Insights Archives - TechInformed https://techinformed.com/category/insights/ The frontier of tech news Thu, 12 Sep 2024 09:38:47 +0000 en-US hourly 1 https://i0.wp.com/techinformed.com/wp-content/uploads/2021/12/logo.jpg?fit=32%2C32&ssl=1 Insights Archives - TechInformed https://techinformed.com/category/insights/ 32 32 195600020 Driving sales for a new generation https://techinformed.com/euro-car-parts-whatsapp-business-ai-digital-cx/ Thu, 12 Sep 2024 09:38:47 +0000 https://techinformed.com/?p=25749 It could be a result of the post-lockdown era or the increasing presence of telephone-phobic Gen Z in the workforce, but many companies are discovering… Continue reading Driving sales for a new generation

The post Driving sales for a new generation appeared first on TechInformed.

]]>
It could be a result of the post-lockdown era or the increasing presence of telephone-phobic Gen Z in the workforce, but many companies are discovering that their customers no longer want to communicate via phone, website, or even email — perhaps preferring a more digital customer experience.

Even organisations that might not regard themselves as “digital first” are recognising that they need to be where their customers are, and that might no longer be on the other end of a landline.

Take UK and Europe-wide company Euro Car Parts — owned by the LKQ Corporation — which is something of a sleeping giant. The firm now boasts more than 330 branches and stocks over 160,000 distinct parts for automobiles.

The spare parts firm’s purpose-built 1 million sq ft national distribution centre in Tamworth, UK, is second only in size to Amazon’s warehouses. And yet, as head of sales excellence Chole Thomson explains: “Unless you’ve ordered a spare part from us, you’ve probably never heard of us!”

Given the size and scale of Euro Car Parts, it’s surprising to learn that, until recently, its sales offices relied on an old, end-of-life telephony system. Phone desks were still ringing constantly, but these were increasingly supplemented by WhatsApp messages between sales team members using their personal devices and customers.

According to Thomson, the firm recognised the need to bring these customer interactions back in-house and to save valuable data so that they could build up a better profile of these customers and their preferences.

WhatsApp: “There cannot be a British Internet” — Read the article here.

Euro Car Parts turned to customer experience vendor Genesys to integrate voice notes, WhatsApp, and other digital channels to meet these new generational customers’ expectations.

For Thomson, another advantage of using Genesys’ cloud-based orchestration system was getting a heads-up on incoming calls.

“Our old school way of doing things was to memorise the incoming phone number that came up on the screen so that you’d know ‘that is Sandra!’

“But knowing that a call is coming from ‘Bob’s Garage’ and immediately being able to see the customer’s likes/dislikes brand-wise is helpful,” Thomson enthuses.

The new system was installed in February and has now launched in England, Scotland, and Wales. Genesys and WhatsApp were fully deployed by mid-May, and according to Thomson, Euro Car Parts is now dealing with over 500 brand new WhatsApp conversations every day; a figure that, she adds, is growing “week-on-week”.

Genesys and Lighthouse Works partner to boost CX careers for blind workers

Data dive

 

One of the big business benefits of moving to the new system has been the amount of data the company has been able to gather on its customers and internal processes, according to Thomson.

It is currently in the process of pulling in the latest info it has gained from Genesys so that it can apply this data in meaningful ways.

“We’ve never had as much data as we do now,” she says. “We don’t have any more blind spots. We can see everything. We can now analyse the peaks and troughs of the different queries we receive as well as the different sales that are coming in. So, we can enhance that journey and look at what’s working and not working for our sales teams.”

 

Euro Car parts Genesys
Euro Car Parts head of sales excellence Chole Thomson at Genesys Xperience UK&I

 

In terms of the WhatsApp integration, Thomson explains that a typical interaction might include a customer taking a picture of a registration plate, and requesting some brake pads or a clutch and flywheel.

“The sales advisor will order that part but now they will be able to look at what those customer preferences are and add any weekly specials that we might have on brake fluid, for instance,” she says.

She adds that while Euro Car Parts comprises of sales offices, rather than contact centres, the firm is looking closely at this model and its customer journeys.

“We’re currently looking at what CX centres do well, looking at the customer journey and are learning how we bring that into our world,” she says.

AI capabilities

 

According to Thomson, the next step for Euro Car Parts is to integrate AI and gamification into its new orchestration system.

“We’re excited about using AI for data mining and sentiment analysis to understand what our customers want,” she says.

“AI will let us know things like whether we’ve already set up a promotion for a weekly deal that we’ve already offered before, five times. Or finding out whether there’s a tool on offer that they want. We want to use that information and give the customer what they want.”

Gamification, she adds, will also help celebrate the performance of the company’s sales teams, by giving managers a clear view of who the top performers are.

“In the past it was a bit more unpredictable – someone could just have sold one expensive part. Now we can see who has really been working hard on a daily, weekly, and monthly basis. It will certainly make them more competitive!”

  • Chloe Thomson spoke with TechInformed at Genesys Xperience UKI tour 2024 in June at the Truman Brewery in East London. Live event photography by Nick Beard

The post Driving sales for a new generation appeared first on TechInformed.

]]>
25749
AI’s role in the autonomous enterprise https://techinformed.com/ais-role-in-the-autonomous-enterprise/ Fri, 06 Sep 2024 10:55:12 +0000 https://techinformed.com/?p=25660 As businesses evolve following last year’s surge in AI and automation, the autonomous enterprise concept is emerging as the next major leap. Experts claim that… Continue reading AI’s role in the autonomous enterprise

The post AI’s role in the autonomous enterprise appeared first on TechInformed.

]]>
As businesses evolve following last year’s surge in AI and automation, the autonomous enterprise concept is emerging as the next major leap.

Experts claim that mixing artificial intelligence and automation may offer enterprises a future where technology can self-diagnose and solve issues without human intervention, reducing potential system downtime and boosting productivity.

The concept of an autonomous enterprise sees AI-driven systems manage tasks like predictive maintenance, allowing employees to focus their skills on innovation over troubleshooting. These systems operate in real-time, leading to fewer disruptions and enabling seamless operations across all departments.

Given GenAI’s momentum in recent years, are we anywhere nearer to seeing true autonomous enterprises?

According to Akhilesh Tripathi, CEO and founder of automation vendor Digitate, we are approaching a key moment in the development of AI that will see much more automation across the enterprise sector.

“When we started Digitate, we recognised that, in most large organisations, automation was siloed — it sits within its own island,” he explains. “We found these islands exist because automation doesn’t scale.”

In other words, automation for individual tasks or processes worked, but once additional complexity was introduced, most AI and automation platforms would fail or struggle.

The problem, of course, with having automation but only operating in silos is that it isn’t really automation because businesses still need someone or something to connect each of the processes.

And it is AI itself that can offer a solution, says Tripathi.

Proactive

 

Digitate was launched in 2015 as part of Tata Consultancy Services. It initially offered its Ignio suite of services, which aims to automate enterprise operations.

Tripathi is a TCS veteran, having worked for the Indian giant for more than two decades and rising to head up its Canadian unit. He assumed the chief commercial officer of Digitate at launch and became CEO in 2020.

“Tata has been working on automation and AI since the 1980s. At one point, I worked on a project where we developed a way to automate the delivery of coolant for a water plant.

“As we got more into it, it became very clear that this sort of process automation could be transformative from an enterprise standpoint, but you need to put it directly in the hands of the enterprises so they can maximise its value.”

Digitate has already worked with several large enterprises to help them join up automated processes and deliver AI-powered services.

Avis

 

This includes a project with car rental firm Avis, which was facing a situation that had left its IT and support teams constantly firefighting and manually resolving issues, as well as several other challenges.

Avis engaged in an organisation-wide digital transformation project to move from manual and reactive operations across its 2,900 offices spanning 112 countries to an autonomous and predictive one.

At the time, the rental firm was using a third-party monitoring tool to monitor business-critical applications, but it had suffered availability issues caused by server-level problems, resulting in missed critical alerts.

To overcome this, Avis approached Digitate to implement a solution that would monitor and manage the availability of a third-party monitoring tool. Its Ignio AI platform allowed Avis to monitor any server-side issues, and whenever one arose, the platform conducted a root-cause analysis. It would then triage the issue automatically and perform ‘self-heal’ functions where possible.

Digitate also worked with Avis to reduce downtime of critical applications, including its booking tool for customers. Ignio monitored an Oracle database and functional attributes of a CMS system linked to the applications to isolate issues. It then drilled down further into the application layer, web layer, and database layer to triage issues and proactively fix them.

Overall, Ignio has managed more than 176,372 requests to date, leading to a 68.6% reduction in noise and 99.9% uptime for in-scope critical applications. Around 60% of detected incidents were resolved automatically by the platform.

“We love seeing innovation happen in areas that have been pain points for us for years. This saves us a ton of time and has dramatically improved our compliance,” said Avis in a customer testimonial.

Data-day AI

 

The Ignio platform uses generative AI to assess data points produced by existing operations, then predict potential problems and, where possible, solve them before they need human attention. If it cannot resolve them, it can flag problems earlier, reducing downtime.

Data hygiene is one of the significant challenges facing any enterprise looking to automate processes. If the data used by analytics tools such as Ignio is not clean, its effectiveness will be reduced. However, many companies are using reems of legacy data that are not clean, which is embedded in the processes they are looking to automate.

Tripathi acknowledges this challenge but says AI can be used to recognise duplicity or anomalies within data sets.

“We will have both the logs and information from a sensor, so that helps us to make sense of those processes and survey what is good data and what is not,” he explains.

“We can also present this back to the enterprises so they can start the process of cleaning up their datasets internally, which also helps automate processes in the long run.”

The platform can also detect what is classed as “normal” performance from processes and devices in what Tripathi calls an enterprise contextual blueprint.

“This is dynamic – it is constantly updating,” he adds. “But we can know what ‘Monday morning normal’ is compared to other days and reverse populate that.”

Engie

 

Another Digitate customer, energy provider Engie, generated around 150,000 bills for its 12+ million customers every day.

“Even a minor percentage of problems with billing or invoicing leads to a huge impact, resulting in customer dissatisfaction, handling front desk manual corrections, and piles of unbilled revenue,” says Tripathi.

In some ways, technology made this worse. The introduction of smart meters led to a higher need to correct meter readings, negatively impacting customer satisfaction.

Engie turned to Digitate to help it reduce the generation of incorrect bills and invoicing, reduce revenue realisation loss caused by backlogs, and improve customer satisfaction.

Ignio was integrated with an Oracle database to conduct the automatic execution of service requests with scheduling while identifying and correcting erroneous data in SAP.

This led to more correct meter readings and billing, which in turn led to fewer erroneous bills and examples of double billing. Digitate also helped Engie automate more of its call centre functions to improve customer service.

Stats-wise, this involved more than 4,000 batch jobs that were monitored autonomously. On the finance side, payment files worth 2.5 million were integrated without delay, and monitoring improved system stability by 30%, according to Digitate.

The AI equation

 

Confidence in AI systems is on the rise, and according to Tripathi, this means that elements of automation have now gone mainstream. However, with it have also been some warnings, including several business leaders who warned of the threat newer AI models could pose to humanity.

Tripathi believes AI will make humans “appear more intelligent” because users will be able to extract more insights from business processes and incorporate them into discussions.

He argues that when mixed with automation, AI can “simplify conversations and accelerate problem resolution.”

“If you strengthen that relationship, businesses will see huge advantages. Leaders can better understand what is going on in their business and visualise challenges, helping to build more support for the most complex problems that automated systems can’t overcome alone,” he adds.

He concludes: “In my view, GenAI plus human is better than just a human. But GenAI plus automation AI, plus a human, is better than GenAI. We are big believers in augmenting intelligence – it is never about replacing it.”

The post AI’s role in the autonomous enterprise appeared first on TechInformed.

]]>
25660
Black Hat USA 2024: Eight ways to achieve ‘Secure by Design’ AI https://techinformed.com/black-hat-usa-2024-eight-ways-to-achieve-secure-by-design-ai/ Fri, 06 Sep 2024 09:40:50 +0000 https://techinformed.com/?p=25635 Balancing the need to innovate and develop at speed with the need for security is keeping many cyber folks awake at night, or at least… Continue reading Black Hat USA 2024: Eight ways to achieve ‘Secure by Design’ AI

The post Black Hat USA 2024: Eight ways to achieve ‘Secure by Design’ AI appeared first on TechInformed.

]]>
Balancing the need to innovate and develop at speed with the need for security is keeping many cyber folks awake at night, or at least it was preying on the minds of the speakers who addressed Black Hat’s inaugural AI Summit, which took place in Las Vegas last month.

Occurring just a couple of weeks after the global CrowdStrike IT outage, which ground airports to a halt and forced medical facilities to resort to pen and paper, it felt the right time to reflect as firms find themselves under pressure to adopt AI  faster and release products before they are properly evaluated.

Lisa Einstein, senior AI advisor at the US Cybersecurity and Infrastructure Security Agency (CISA), compared what she called “the AI gold rush” to previous generations of software vulnerabilities that were shipped to market without security in mind.

Global IT Outage: BSOD at airports
CrowdStrike outage: Failure in the design and implementation process had a global impact

 

“We see people not being fully clear about how security implications are brought in. With the CrowdStrike incident, no malicious actors were involved, but there was a failure in the design and implementation that impacted people globally.

“We need the developers of these systems to treat safety, security and reliability as a core business priority,” she added.

The Internet Security Alliance’s (ISA) president and CEO, Larry Clinton, put it more bluntly: “Speed kills — today we’re all about getting the product to market quickly — and that’s a recipe for disaster in terms of AI.”

He added: “Fundamentally, we need to reorientate the whole business model of IT, which is ‘Get to market quick and patch’. We need to move to a ‘Secure by Design’ model and to work with government partners so we are competitive and secure.”

Many of the event’s sessions, which featured speakers from WTT, Microsoft, CISA, Nvidia, as well as the CIA’s first chief technology officer, were focussed on how organisations might achieve ‘Secure by Design’ AI, which TechInformed has summarised in eight key takeaways.

1. Do the basics and do them well

 

“You can’t forget the basics,” stressed veteran CIA agent Bob Flores during one of the event’s panel sessions. “You have to test systems and applications and the connections between the applications, and you have to understand what your environment looks like,” he added.

Flores, who, towards the end of his CIA career, spent three years as the agency’s first enterprise chief technology officer, asked Black Hat’s AI conference delegates: “How many of you out there have machines that are attached to the internet that you don’t know about? Everyone’s got one, right?”

He also warned that, with AI, understanding what’s in your network needs to happen fast “because the bad guys are getting faster. They can overcome everything you put in place.”

And while enterprises might think it’s safer to develop their own LLMs rather than to rely on internet-accessible chatbots such as ChatGPT, Flores is concerned that they might not be building in security from the beginning. “It’s still an afterthought. As you build these LLMs, you must think, every step of the way, like a bad guy and wonder if you can get into this thing and exploit it.”

2. Architect it out

 

Bartley Richardson, cybersecurity AI lead at GPU giant NVIDIA, advised the Black Hat crowd to look at AI safety from an engineering perspective.

“When you put together an LLM application, don’t just look at every block you’ve architected there; look at the connections between those blocks and ask: ‘Am I doing the best possible security at each of those stages?’ ‘Is my model encrypted at rest?’ Are you putting safeguards in place for your prompt injections?’ This is all Security by Design. When you architect it out, these things become apparent, and you have these feedback loops where you need to put in security,” he explained.

3. Create a safe space to experiment

 

Matt Martin, founder of US cyber consulting firm Two Candlesticks and an AI Security Council member for Black Hat, advised that creating a controlled sandbox environment within which employees can experiment was important. “A lot of people want to use AI, but they don’t know what they want to do with it just yet – so giving them a safe space to do that can mitigate risk,” he said.

Martin added that it was important to understand the business context and how it was going to be applied. “Ensure someone in the company is in overall control of the projects. Otherwise, you’ll end up with 15 different AI projects that you can’t actually control and don’t have the budget for.”

4. Red team your products  

 

Brandon Dixon, AI partner strategist at Microsoft, explained how the software giant is balancing advances in AI with security. “We’ve done that through the formation of a deployment safety board that looks at every GenAI feature that we’ve deployed and attaching a red teaming process to it before it reaches our customers,” he says.

Red teaming is an attack technique used in cybersecurity to test how an organisation would respond to a genuine cyber-attack.

Check out our healthcare cybersecurity tabletop coverage here

“We’ve also formed very comprehensive guidance around responsible AI both internally and externally, consulting experts, which has enabled us to balance moving very quickly from the product side in a way that doesn’t surprise customers,” he added.

5. Partnerships are paramount

 

According to CISA’s Lisa Einstein, ‘Secure by Design’ relies on public and private enterprise partnerships. She added that this is particularly important in terms of sectors that provide critical infrastructure.

To this end, in 2021, CISA established the Joint Cyber Defense Collaborative (JCDC). This public-private partnership aims to reduce cyber risk to the nation by combining the capabilities of the federal government with private sector innovation and insight.

Einstein told conference delegates: “CISA only succeeds through partnerships because more than 80% of critical infrastructure is in the private sector in the US.

“We have a collective and shared responsibility. I’m seeing organisations that didn’t think they were part of this ecosystem, not realising that they have part of the responsibility. Tech providers also need to help these enterprises become more secure and keep everything safe,” she said.

Partnerships with and between vendors were also emphasised at the event. Jim Kavanaugh, longtime CEO and technology guru of $20 billion IT powerhouse World Wide Technology, spoke on the benefits of the firm’s long-term partnership with chipmaker Nvidia, including advances with AI.

In March this year, WWT committed $500 million over the next three years to spur AI development and customer adoption. The investment includes a new AI-proving ground lab environment and a collaboration ecosystem that uses tools from partners, including Nvidia.

While former CIA agent Flores recognised that such partnerships were crucial,  he also stressed the need for firms to conduct robust assessments before onboarding.

“Every one of your vendors is a partner for success, but there are also vulnerabilities. They must be able to secure their systems, and you must be able to secure yours. And together, you must secure whatever links them,” he noted.

6. Appoint an AI officer

 

The conference noted the rise of the chief AI officer, who oversees the safe implementation of AI in organisations. This appointment is now mandatory for some US government agencies following the Biden Administration’s Executive Order on the Safe, Secure and Trustworthy Development and Use of AI.

These execs are required to evaluate different ways to deploy robust processes for evaluating use cases and AI governance.

While it was not a requirement for CISA to appoint a chief AI officer, Lisa Einstein stepped up to the role last month as the organisation recognised that it was important to its mission beyond having an internal AI use case lead.

CISA wanted someone responsible for coordinating those efforts to ensure we were all going in the same direction with a technically sound perspective and to make sure that the work we’re doing internally and the advice we are giving externally is aligned so that we can adapt and be nimble, “she explained.

While this doesn’t have to be a board-level appointment, Einstein added that the person needs to be in the room with an ever-expanding roster of C-Suit players: the CIO, the CSO, the legal and privacy teams, and the data officers when decisions and policies on AI are made.

Einstein added that, within ten years, the position should be redundant if she’s done her job well. “By then, what we do should be so ingrained in us that we won’t need the role anymore. It would be like employing a chief electricity officer. Everyone understands the role they must play and their shared responsibility for securing AI systems and using them responsibly.”

7. Weave AI into your business operations

 

For ISA chief Larry Clinton, Secure by Design starts with theory. For over a decade, his organisation has collaborated with the US National Association of Corporate Directors (NACD), the US Departments of Homeland Security, and the Board of Direct Justice on an annual handbook for corporate boards to analyse cyber risk.

According to Clinton, ISA is currently developing a version of this handbook specifically for working with AI, which will be released this fall.

Clinton claimed that enterprises need to bring three core issues to the board level.

“AI deployment needs to be done strategically. Organisations underestimate risks associated with AI and overestimate the ability of staff to manage those risks. This comes from an idiosyncratic adaptation of AI, which needs to be woven into the full process of business operations, not just added on independently to various projects,” he says.

The second issue, he said, was education and the need to explain AI impacts to board members rather than explaining the nuts and bolts of how various AI deployments work.

The third issue, he added, was communication. “It’s critical that we move AI out of the IT bubble and make it part of the entire organisation. This is exactly the same advice we give with respect to cybersecurity. AI is an enterprise-wide function, not an IT function.”

8. Limiting functionality mitigates risk

 

According to Microsoft’s Brandon Dixon, limiting the actions that an AI system is capable of is well within a human’s control and should, at times, be acted upon. The computer giant has done this with many of its first-generation copilot tools, he added.

“What we’ve implemented today is a lot of ‘read-only’ operations. There aren’t a lot of AI systems that are automatically acting on behalf of the user to isolate systems. And I think that’s an important distinction to make — because risk comes in when AI automatically does things that a human might do when it may not be fully informed. If it’s just reading and providing summaries and explaining results, these can be very useful and low-risk functions.”

According to Dixon, the next stage will be to examine “how we go from assertive agency to partial autonomy to high autonomy to full autonomy. At each one of those levels, we need to ask what safety systems and security considerations we need to have to ensure that we don’t introduce unnecessary risk.”

The post Black Hat USA 2024: Eight ways to achieve ‘Secure by Design’ AI appeared first on TechInformed.

]]>
25635
How London aims to improve its 5G, rated the worst in Europe https://techinformed.com/how-london-aims-to-improve-its-5g-rated-the-worst-in-europe/ Thu, 05 Sep 2024 14:20:48 +0000 https://techinformed.com/?p=25604 The world’s urban populations continue to expand – in the US alone, more than 80% of citizens are city dwellers,  according to the United Nations,… Continue reading How London aims to improve its 5G, rated the worst in Europe

The post How London aims to improve its 5G, rated the worst in Europe appeared first on TechInformed.

]]>
The world’s urban populations continue to expand – in the US alone, more than 80% of citizens are city dwellers,  according to the United Nations, with similar trends observed in Europe, Oceania, Latin America and the Caribbean.

As cities swell, so does the demand for robust and efficient infrastructure – from housing to transportation and healthcare, there is pressure on local governments to invest in services. And many of these are underpinned by connectivity.

Technologies such as 5G and fibre are not merely faster and more efficient – they are the bedrock on which innovation builds in both the public and private sector. These sorts of connectivity enable real-time applications, such as intelligent traffic systems and public safety announcements, and also play a key role in the daily lives of citizens and businesses.

But not all cities are built the same, and connectivity can vary greatly from nation to nation, or even in neighbouring cities.

Take London, for example. Despite being a major technology and financial hub, the UK capital has significant room for improvement when it comes to connectivity, according to telecoms measurement service MedUX, which names it as one of the worst for quality 5G experiences in a study of 10 European cities.

According to the MedUX – which works with telecom providers, regulators, and enterprises to quality assess fixed and mobile wireless internet broadband – Berlin has the best connectivity. It found that the German capital has an 89.6% reach and was also the best city for 5G streaming with an average latency of less than 40 milliseconds.

By comparrison, only 77.5% of London’s population has 5G on its devices, below the urban average. Plus, it has an average download speed of 143 megabits per second, while in cities such as Lisbon, the speed is 528 Mbps, and 446 Mbps for Porto.

“Investing in high-quality 5G networks is crucial for achieving the smart cities’ vision,” says MedUX CMO, Rafael González. “This involves more than just widespread 5G coverage; it requires networks that meet specific performance standards for different use cases.”

Future-proof cities

 

MedUX’s research found significant disparities in network quality between regions, such as the UK compared to Germany – but consistent and reliable connectivity is essential for real-time applications and critical mission services.

For governments, the real task goes beyond laying fibre and erecting 5G towers. It requires a concerted effort to ensure these infrastructures are utilised to their full potential.

“In smart cities, high-quality connectivity is essential not just for enabling future-proof technologies like 5G but also for societal development, efficiency, and competitiveness,” says González.

He adds that real-time data transmission enabled by high-speed, low-latency networks are crucial for applications in traffic management, public safety, emergency response and more.

“Reliability and consistent performance also play a critical role in ensuring access to services and improving overall city efficiency.”

Take smart traffic management, such as Manchester city’s ongoing digital transformation of its transit system, where 5G connectivity can help in providing real-time data of transportation.

This will aid in streamlining transportation so commutes are timelier and can also help traffic light systems with reducing traffic and ensuring a better flow of vehicles.

“I really believe in the next five to ten years we will start to see smart transportation as a reality,” he adds.

Rafael González, CMO, MedUX

 

“Smart traffic management, in general, is a very interesting use case, not only for real-time traffic data but also for autonomous vehicles,”

González points to the future idea of controlled lanes that will host only autonomous vehicles that will wirelessly communicate with each other and infrastructure: “That’s going to take more time, but of course, we are going to see that.” And 5G quality must keep up.

“Another use case that is very important is telemedicine.”

Similarly how the UK city of Liverpool has implemented 5G cells around the area of Kensington to ensure residents using telemedicine devices are connected, and nearby GPs can monitor their health remotely.

However, as cities become busier and GPs and hospitals become more strained, this type of remote monitoring will become more essential – so the need for quality 5G is equally important.

UK telco response

 

Given the poor results, TI asked telecoms operators in the UK what was going on – perhaps surprisingly, they acknowledge the performance issues, blaming market issues.

Robert Finnegan, CEO of Three UK tells TI: “UK mobile networks rank an abysmal 22nd out of 25 in Europe on 5G speeds and availability, with the dysfunctional structure of the market denying us the ability to invest sustainability to fix this situation.”

Finnegan claims his firm’s proposed merger with Vodafone will “unlock £11 billion” worth of investment in digital infrastructure to help improve 5G networks across the UK.

Reza Rahnama, MD of mobile networks at BT Group says since EE, which it owns, launched in 2019, “it has prioritised quality of experience and reliability.”

The MedUX report supports this, with EE ranked the highest for UK mobile operators.

“While some networks have focused on peak speeds in small areas, EE’s approach has been a more consistent experience for a wider number of customers.”

“A lot of the focus has therefore been on continuous coverage, by upgrading areas of coverage, rather than some of the less targeted approaches that can be adopted by others.”

Recently EE implemented 5G ‘small cells’ in the London borough of Croydon.

Small cells are street-level miniature masts that attach the existing street furniture, like phone boxes and lampposts, with the aim of boosting signal in busy areas.

“These sites are a crucial part of our mobile network and help to reduce congestion, boost speeds and improve experience,” says Rahnama.

“By using advanced network analytics, we’re able to identify areas of London and the rest of the UK that experience high traffic demands and would therefore benefit the most from small-cell deployment.”

What did local government have to say? A spokesperson for the Mayor of London, Sadiq Khan, tells TI: “The Mayor’s Connected London programme has supported the delivery of core 5G infrastructure, and over the last seven years this has seen full fibre coverage rise from 4% to nearly 70% of the city.”

“This is an addition to hundreds of kilometres of London Underground tunnels and stations getting 5G coverage. Above ground, thousands of TfL and council assets, such as lampposts, are being used to help boost 5G on high streets and busy areas.”

Investment and permits

 

For cities such as London which are lagging behind, González points out that more investment is needed, and the challenge of achieving permits to deploy physical infrastructure adds to the delay.

Plus, in 2020, the UK banned Chinese telecoms giant Huawei’s infrastructure over concerns that it posed a risk to national security.

Kester Mann, analyst at CCS Insight explains that this has caused the UK to take a step back as operators had to replace a lot of existing equipment, costing around £500 million (though other European countries face similar challenges.)

Mann adds that there is a lot more caution in the UK in general for deploying 5G networks compared to the 4G era.

“4G was a significant period, with networks being at the forefront because of the 1800 MHz spectrum which allowed telcos to deploy 4G quickly and allowed for more use cases,” says Mann.

“With 5G, the ‘C-band’ spectrum, which is valuable for coverage, requires more infrastructure to achieve the same coverage.”

He also says that concerns about the return on investment have halted more money going into infrastructure.

“Investing in the next stage of digital infrastructure like 5G is important. While there’s a valid point about the lack of consumer use cases, the next stage, 5G standalone, presents potential new applications and services, particularly for enterprises.

Operators like BT are moving towards launching standalone 5G, which could generate more interest.”

BT’s Rahnama says: “It’s worth remembering that 4G remains a reliable and fast alternative. In fact, 4G small cells offer speeds of up to 300Mbps and ensure that our customers receive unrivalled reliable mobile connectivity.”

“What’s more, to date, 5G deployment has been done over a 4G core. The rollout of 5G standalone – where the technology sits on its own core – should help to improve customer experience further in the years ahead.”

Mann concurs that the move to 5G standalone could kickstart the market, alongside the merger between Three and Vodafone, “potentially leading to stronger investment in the UK.”

“Having three strong providers might be better for the UK market compared to having two major and two subscale operators. This has worked well in other countries like the US, China, and South Korea, which mainly have three networks.”

The UK government has a target for all populated areas in the UK to have standalone 5G coverage by 2030.

“This is primarily being rolled out by private mobile network operators EE, O2, Vodafone and Three,” says the spokesperson for Sadiq Khan.

Mann added that London’s urban landscape could potentially make coverage a challenge compared to more open European cities.

“Small local deployments, or small cells, might address this.”

The spokesperson for the Mayor of London says “Khan is committed to improving mobile coverage in busy and built-up areas in London and is future-proofing mobile connectivity by reforming planning laws to require all new developments to have sufficient connectivity.”

“Improving digital connectivity in London will help to increase innovation, productivity and growth across our economy and will help us to continue building a build a better London for everyone.”

The post How London aims to improve its 5G, rated the worst in Europe appeared first on TechInformed.

]]>
25604
A coffee with…Erich Kron, security awareness advocate, KnowBe4 https://techinformed.com/a-coffee-with-erich-kron-security-awareness-advocate-knowbe4/ Fri, 30 Aug 2024 11:07:05 +0000 https://techinformed.com/?p=25492 A well-known speaker on the cybersecurity circuit, Erich Kron educates IT administrators, security professionals and users on ways to protect themselves and their firms from… Continue reading A coffee with…Erich Kron, security awareness advocate, KnowBe4

The post A coffee with…Erich Kron, security awareness advocate, KnowBe4 appeared first on TechInformed.

]]>
A well-known speaker on the cybersecurity circuit, Erich Kron educates IT administrators, security professionals and users on ways to protect themselves and their firms from cyber-threats, which include ransomware, phishing and other social engineering attacks.

After holding IT roles in the US military and aerospace industries, Kron moved into a senior cybersecurity role at the US Army’s Regional Cyber Centre, joining Florida-based Knowbe4 eight years ago, as a security awareness advocate.

Knowbe4 is a security awareness training and simulated phishing platform that helps organisations address the human element of cybersecurity. It boasts over 65,000 customers, which range from small businesses to big enterprises.

Earlier this month the platform acquired UK-based AI powered email security firm Egress to help it create an advanced artificial intelligence-powered cybersecurity platform. Knowbe4 also hit the headlines recently for unwittingly employing a North Korean hacker.

 

Tell us more about Knowbe4’s training platform and how the acquisition of Egress’s business will enhance it?

What our platform really tackles the human element involved in cyber security, which means a lot of training, a lot of education and simulations of phishing attacks. These give you a chance to practice what you have learned during training. If people  make a mistake, it’s not a problem , it’s a fail-safe environment – it’s not the end of the world if you make a misstep.

Egress is going to help us to expand our platform even more so we can do things with the emails – put more warning banners on things that say ‘Hey this looks like a phishing email because of this’…It gives them an idea to be more careful of that email.

Do you cover newer threats such as deepfakes?

We teach people about deepfakes; we educate people on the dangers of deepfakes, but we don’t generally generate deepfakes. We have an AI component within our platform that is very cool. It looks at what people are trained on, and it will choose the  templates relevant to individuals. AI does a really good job with personalising training packages.

Is email still considered the main vector for phishing attacks?

It’s interesting the attackers are starting to pivot. They are trying to get people out of email and onto other platforms such as WhatsApp or Teams. So, we have filters that look at email traffic but if you go on WhatsApp that’s going to be a whole lot harder to see. It’s a clever way of doing it – another evolution of tech in general and then exploiting it for bad.

Are you noticing an increase in attacks on targeted individuals?

Most phishing attacks have always been targeted spear-phishing attacks.  I don’t know that I’ve noticed an increase in it. But I have noticed that the way they carry out attacks is more advanced. For example, in the old days, you’d get an email from the CEO saying I need you to email $250K right away  – there’s always a sense of urgency… But when it’s followed up by a text message people let their guard down there’s an inherent trust. So, for the higher value targets that kind of effort is being put into this to make it successful.

With GenAI phishing appears to be getting more sophisticated – gone are the days of the badly spelt Nigerian Prince scam….

It seems like this when there are 6.4bn fake emails sent out every single day. A lot of these are caught by filters now. But the ones that make it through to people’s desktops are the higher quality ones. Because the bad ones are being caught, a side effect from filters is that people are being exposed to the higher quality ones. Which means the average person is going to be exposed to the more difficult-to-spot attacks.

And now AI is being used to increase the efficiency and the amount of people being attacked. It used to be you’d read one of these scams and the grammar and spelling were awful – what we’re finding now, is that the responses feel authentic. An English-speaking scammer can now turn something into German or American English. AI allows attackers to scale further.

Are we losing the battle?

I wouldn’t say that. But it’s still a tough thing to face. The technology is changing but the tactics remain the same.  They still know that if they get you in a highly emotional state, you don’t think thing through,  that part hasn’t changed.

Frauds can fool the best of us. How did Knowbe4 accidentally end up hiring a North Korean hacker?

I can’t talk about everything because it’s still an open investigation, but we want to be very upfront because we want other firms to understand that this is a threat and we’ve written a blog about it.

We were looking for someone who was an AI developer, and we received over 1000 responses which we got down to 30-40  candidates and went through this whole hiring process. After four zoom calls we ended up hiring someone with a great resume and they went through a background check, the whole nine yards. And we hired them, sent over the equipment, but then we sensed immediately, upon letting them into the network, that they were downloading hacking tools.

Were they able to breach you?

When we hire new employees, their user account only grants limited permissions that allow them to proceed through our new hire onboarding process and training. And the way we do it, the only thing he had access to start with was his training modules.

We’re a very security conscious company – so when we confronted him, he said he was trying to fix something with his router for Wi-Fi. That didn’t add up –  so within 25 mins he was shut off the network.

What was their modus operandi?

This guy was part of a North Korean gang. They used AI generated modified photos as his picture along with a stolen identity of a US citizen and because it was backed by the North Korean state – he had a lot of documents and ID matches.

The guy really knew what he was doing. Then they use VPNs to access the workstation from their physical location, which is usually based North Korea or China. From here it’s  picked up by a new person who takes it to an apartment building and operated by North Koreans working at an IT mule laptop farm.

The scam is that they are actually doing the work for us, acting as our employees and getting very well paid, and they give a large amount of these earnings to the North Korean government to fund their illegal programs.

On a lighter note, how do you take your coffee?

With cream and sugar.

What was the last piece of tech you bought for yourself?

A high-end video card so that I can play around with some of my own AI stuff at home. I’m working with LLMs to test them out and to see what’s going on behind the curtain.

I’m really fascinated by AI graphics – some of those GenAI tools are amazing. I’ve been looking at an AI video generator called Kling AI – which has just opened to the public. It’s hosted in China – which sometimes gives people reservations – but you can generate an image from a text prompt, a video from a text prompt or from taking the image in there and then prompting it to move and look around. It can generate some incredible stuff from just that 2D image. To me that’s fascinating.

The post A coffee with…Erich Kron, security awareness advocate, KnowBe4 appeared first on TechInformed.

]]>
25492
Going for the Jugular: Anatomy of an Attack (Part Two) https://techinformed.com/anatomy-of-a-healthcare-attack-part-2-going-for-the-jugular/ Fri, 30 Aug 2024 09:08:52 +0000 https://techinformed.com/?p=25446 Now the red team has gained access (read Part 1 to find out how), it’s time for them to collect information and live off the… Continue reading Going for the Jugular: Anatomy of an Attack (Part Two)

The post Going for the Jugular: Anatomy of an Attack (Part Two) appeared first on TechInformed.

]]>
Now the red team has gained access (read Part 1 to find out how), it’s time for them to collect information and live off the land. One of their first calls was to identify email servers and misconfigured service accounts.

“From this, we’ve also managed to get into the accounts of the other users. We will also set up new accounts if we gain permissions which will allow us to move around the network,” explains Tomer Nahum, an MVR who is leading the red team of hackers during this Semperis-hosted tabletop.

Often configured and then forgotten, service accounts are used to manage and update servers. Because they are designed to perform automated tasks, and often come with elevated privileges, service accounts have become attractive targets for hackers looking to compromise networks and move around laterally.

The hackers are also starting to sniff around for financial information across the network. While it’s of lower priority than patient data in healthcare, it can still help hackers decide how much to ask for during ransom negotiations.

“For defence evasion, we’re trying to stay within the boundaries of normal activity — we don’t want to draw attention to ourselves, so, to do this, we need to understand what normal activity looks like,” adds Nahum.

Purple knights Semperis
Purple team map out containment strategies

 

For the purple team charged with leading the hospital’s defences, the goal is threat detection with customer rules that they’ve built. They use tools designed to examine user behaviour and have a network detection and response (NDR) system set up that feeds into a security information and event management (SIEM) tool. This allows IR to monitor anomalies in terms of traffic, file transfers, access controls and “anything that looks like it’s leaving the organisation but shouldn’t.”

Exfiltration Vs containment

 

In terms of moving the data out of the network, the Red Raccoons decide to move the data laterally rather than vertically through soft targets such as the university and research groups as well as acquired companies with lesser managed networks.

For good measure, they’ve also orchestrated a disinformation campaign online that has resulted in a physical protest outside one of the main hospital buildings, maximising chaos, to distract senior management.

Ransomware has also been scheduled to go off at certain points, encrypting documents that can only be released with a key.

Momdjian notes that one trick attackers have gone for recently is not going for full encryption but going for just part of a file: “just enough to damage it so you can’t use the whole file.”

On the other hand, he adds that if you detect a change in file size or any change to the file itself, your security systems should alert you.

The Purple Knights, meanwhile, have been refining their detection capabilities and noticing some of Red Raccoons’ tactics. Their IR is now focussed on containment: lockouts, isolation, and segmentation of the network and critical hosts.

The question is, will they pull the plug on all the connected devices — including connected beds and live saving machines — that exist within the hospital’s IoT ecosystem?

“We’ve been isolating a lot of our IoT devices and bio-med devices just to make sure they are on a safe network – so if we get hit by a ransomware load, it would be contained within a certain segment,” explains Jeff Wichman, purple team lead and Semperis director of incident response.

“In the meantime, we will try and transition physically all beds that can be moved. And, of course, decisions must be made for critical patients,” he adds.

Ransom demands

 

The red team has an idea of the amount they want Sunshine Health to pay out. “They probably already know what their target is going to pay and what the cyber security insurance payout will likely be if policy documents have been kept anywhere on the network,” Momdjian adds.

Back to the hack, and the Raccoons are ramping up the pressure with threats of leaking information to the media if the Purple Knights don’t pay up.

“Little by little, we will leak data until it’s too much for them to take,” says one team member, a little too gleefully.

The Reds present their attack strategy

 

The purple team, meanwhile, have brought in several third parties to aid with containment and negotiations. “We’ve brought in the FBI as well a Computer Security Incident Response Teams (CSIRT),” Wichman reports. “Communications about the attack are also going on at a stakeholder level, and we’ve activated our disaster recovery plan.”

The team is hopeful that they will receive customised indicators of compromise (IOCs) from some of these partners that will help them to detect and prevent attacks, or limit the damage done by stopping attacks early.

From a recovery perspective, Wichman — a former ransomware negotiator at Palo Alto’s Unit 42 division — explains that the purple team is negotiating to stall: “That gives the third-party time to investigate and time to understand the full scope and additional monitoring in place.

He adds: “We’re also starting with a full reset of every account — which is very painful but better than building the Active Directory (AD) from scratch.”

Semperis’s 2024 Ransomware Risk Report reveals that only one-quarter of respondents maintain a dedicated AD backup system. Yet, Gartner notes that adding dedicated tools for backup and recovery of AD can accelerate and simplify recovery from cyberattacks.

The Knights added that they also aimed to compromise the attack infrastructure and encrypt all their files before the hackers could access them.

The IR team has decided that there will be no comment to the press while they were still investigating the attack. “That would be more of a stakeholder decision – it’s executives that should make those calls, which should be controlled by legal and PR,” says Wichman.

Cyber healthcare expert Marty Momdjian, who has been leading the exercise, adds that every healthcare system currently has its legal teams and third-party council on speed dial.

To pay or not to pay?

 

Momdjian says that the big question that always comes up is whether to pay the ransom.

“The straightforward answer is “No, never.”  But there are situations where firms have had to pay the ransom because it’s really the only way out.

It’s lucrative for threat actors at the end of the day,” he admits.

According to Seperis’ latest ransomware risk report, around 66% of all healthcare companies end up paying the ransom, with 16% admitting that payout was a matter of life and death.

While these figures seem high, Healthcare is one of the sectors least likely to pay, with Education paying up in 70% of cases, Travel paying up in 85% of cases, and Finance paying up in 80% of cases.

According to Wichman, each organisation has its own risk tolerance on whether it is willing or not willing to pay. “It comes down to a couple of factors of what data the attackers have; in a healthcare situation, someone’s life is on the line. The attackers know that and will use it to their advantage.”

Third-party support

 

Wichman advises using third party services when entering negotiations with attackers. “I do not recommend any organisation communicate with an attacker directly,” he stresses.

He adds that the person shouldn’t be someone from the internal IR team, especially not someone who is solely focussed on IT. They tend to only look at things from the point of view of their own department and might not grasp the repercussions or the bigger picture.

“They also tend to be more emotionally involved in what should be conducted as a business transaction,” he says.

Jeff Wichman, former negotiator and head of incident response, Semperis

 

According to Wichman, it’s also becoming increasingly common for cyber insurers to become involved during the negotiation stage, although this can also complicate things.

The negotiator has had incidents in the past where he hasn’t been able to seek the required approval of a cyber insurer because the person responsible had clocked off for the weekend and wasn’t available until the Monday. “Hackers don’t work to that 9 to 5 timetable,” he warns.

Pizza advice

 

We wrap with takeout pizza — the incident response room’s meal of choice “because it allows you to keep one hand free to do something else,” Momdjian adds.

During a controlled environment like a tabletop, the whole team is together — but Momdjian warns that in the real world, this experience would be “far harder and more chaotic.”

“For healthcare, when there is an adversary in the network, decisions have to be made instantly, but they can’t be executed instantly because of the level of approval needed from clinicians,” he says.

According to Momdjian, during a real-life incident, there would be a different roster of people working rotating shifts, as it’s not possible for people to manage incidents like this effectively if they’ve been working around the clock for days on end.

One of TechInformed’s key takeaways was just how pervasive, successful, and lucrative the ‘business’ of ransomware is. According to Semperis’ 2024 risk report, 74% of respondents who were victimised by ransomware within the past 12 months were attacked multiple times, many in the span of a week.

In total, 78% of the targeted organisations surveyed paid the ransom, with 72% paying out multiple times.

This last stat suggests that paying attackers does not solve the larger problem. According to Semperis, more than a third of organisations that paid the ransom failed to receive decryption keys or were unable to recover their files.

So, while planning, contingency, and backup — as well as tabletops like this one — might not prevent hospitals from paying up in life-or-death situations, having the right tech and knowledge at their disposal certainly increases their bargaining power and limits their chances of subsequent attacks.

And kudos to the Purple Knights — the Red Raccoons really did have the easier job in this exercise. As Wichman says: “Detecting everything is the tough job  — because all attackers need to do is find one hole.”

Did you miss Part 1 of this healthcare attack scenario? Click here.

 

The post Going for the Jugular: Anatomy of an Attack (Part Two) appeared first on TechInformed.

]]>
25446
Ransomware gangs of 2024: The rise of the affiliates https://techinformed.com/ransomware-gangs-of-2024-the-rise-of-the-affiliates/ Fri, 30 Aug 2024 09:07:10 +0000 https://techinformed.com/?p=25450 The last 12 months have brought big news on the ransomware front, with law enforcement announcing the takedowns of major ransomware gangs including LockBit and… Continue reading Ransomware gangs of 2024: The rise of the affiliates

The post Ransomware gangs of 2024: The rise of the affiliates appeared first on TechInformed.

]]>
The last 12 months have brought big news on the ransomware front, with law enforcement announcing the takedowns of major ransomware gangs including LockBit and ALPHV/Black Cat.

But despite the success of the FBI and its allies in tackling some of the biggest threat actors, businesses find themselves no safer from cyber-attacks than in previous years.

Security firm WithSecure says the frequency of attacks and ransom payments collected in the first half of 2024 was still higher than over the same periods in 2022 and 2023.

So, has the disbandment of two of the most dominant and well-known ransomware gangs done nothing to make enterprises more secure? Or is something else going on?

Emerging data from reports such as WithSecure’s indicate a shifting trend: affiliates once aligned with LockBit and ALPHV are now avoiding the big-name gang. Trust in a larger group has waned, with many members opting for smaller, more nimble groups.

A shift in the landscape

 

Since the downfall of LockBit in February, cybersecurity experts are still evaluating the long-term impact on the ransomware ecosystem – however, the prevailing consensus is that affiliates are adopting a more “nomadic” approach.

Affiliates are smaller criminal enterprises that lease a ransomware operator’s malware, techniques, stolen passwords etc in return for paying a monthly fee and share a percentage of any ransom payments.

“Through the data, the FBI identified 190 affiliates using LockBit’s service in February,” says Tim Mitchell, a security researcher at Secureworks.

“By May, following sanctions and indictments against LockBit’s admin, only about 60 affiliates remained active,” presenting a dramatic two-thirds reduction in those affiliated following the initial action.

With new sanctions in place, it has become illegal for companies in the US and the UK to pay ransoms to the gang, cutting off its primary revenue stream and attracting affiliates to other gangs.

“It’s surprising that they’re still active, albeit at a much lower rate,” says Mitchell. “March saw a significant surge in victim names, around 170 in one month (though many were possibly rehashed victims from earlier), but by June or July, the number had plummeted to about 12-15 victims.”

Before the exposure of its admin, its leader Dmitry Khoroshev, declared the gang to be the “eternal” group – however, Mitchell believes that without a rebrand, it’s looking unlikely that LockBit will remain as disruptive as before.

For ALPHV, while the FBI disrupted its site in December 2023, the gang continued operating until early this year when it revealed responsibility for the Change Healthcare attack that crippled pharmacies across the US, including those in hospitals.

Allegedly, although not publicly confirmed by Change Healthcare, the gang received a $22 million ransom payment. However, in this case the affiliate who executed the attack did not receive the share, and ALPHV went on to cease operations entirely – suggesting an exit scam.

This incident has eroded trust from both sides of the attack. Despite the large payment from Change Healthcare, the firm has not seen the stolen data, and affiliates left homeless may have lost their confidence in the well-known group.

Fragmentation

 

Following LockBit’s takedown, the number of ransomware groups listing victims has risen from 43 to 68, according to Secureworks data.

“For affiliates, it’s becoming clear that they might not get what they promised from larger groups, which may be driving them towards smaller, more reliable groups,” says Mitchell.

“After BlackCat’s impact on the marketplace, affiliates were left without a platform, and no obvious successor emerged,” he added.

According to cybersecurity firm Mandiant, some threat actors claim to use multiple ransomware families simultaneously, providing them with some level of stability to weather possible disruptions to ransomware-as-a-service (RaaS) offerings.

It expects that “the threat actors impacted will likely in time be able to recover and continue to engage in ransomware and extortion activity.”

Going underground

 

“While government efforts slowed down well-known operators, other groups like Blacksuit, Medusa, and PLAY have filled the void LockBit left,” says Tyler Reese, director of product management at Netwrix.

Tyler Reese, director of product management, Netwrix

 

For instance, according to a report from researchers at GuidePoint security, Medusa is offering generous profit-sharing percentages, with up to 90% going to the affiliates – this is a much better deal than in the past when affiliates were obliged to part with up to 40% of the ransom profits which went to the gangs.

Another smaller gang called Cloak is offering an 85% profit share, with no initial payment needed to become an affiliate – something that appears to have worked for the gang Medusa as victim numbers have surged since February according to WithSecure.

Similarly, Mitchell adds, Qilin – responsible for recently publishing NHS data it attained, and also caught stealing credentials stored in Google Chrome – has stepped up, though it’s not to the same scale as LockBit.

As well as this, RansomHub, which provides infrastructure and features top of Ransomware Groups by number of victims in August this year according to BitDefender, is attempting to recruit affiliates that have been impacted by recent shutdowns or exit scams.

“RansomHub became a bit of a place for homeless ransomware operators,” says Mitchell.

According to WithSecure, it is choosing to attract new recruits by letting them accept payment from the victims directly, before sending their share to the RansomHub – something WithSecure reports to be a possible attempt to reassure those who were spooked by ALPHV’s exit scam, which was only able to occur because the gang controlled payments.

“In terms of top groups, there’s no clear leader, but there are a lot more schemes operating than ever before,” says Mitchell.

To gain access, “it’s still largely through old vulnerabilities in internet-facing services, and reusing stolen credentials,” he adds.

Ransom-where?

 

Determining where in the world an affiliate is located is also harder if acting alone as most use the same tools and will use a Virtual Private Server (VPS) to make it look as if they are in another country.

“These groups are focused on making as much money as possible, focusing on critical infrastructure like hospitals and government agencies to cause major disruption,” says Kevin Curran, senior member of IEEE and professor of cybersecurity at Ulster University.

Kevin Curran, a senior member of IEEE and professor of cybersecurity at Ulster University

 

“AI-enhanced cyber-attacks are a serious concern for the near future. Authorities like the UK’s National Cyber Security Centre (NCSC) are focusing on ensuring AI systems are secure-by-design and continue to urge organisations to adopt robust cybersecurity,” he adds.

Ransomware remains a significant, and costly threat. According to Netwrix 2024 research, 45% of organisations that experienced a cyberattack have had to deal with unplanned expenses to fix security gaps.

Alongside this, 16% faced a decrease in company evaluation, and 13% had to deal with lawsuits compared to only 3% a year ago.

“There is no single solution or ‘magic bullet’ to eradicate ransomware entirely,” says Reese.

“Regular data backups, timely software and system patching, robust endpoint and network protection, and strong identity protections with multi-factor authentication are significant steps toward cyber resilience in the era of inevitable attacks.”

The post Ransomware gangs of 2024: The rise of the affiliates appeared first on TechInformed.

]]>
25450
Operation 911: Anatomy of an Attack (Part 1) https://techinformed.com/operation-911-anatomy-of-a-healthcare-ransomware-attack/ Thu, 29 Aug 2024 17:37:27 +0000 https://techinformed.com/?p=25367 Looking out the window of a top-floor suite in the Mandalay Bay Hotel, across the Las Vegas skyline, a helicopter full of tourists sets off… Continue reading Operation 911: Anatomy of an Attack (Part 1)

The post Operation 911: Anatomy of an Attack (Part 1) appeared first on TechInformed.

]]>
Looking out the window of a top-floor suite in the Mandalay Bay Hotel, across the Las Vegas skyline, a helicopter full of tourists sets off towards the Grand Canyon.

But inside this room full of cybersecurity experts, TechInformed is prepping for a different kind of sightseeing.

More than 20,000 cybersecurity professionals have gathered in the Nevada city in the August heat for Black Hat — a weeklong event that offers security consulting, training, and briefings to hackers, corporations, and government agencies

We were invited to join several of those experts in this suite for an immersive tabletop exercise demonstrating a ransomware attack on a medical facility from both the offensive and defensive sides.

Tabletops are like the war games used to prepare military forces across the globe during times of peace.

The healthcare sector is a prime target for cyber criminals, and a surge in ransomware attacks on hospitals threatens patients’ safety and data.

 

Cyber firm Semperis’ temporary Vegas residence

 

High-profile attacks have included the Change Healthcare ransomware attack in February, which shut down the largest healthcare payment system in the US and led to a reported $22 million ransom payout.

When lives are at risk, the stakes are high: In May, an attack on Ascension Health, the operators of over 140 hospitals in the US, put patients’ lives at risk and crippled revenue flow in the healthcare industry for weeks.

In the UK, meanwhile, a cyber-attack in June on pathology service Synnovis impacted several London hospitals and led to an unprecedently low level of blood stocks across England.

Tabletop scenario

 

And so, a dozen or so people have gathered in this tabletop – Operation 911.

Participants include several hospital executives, the FBI, software developers, security professionals, hackers who have worked for various military organisations and local law enforcement officers from the Las Vegas Metropolitan Police Department.

They are split evenly into two teams: The red team, ‘The Red Raccoons,’ is charged with launching a high-stakes ransomware attack against Sunshine Healthcare, a fictitious hospital located in Las Vegas renowned for its patient care, new innovations, and recent acquisitions.

They are led by Semperis security researcher Tomer Nahum, who has recently achieved Microsoft Most Valuable Researcher (MVR) status.

Semperis healthcare tabletop
From L to R: Jeff Wichman, Marty Momdjian & Tomer Nahum

 

The Purple Knights, meanwhile, take on the role of the hospital incident response and crisis management team. Former ransomware negotiator Jeff Wichman guides them, currently Semperis director of incident response.

Both teams are shepherded through each step by Marty Momdjian, Semperis EVP of services, who boasts over 20 years of healthcare cyber protection.

High profile

 

Momdjian explains that the tabletop is based on a real-life scenario that lasted around 30 days from the start of the event to the recovery.

Profiling Sunshine Healthcare, he adds that the company turned over $9bn in revenue last year and has a total of 2,500 licensed beds in its five Vegas locations. The company owns the only trauma centre in the region and has 50 in-state clinics. For simplicity, all patient records are kept on a single medical record system (an EMR).

“One of the reasons we wanted to feature an expanding facility is that healthcare facilities go through a lot of M&A, and they become vulnerable targets for hackers,” explains Momdjian.

Tabletop objectives for hackers and defenders

 

He adds that because there’s a trauma centre, the stakes are higher because this must be kept up and running – it’s not a case of shutting all systems down.

“This is a real scenario that’s occurred in major metropolitan areas where there are always Level 1 and 2 trauma centres. When those go offline, it becomes extremely chaotic. And it’s very, very painful,” Momdjian adds.

According to the health sector cyber expert, every healthcare company has been striving towards a single EMR for the last decade, but having one centralised point for medical records also makes it more open to attacks.

“If the EMR goes down, all your sites will go down. All physical locations, units, departments, patient care workflows, ADT (patient tracking), and anything that goes through the EMR are on a single platform,” Momdjian points out.

“The Purple Knights especially need to think about that when they are going through the exercise and the steps and what the impact is with any decision you are making.

“On the red team, that’s your target – to get to the EMR, get the data, exfiltrate and then extortion, disrupting patient services to the extent that the hospital has no other option but to pay the ransom.”

Attack framework

 

For the Purple Knights, Momdjian suggests following the latest guidelines from the US Department of Health and Human Service’s HC3 framework, which he has contributed to, as well as the standard NIST framework.

Frameworks like these can help frequently attacked organisations see the wood from the trees. He explains: “There are alerts coming out every single day — it’s complete overload. So the focus for us is working through what really matters when a major ransomware attack occurs—because the faster you respond, the faster you can recover.”

The red team, meanwhile, is instructed to follow the kill chain (the phases or steps involved in a cyber-attack), which, Momdjian adds, is well-documented by healthcare adversaries.

In terms of finding a way into the hospital group’s systems, the red team decides to target VIP executives attached to the company in some capacity. “We’re looking for names of executives that have been in the news a lot and have active social media accounts,” explains one red team member.

“We’ll look at what systems they’re using and what their admins are so that we can come up with some kind of social engineering strategy to gain access to the network,” he added.

The weakest link

 

As Sunshine Health also has a university relationship and a research department, the red team are also sniffing around this to find a way in.

“Universities are notorious for having weak security,” adds another red team member. “We’re using that connection between the university and the main hospital system as an access point so that we can look for weaknesses and external apps.”

linkedIn
Red team target hospital exec via LinkedIn page and dark web password dump

 

The targeting of a prestigious university researcher rings true with one member of the Purple Knights, who asks Momdjian for advice. The expert says he’s encountered this type before.

“They want to be published and are posting a lot. They tend to use the same password for their healthcare system as they do for social media and LinkedIn. And they make it easy for hackers to find because they tend to use their work email address to sign up for other accounts,” he says.

He advises that if these high-profile medics/ researchers don’t cooperate, you need to apply protective measures against them. “Limit their access. If an incident is escalated to a specific level, remove their access because you know they are an easy target. Tell them that it is part of your policy.”

He adds that it’s standard for hackers to find a way in by buying a password dump from the dark web. “So incident response (IR) should start by making a list of their VIP execs — doing dark web checks on execs and VIPs.”

In terms of other defence measures, another member of the Purple Knights added that a lot has been done in terms of setting up the tech stack and putting in defence vectors. “The main threats we identified were any types of social engineering and phishing emails – user training is useful here,” one member suggests.

The team is also working with Sunshine Health’s chief security officer to develop a disaster recovery (DR) plan and an Incident Response (IR) plan.

However, there’s trouble ahead:  the social engineering exercise used by the red team has worked – and they’ve gained access to the network. It’s time for them to start collecting information and living off the land. What steps can the Purple Knights take to mitigate an attack and protect Sunshine Healthcare from these criminals?

For Anatomy of a healthcare attack – part 2: Going for the jugular click here

 

The post Operation 911: Anatomy of an Attack (Part 1) appeared first on TechInformed.

]]>
25367
Formula E shifts gears: revolutionising broadcasting with edge compute https://techinformed.com/formula-e-shifts-gears-revolutionising-broadcasting-with-edge-compute/ Fri, 23 Aug 2024 10:01:05 +0000 https://techinformed.com/?p=25266 Formula E recently celebrated its tenth birthday, with the ‘green’ racing championship now bigger than ever. Launched in 2014 as a sustainable alternative to Formula… Continue reading Formula E shifts gears: revolutionising broadcasting with edge compute

The post Formula E shifts gears: revolutionising broadcasting with edge compute appeared first on TechInformed.

]]>
Formula E recently celebrated its tenth birthday, with the ‘green’ racing championship now bigger than ever.

Launched in 2014 as a sustainable alternative to Formula One, the single -seater race series sees 22 drivers representing 11 teams in 16 races across 10 global venues. According to the FIA, around 400 million people tune in to watch the electric cars race.

Like its Formula One cousin, there is a massive machine behind the motorsport, with staff moving an entire data centre and broadcast facility to a new venue every two weeks.

But unlike other major motorsports, Formula E isn’t raced inside stadiums or existing tracks like Silverstone. Instead, races take place in cities, or in parks, or conference centres, which may not be designed for a broadcasting behemoth.

“There is a culture within our organisation that we want to push the envelope,” explains Formula E vice president of technology Eric Ernst.

“Where we go is a parking lot or a grass field in the middle of nowhere, and we have to run a high availability data centre set-up quickly.

“That’s why we need to opt for technologies that guarantee reasonable service level agreements (SLAs) but can be flexible.”

Take the final race of Season 10 of Formula E, which was a double header for the championship. The FE team transformed London’s Excel Centre – normally home to global tech conferences and Comic Con – into a racetrack, fanzone, pit lane, and broadcasting hub. They had a week to carry out most of the turnaround.

One of the biggest challenges, Ernst explains, is setting up a private network in some locations would either be extremely complex, expensive, or have poor environmental outcomes. These considerations led Formula E to run all its broadcasting and connectivity across the public internet, as part of an agreement with Tata Communications.

Global IP backbone

 

Tata Group’s involvement in Formula E goes beyond its role as a communications partner, with Tata Consultancy Services – another division of the Indian conglomerate – also sponsoring Team Jaguar Racing’s car since 2021

Tata Communications – which is the telecoms division of the firm – is one of only a handful of global Tier 1 networks who together form the internet backbone we all use on a daily basis.

Tier 1 networks exchange traffic with each other on a settlement-free interconnection basis – ie no fees are paid for traffic in either direction. This has long been a key component of keeping the internet public, making it much more accessible.

Formula E’s cousin F1 uses a private network (also coincidentally provided by Tata) to provide broadcasting and connectivity services, linked back to its media and technology centre in Biggin Hill, London. But Formula E took a different road.

In February 2023, Tata Communications was unveiled as the official broadcast distribution provider to the Formula E World Championship in what it described as a “multi-year strategic relationship”.

The agreement sees Tata deliver high-definition, high-resolution and high-speed live broadcast content to viewers around the world as part of Formula E’s remote broadcast production of live races, reducing the environmental impact typical of major live international sports events on TV.

Tata’s software-defined media edge platform delivers more than 160 live video and audio signals from Formula E races across continents within milliseconds, using 26 media edge locations across North America, Europe and Asia.

Production takes place remotely – at the former home of the BBC in London -and it is all carried over the public internet.

Edge-of-the seat racing

 

Prior to onboarding Tata, Formula E was using what Ernst describes as a “legacy solution” involving more traditional forms of broadcasting – such as satellite – and connectivity.

“Before we came on board, the solution was being forced to fit with the sport,” explains Tata Communications vice president & global head, Media & Entertainment Business Dhaval Ponda.

“When we first started having conversations with Eric, our solution wasn’t as prevalent in the industry. We were quite fortunate because it takes the right sort of CTO to take a stand and adopt a future-proof solution.

“We loved the challenge of providing connectivity to Formula E and embarked on using public Internet leveraging edge-based distribution for video because FE required a unique solution.”

By this, he means Tata was tasked with providing connectivity that could be supplied almost anywhere, without laying specialised infrastructure such as fibre cables or private Wi-Fi networks.

“Tata was one of the few vendors offering a solution that could do everything needed and be deployed at this scale,” adds Ponda.

“Even now, when we talk with other organisations about our partnership, they are often surprised at the scale of what we deliver using public internet and edge-based delivery.”

Ernst agrees, saying that Tata’s global reach and experience of operating in multiple markets also makes it easier when accessing infrastructure. If they had picked another partner, they may have ended up using part of Tata’s network, or would have had to strike individual agreements with other organisations, and this is something Tata Com takes care of for Formula E.

“It was a no-brainer to cut out the middleman,” he adds. “The size of the network, the size of their partners that they have to distribute that last mile of Internet in a reliable way with monitoring with permits is pretty much unique in the market.

“And Tata is unlike any other partner – it is a communications company that has a massive technology company behind it, so we keep on pushing each other.”

Pitfalls in the pitlane

 

Enterprises will often turn to dark fibre or other private options for large scale connectivity, due to concerns around security, latency and performance. Traditionally, broadcast events would involve some kind of OB setup located on site.

And while there is a tech centre located on site, the editing is all done in London, so for Formula E and Tata, this is where edge computing plays a vital role.

By deploying 26 media edge locations across the US, Europe and Asia, Tata is able to carry out processing much closer to the action, allowing it to reduce latency when transferring from the 85 cameras deployed during a race.

Tata Communications says its media edge cloud is capable of enabling very low latency video processing from any venue using first-mile internet while processing and distributing the video signals to any platform globally with high availability.

Ponda explains: “In terms of cloud and edge deployment, we have a very rigorous way in which we choose the technology. A lot of the infrastructure we own ourselves  and that gives us a very unique sort of capability in terms of leveraging that.

“In terms of the infrastructure planning, design and architecture, we look at how it is deployed globally in a secure manner.

“Secondly, we look at the automation and tools around it. You cannot really operate in an environment where you have a lot of manual intervention because manual intervention is weak and you’re always a step back in terms of how quickly you’re able to fix it. So, a lot of focus goes into automating and we go through scenario analysis to test our network, to see what might break it.”

Finally, he points to teamwork as a key component. Tata is offering a managed service, and its team works closely with Formula E on delivering its platform, including a team on the ground available to assist during race day.

Ernst agrees, saying the two teams had formed a close bond while deploying Tata’s solution.

Regarding security, he explains: “Our biggest security concern is a framework of confidentiality, integrity and availability but, most importantly, the availability part.

“We have secured this with the redundant passes into that cloud network and we go to great lengths to communicate across the teams to make sure that we fully understand the diversity that these routes have.”

Keeping the wheels on

 

However, there can still be challenges, for example, when major incidents occur on the internet, such as the recent CrowdStrike outage.

“Those are risks you take when you go with this technology,” he admits. “But you’re not necessarily safeguarded if you use dark fibre either – it is a bit of a false economy because a lot of the security concerns happen at the application level now.”

Those applications, he adds, already come with buffers and encryption that offer a level of security irrespective of whether you are operating over a private or public network.

Ernst acknowledges this may not work for everyone. “If I worked in a different sport, with a different audience , maybe dark fibre is something I would throw into the mix. But for what we do, this solution is absolutely the best approach.”

Another key consideration – one that is at the heart of Formula E as an organisation – was to make sure its approach to any technology is as environmentally friendly as possible.

This was achieved by specially designed data centre equipment that can be shipped from location to location by freight with minimal footprint. And anything that can be done remotely helps to reduce the carbon footprint.

“For us, that is just day-to-day,” adds Ernst. “It is built into the ethos of this sport.”

The post Formula E shifts gears: revolutionising broadcasting with edge compute appeared first on TechInformed.

]]>
25266
Here today, Elon tomorrow: are advertisers abandoning X? https://techinformed.com/why-advertisers-are-boycotting-x-elon-musk-impact-2024/ Fri, 23 Aug 2024 09:52:18 +0000 https://techinformed.com/?p=25249 In October 2022, Elon Musk made headlines with his tumultuous $44 billion acquisition of Twitter  — far exceeding the platform’s valuation at the time. Nearly… Continue reading Here today, Elon tomorrow: are advertisers abandoning X?

The post Here today, Elon tomorrow: are advertisers abandoning X? appeared first on TechInformed.

]]>
In October 2022, Elon Musk made headlines with his tumultuous $44 billion acquisition of Twitter  — far exceeding the platform’s valuation at the time.

Nearly two years later, the social media firm, now rebranded as X, is embroiled in more controversy. It has reportedly experienced a 24% YOY decline in advertiser support in the first half of 2024.

What was once a bustling marketplace for brands is quickly becoming a vacuum, with companies withdrawing their advertising dollars, leaving X struggling to maintain its relevance and profitability.

Musk’s controversial policies and their impact on brand safety

 

Elon Musk’s acquisition of Twitter was far from a smooth transition. After initially agreeing to purchase the platform, Musk tried to back out of the deal, citing concerns over the prevalence of fake accounts.

However, the courts forced him to proceed with the purchase. Under Musk’s leadership, X has undergone significant changes — one of the most consequential being the platform’s approach to content moderation.

Musk’s decision to re-platform previously banned users, such as former US President Donald Trump and UK far-right activist Tommy Robinson, has raised concerns among advertisers about the safety and appropriateness of the content their ads might appear alongside.

Additionally, the decision to ban the word “cisgender” as hate speech has further fuelled the controversy, alienating certain user groups and advertisers alike.

Controversial content vs. ad revenue

 

The changes in X’s content moderation policies have profoundly impacted the platform’s ad revenue. Advertisers are increasingly wary of their brands appearing next to hate speech, offensive content, or misinformation.

Brenda Imeson, director of strategy at digital advertising firm Brave Bison, explains, "Clients are cautious about exposing their most valuable asset — their brand — to unnecessary risks."

"Musk's well-known scepticism towards the advertising sector, coupled with his penchant for sharing controversial content, left many marketers uneasy about the future of Twitter," she says.

According to a survey conducted by the Kantar Group, many advertisers cite a lack of innovation and trustworthiness as primary reasons for their departure.

The survey found that X's trust score has dropped from 28% in 2021 to just 16% in 2023.

This decline in trust reflects a net 14% of marketers planning to decrease their investment in X in 2024.

In contrast, platforms like TikTok and YouTube continue to attract advertising dollars. TikTok sees a net 77% of marketers planning to increase their budget for the platform in the coming year.

Changing demographics and advertising strategies

 

Karim Salama, director at e-innovate, highlights that the platform's instability under Musk's leadership has driven advertisers towards more reliable platforms like TikTok and Instagram.

"There's been a noticeable drop in user interaction, as well as controversial policy changes," Salama explains. "This unstable atmosphere for ROI drives advertisers towards platforms where they can expect consistent results."

X is predominantly used for news consumption, with 60.6% of users reporting utilising the platform to stay informed. However, the influx of "fake news" and misinformation on the app has likely contributed to its decline in popularity.

Moreover, X's user demographics present another challenge. The platform's audience is 61.2% male. In contrast, platforms like Instagram and LinkedIn have a more balanced gender distribution, which may make them more attractive to advertisers looking to reach a diverse audience.

Additionally, X's younger user base, with 58.38% of users between 18 and 34, may have a higher propensity for platforms like TikTok and Instagram, which, according to Kantar's survey, are perceived as more innovative and trustworthy.

Salama explains, "TikTok and Instagram are far more appealing — younger audiences thrive on platforms that promote genuine storytelling and community connections. This just doesn't exist on Twitter.

"Twitter's text-driven nature is outdated for today's consumer — advertisers will instead redirect their campaigns to TikTok to take advantage of its organic reach potential."

GARMS's dissolution: legal battles and their broader implications

 

GARM, a voluntary initiative created in response to high-profile cases of harmful content next to brand ads, was crucial in ensuring safe and responsible ad placements.

However, GARM recently found itself in a legal battle with X after advising businesses to reconsider advertising on the platform due to concerns over brand safety.

X responded by suing GARM, accusing the organisation of colluding with businesses "to collectively withhold billions of dollars in advertising from Twitter".

GARM has over 100 members. Four of which — CVS, Unilever, Mars and the Danish energy company Ørsted — were named defendants in the suit filed in federal court in Texas.

In a statement on its website, GARM announced, "Recent allegations that unfortunately misconstrue its purpose and activities have caused a distraction and significantly drained its resources and finances. WFA [World Federation of Advertisers], therefore, is making the difficult decision to discontinue GARM activities."

As Sarah Aird-Mash, CMO of Adludio, notes, "GARM used the ad collective might to rally against questionable activity, and its absence raises concerns about the future of brand safety in digital advertising."

The future of brand safety without GARM

 

Peter Ibarra, head of media and AdTech solutions at Amperity, adds that the dissolution of GARM marks a turning point for advertisers. "The proliferation of advertising channels makes it difficult for advertisers to know where to make the next investment," he says.

"The recent lawsuit by X leading to GARM's dissolution signals a new era where unwavering platform allegiance is no longer a reality."

This isn't the first such legal battle for X. Last year, X sued the Center for Countering Digital Hate, another non-profit, when it wrote about hate speech on the platform and blamed it for driving away advertisers.

The case was thrown out by a federal judge in March, claiming it was an attempt to punish CCDH for protected speech.

In November last year, X also began litigation against Media Matters, a watchdog group that highlighted antisemitic and pro-Nazi content appearing next to ads on X. The case is set to go to trial next April.

The tweetings on the wall

 

Gonca Bubani, global thought leadership director at Kantar, emphasised the broader implications of X's decline, noting that "marketer sentiment around X has been continuously declining."

Bubani pointed out that while X's decline began before Musk's takeover, the current social and political climate has exacerbated the platform's troubles. "Musk's politicisation of the platform is adding fuel to the fire, which will have an impact.

"What's clear is that the decline in spend isn't only coming from the direction institutions like GARM give the industry."

Advertisers are not just concerned with brand safety; they are also wary of the platform's declining performance.

Mark Bellamy, strategy director at NewGen, emphasises that the reduced power of user acquisition on X is not solely due to Musk's controversial remarks. "The increasing power to hold attention through short video on TikTok, Instagram, and YouTube has also pushed brands to look elsewhere for ROI as much as peace of mind," Bellamy explains.

"The love for a product or a brand's personality from existing fans hasn't waned on X, even if the ability to find a new audience has due to the reduced number of users going there for discovery purposes. But this reduced power of acquisition on X is a pre-Elon trend."

Data-driven strategies for optimising ad campaigns

 

As advertisers navigate this changing landscape, many turn to data-driven strategies to optimise their campaigns in real time.

Peter Ibarra underscores the importance of first-party data and advanced analytics in this context: "By using the power of first-party data and advanced analytics, brands are not just adapting to change — they're proactively shaping their advertising future.

"This data-driven agility allows for rapid pivots across media channels, ensuring optimal returns on ad spend by fostering deeper, more personalised customer connections."

Interestingly, despite the exodus of advertisers, user engagement on X has remained relatively stable, with users reportedly spending an average of 30.9 minutes daily on the platform.

However, this increased engagement has yet to translate into advertiser confidence.

User engagement vs. advertiser confidence on X

 

Brenda Imeson points out that "the perception of the platform as a high-risk environment for brands has driven advertisers away, highlighting a critical disconnect between user engagement and advertiser confidence."

"With GARM's shutdown, advertisers are once again facing uncertainty regarding the safety of their ad placements," she says.

"In the short term, this uncertainty is likely to lead advertisers to stick with media partners and platforms where they have built trust over the past few years. The marketing community views this shift not as a "boycott," as X might perceive it, but rather as the exercise of "freedom of choice."

While the platform still enjoys user engagement, the disconnect between users and advertisers suggests that X may struggle to regain its position as a leading social media platform for advertisers.

Ironically, advertisers leaving X could see consumer patterns change in the other direction — after all, most social media users are deterred by a greater number of ads.

 

We reached out to GARM for comment, but they have not yet responded at the time of publication.

The post Here today, Elon tomorrow: are advertisers abandoning X? appeared first on TechInformed.

]]>
25249