this business change? From there, we use consistent, process-driven engagements, along with real-time data, analytics and automation to bring those business goals to reality, from point of purchase, through to technology adoption and renewals. To make this happen, VCG have made significant investments internally in training, process optimisation, and a suite of new tools, combined with 15 years of industry experience.
This isn’t limited to new products or solutions; we understand business use cases change, and we review existing solution deployments to ensure our customers are adopting all of the relevant features and functionalities in the right way, and help them to expand these solutions successfully within their business. We also delivery regular technology strategies and roadmaps to ensure our customers have a clear vision.
We’re pleased to say that VCG are one of only few Cisco partners to achieve Cisco’s Advanced Customer Experience Specialization. With this accreditation VCG have demonstrated the ability to provide the highest level of service across all Cisco technologies and integrate this throughout our existing Customer Success Practice.
It's time to rethink your denial of service protection
When you think of distributed denial of service (DDoS) attacks chances are you conjure up an image of an overwhelming flood of traffic that incapacitates a network. This kind of cyber-attack is all about overt, brute force used to take a target down. Some hackers are a little smarter using DDoS as a distraction while they simultaneously attempt a more targeted strike, as was the case with a Carphone Warehouse hack in 2015, but generally DDoS isn’t subtle.
Now, however retailers are having to re-think DDoS protection following the rise of a smaller stealthier incarnation of threat. A recent report by cybersecurity experts Neustar reveals a significant increase in small-scale DDoS attacks and a corresponding reduction in conventional large-scale events. The hacker’s aim here is to remain below the conventional ‘detect and alert’ threshold that could trigger a standard DDoS mitigation strategy so that an attack can continue unnoticed while specific areas of the target network are incapacitated.
The Neustar report reveals that between April and June of 2019, over 75% of all attacks mitigated by Neustar were 5 Gigabits per second (Gbps) or less, while large attacks – those of 100 Gbps and over – decreased by 64%.
These smaller, stealthier DDoS attacks are designed to enable the perpetrator to get in and get out of a network unnoticed or allow the attack to continue for quite a long time undetected. In fact, the longest duration for a single stealthy DDoS attack in Q2 of 2019 was nearly two days. Under-the-radar incursions like these are aimed at specific services, gateways and applications so they need less traffic to bring them down.
When quizzed by Neustar, 72% of CTOs, CISOs and security directors revealed that their systems would be unable to detect and protect against this new breed of stealth DDoS attacks.
The answer to the emerging threat is for organisations to deploy an ‘always on’ DDoS mitigation service that can constantly monitor traffic to ensure threats of all sizes are quickly detected, managed and neutralised. Organisations also need to create a business ‘risk register’ which enables them to focus primarily on their most-critical business assets so security efforts can be prioritised correctly.
As well as the rise of stealth attacks DDoS has evolved in five other critical ways:
- Access: Black market services, known as “rent-a-bot,” make it easy for almost anyone to launch a powerful DDoS attack against a business for a nominal fee.
- Complexity: New DDoS techniques have made DDoS exponentially more powerful and harder to defend against due to increased complexity and sophistication.
- Cost: DDoS attacks now cost victims £40,000 per hour, with an average duration of six to 24 hours.
- Ransom: Cyber extortion is now common with DDoS – 46% of DDoS’ed companies admit they received a ransom note.
- Diversion: DDoS is frequently used as a smokescreen for other attacks, like stealing customer data (33%) or implanting viruses and malware (50%).
Effectively combatting the DDoS threat requires a culture shift for many retailers as, until now, they have been heavily focused on point-of-sale malware and online attacks targeting credit card data. In fact, some 33% of all cyberattacks on retailers come from DDoS, making it the most common digital threat the sector currently faces.
While in years past this type of attack was primarily used for pranks and petty mischief, it is now increasingly used by organised cyber-criminals to threaten retailers’ operational and financial security.
When executing a DDoS attack, threat actors set their sights on any organization that relies heavily on its website to generate revenue. This makes retailers ideal targets. Attacks can start with a threat of DDoS action followed by a ransom demand so the threat actor’s success depends on their capabilities and credibility. While the accessibility of off-the-shelf tools to execute DDoS attacks has lowered barriers to entry, low-credibility, low-capability actors do exist.
Here are some key steps retailers should take to protect themselves from the DDoS threat:
- Identifying an Attack:It’s critical to identify a DDoS attack immediately, in order to prevent further damage, reputational loss and secondary attacks. To do this, establish a baseline of what normal network traffic looks like, that way you can quickly detect network traffic anomalies and attribute spikes in traffic to DDoS attacks.
- Establish a DDoS Policy: At a bare minimum, every retailer should have a policy in place for educating staff about DDoS attacks and the various risks they pose, as well as how the company is expected to respond. For example: What will the company do to inform/reassure customers? How will the company deal with ransom requests?
- Preventing Secondary Attacks:To prevent a secondary attack during a DDoS event, avoid key mistakes: don’t overlook alerts issued by your monitoring system; be cautious of any other unusual activity on your network; and be on the lookout for ‘social engineering’ attempts on IT personnel or other company staff, such as phishing emails or phone call scams.
- Cyber Insurance:Retailers should also make sure DDoS incidents are covered by their cyber insurance plans, including costs associated with mitigation attempts, downtime, cyber ransoms, etc.
- Conduct a Simulated DDoS Attack:DDoS “black-box” testing is the only way to test a retail network against a simulated real-world attack. This allows retailers to see exactly how their networks will react to a sophisticated DDoS attack and whether the defenses put in place are sufficient.
- Call in the experts:Every retailer, no matter how big, should have a third-party always-on DDoS mitigation service that will reroute traffic and scrub out illegitimate traffic once an attack begins.