Countering ransomware – it’s time to patch the human

Ransomware relies on human fallibility crypto-ransomware, malware that extorts money from victims by encrypting their files and systems until they pay a ransom, has been much in the news since WannaCry hobbled IT systems around the world last month. While much was made of the fact that WannaCry spread through networks by exploiting SMBv1 vulnerabilities in unsupported Windows systems (such as Windows XP, Windows 8 and Windows Server 2003), it is unusual for ransomware to self-replicate in the way WannaCry did.

Often, ransomware, in common with most other forms of malware, is spread by drive-by downloads or phishing campaigns, both of which exploit human error. So, even if you use robust anti-virus and anti-malware solutions, conduct regular penetration tests and ensure you keep your systems up to date and install the latest patches, your system could still be compromised thanks to a careless employee.

According to a 2016 report by SentinelOne:

  • 39% of organisations in the UK were hit by ransomware in the previous year
    • 72% of those infections were attributable to phishing
    • 38% were attributable to drive-by downloads from compromised websites

People are frequently acknowledged as the weakest link in any security system. But with better levels of staff knowledge, companies are more secure as you can, in effect, ‘patch’ your employees. Therefore, a best-practice approach to information security such as an ISO 27001 compliant ISMS (Information Security Management System), follows a holistic approach that addresses people as well as processes and technology.

Amicus ITS takes security seriously.  “We say security is part of our DNA here” advises  JP Norman, Director of Technology, Security & Governance, “and I consistently refer to the importance of “the squishy bits” (ie. the people) in IT management.  You can deploy the best systems and infrastructure money can buy –  but you have to ensure your people are trained too.”

G-Cloud 9 – official Crown Commercial Supplier status awarded to Amicus ITS

Amicus ITS is delighted to confirm that it has been granted ‘Official Supplier’ status on the Government’s Digital Marketplace cloud services framework. This offers buyers a host of transparent, commoditised managed cloud services on G-Cloud 9, the latest Government procurement platform for technology services for the public sector, healthcare bodies, agencies and arm’s length organisations.

To check out what services you can get through Amicus ITS on G-Cloud 9, follow these simple steps to get our full service details:

1. Go to https://www.digitalmarketplace.service.gov.uk
2. Look under the heading ‘Find cloud hosting, software and support’.
3. Click on Cloud support or Cloud hosting
4. Enter one of the service descriptions below in the Keywords box (eg. NOC).
5. Amicus ITS’ services will be found on the first page of your search for each.

• Cloud hosting – Enterprise Compute Cloud
• Cloud support – Service Desk
• Cloud support – Network Operations Centre (NOC)
• Cloud support – SQL for Public Sector
• Cloud support – Security Operations Centre (SOC)
• Cloud support – Backup and Disaster Recovery

Alternatively to speed up navigation to Amicus ITS, if you type in ‘Amicus ITS’ in Cloud support, this will pull through all five services listed in that Lot.

Sales Director Les Keen commented:  “I am delighted to announce that we have been awarded official ‘Crown Commercial Supplier’ status by the CCS.  We have a thirty year heritage as a leading MSP and a fine pedigree of security accreditations which puts us in a compelling position as data guardians to offer specialist cloud and managed services to wider public sector organisations, healthcare and government departments. 

Being on G-cloud 9 will offer the rightful assurance and transparency that public service buyers demand and we have a highly experienced team here to guide everyone through the process. 

Indeed, early indications are already proving positive, with my team having fielded a number of enquiries from public bodies in the first 72 hours since our services went live.  We are here to help, so do contact us”.

The Government’s handy Buyer’s Guide to be found at:  https://www.gov.uk/guidance/g-cloud-buyers-guide.
Anyone wanting further information can contact any member of our G-Cloud 9 bid team on +44 02380 429429 or you can email us at:  bidteam@amicusits.co.uk