Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT Infrastructure. Show all posts
London
critical infrastructure cybersecurity Cyber Attacks Cyber incidents cybersecurity concerns Cybersecurity Threats IT Infrastructure London

London Councils Hit by Cyberattacks Disrupting Public Services and Raising Security Concerns

 

Multiple local authorities across London have been hit by cyber incidents affecting operations and public services, according to reports emerging overnight. The attacks have disrupted essential council functions, including communication systems and digital access, prompting heightened concern among officials and cybersecurity experts. 

Initial reporting from the BBC confirmed that several councils experienced operational setbacks due to the attack. Hackney Council elevated its cybersecurity alert level to the highest classification, while Westminster City Council acknowledged challenges with public contact systems. The Royal Borough of Kensington and Chelsea also confirmed an active investigation into the breach. Internal messages seen by the Local Democracy Reporting Service reportedly advised employees to follow emergency cybersecurity protocols and noted that at least one affected council temporarily shut down its networks to prevent further compromise. 

In a public statement, Kensington and Chelsea Council confirmed the incident and stated that it was working alongside cybersecurity consultants and the U.K. National Cyber Security Centre to secure systems and restore functionality. The council also confirmed that it shares certain IT infrastructure with Westminster City Council, and both organisations are coordinating their response. However, Hackney Council later clarified that it was not impacted by this specific incident, describing reports linking it to the breach as inaccurate. 

The council stated that its systems remain operational and emphasised that staff have been reminded of ongoing data protection responsibilities. Mayor of London Sadiq Khan commented that cybercriminals are increasingly targeting public-sector systems and stressed the importance of improving resilience across government infrastructure. Security specialists have also issued warnings following the incident. Dray Agha, senior director of security operations at Huntress, described the attack as a stark example of the risks associated with shared government IT frameworks. Agha argued that while shared digital systems may be cost-efficient, they can significantly increase exposure if an attacker gains access to one connected organisation. 

Rebecca Moody, head of data research at Comparitech, said the disruption aligns with common indicators of ransomware activity, noting both operational outages and possible data exposure. She added that government bodies remain among the most frequent targets of cyber extortion, with global data showing 174 confirmed attacks on government institutions so far in 2025, affecting more than 780,000 records and averaging ransom demands of roughly $2.5 million. Ian Nicholson, head of incident response at Pentest People, warned that the consequences extend beyond system outages. 

Councils hold highly sensitive and regulated personal information, he noted, and cyber incidents affecting the public sector can directly impact citizen-facing services, particularly those tied to social care and emergency support. As investigations continue, affected authorities have stated that their primary focus remains on safeguarding resident data, restoring services, and preventing further disruption.
Read more »
VDI
application delivery models cloud desktops DaaS IT Infrastructure local applications saaS Technology VDI

How Modern Application Delivery Models Are Evolving: Local Apps, VDI, SaaS, and DaaS Explained

 

Since the early 1990s, the methods used to deliver applications and data have been in constant transition. Today, IT teams must navigate a wider range of options—and a greater level of complexity—than ever before. Because applications are deployed in different ways for different needs, most organizations now rely on more than one model at a time. To plan future investments effectively, it’s important to understand how local applications, Virtual Desktop Infrastructure (VDI), Software-as-a-Service (SaaS), and Desktop-as-a-Service (DaaS) complement each other.

Local Applications

Local applications are installed directly on a user’s device, a model that dominated the 1990s and remains widely used. Their biggest advantage is reliability: apps are always accessible, customizable, and available wherever the device goes.

However, maintaining these distributed installations can be challenging. Updates must be rolled out across multiple endpoints, often leading to inconsistency. Performance may also fluctuate if these apps depend on remote databases or storage resources. Security adds another layer of complexity, as corporate data must move to the device, increasing the risk of exposure and demanding strong endpoint protection.

Virtual Desktop Infrastructure (VDI)

VDI centralizes desktops and applications in a controlled environment—whether hosted on-premises or in private or public clouds. Users interact with the system through transmitted screen updates and input signals, while the data itself stays securely in one place.

This centralization simplifies updates, strengthens security, and ensures more predictable performance by keeping applications near their data sources. On the other hand, VDI requires uninterrupted connectivity and often demands specialized expertise to manage. As a result, many organizations supplement VDI with other delivery models instead of depending on it alone.

Software-as-a-Service (SaaS)

SaaS delivers software through a browser, eliminating the need for local installation or maintenance. Providers apply updates automatically, keeping applications “evergreen” for subscribers. This reduces operational overhead for IT teams and allows vendors to release features quickly.

But the subscription-based model also means customers don’t own the software—access ends when payments stop. Transitioning to a different provider can be difficult, especially when exporting data in a usable form. SaaS can also introduce familiar endpoint challenges, as user devices still interact directly with data.

The model’s rapid growth is evident. According to the Parallels Cloud Survey 2025, 80% of respondents say at least a quarter of their applications run as SaaS, with many reporting significantly higher adoption.

Desktop-as-a-Service (DaaS)

DaaS extends the SaaS model by delivering entire desktops through a managed service. Organizations access virtual desktops much like VDI but without overseeing the underlying infrastructure.

This reduces complexity while providing consolidated management, stable performance, and strong security. DaaS is especially useful when organizations need to scale quickly to support new teams or projects. However, like SaaS, DaaS is subscription-based, and the service stops if payments lapse. The model works best with standardized desktop environments—heavy customization can add complexity.

Another key consideration is data location. If desktops move to DaaS while critical applications or data remain elsewhere, users may face performance issues. Aligning desktops with the data they rely on is essential.

A Multi-Model Reality

Most organizations no longer rely on a single delivery method. They use local apps where necessary, VDI for tighter control, SaaS for streamlined access, and DaaS for scalability.

The Parallels survey highlights this blend: 85% of organizations use SaaS, but only 2% rely on it exclusively. Many combine SaaS with VDI or DaaS. Additionally, 86% of IT leaders say they are considering or planning to shift some workloads away from the public cloud, reflecting the complexity of modern delivery decisions.

What IT Leaders Need to Consider

When determining how these models fit together, organizations must assess:

Security & Compliance: Highly regulated sectors may prefer VDI for data control, while SaaS and DaaS providers offer certifications that may not apply universally.

Operational Expertise: VDI demands specialized skills; companies lacking them may adopt DaaS. SaaS’s isolated data structures may require additional tools or expertise.

Scalability & Agility: SaaS and DaaS typically allow faster expansion, though cloud-based VDI is narrowing this gap.

Geographical Factors: User locations, latency requirements, and regional data regulations influence which model performs best.

Cost Structure: VDI often requires upfront investments, while SaaS and DaaS distribute costs over time. Both direct and hidden operational costs must be evaluated.

Each application delivery model offers distinct benefits: local apps provide control, VDI enhances security, SaaS simplifies operations, and DaaS supports flexibility. Most organizations will continue using a combination of these approaches.

The optimal strategy aligns each model with the workloads it supports best, prioritizes security and compliance, and maintains adaptability for future needs. With clear objectives and thoughtful planning, IT leaders can deliver secure, high-performing access today while staying ready for whatever comes next.


Read more »
Ransomwares
Automobile Industry Cyber Attacks cybersecurity concerns Data Breaches data security IT Infrastructure Jaguar Land Rover Jaguar Land Rover Cybersecurity Breach disrupts Production Ransomwares

Jaguar Land Rover Cyberattack Breaches Data and Halts Global Production

Jaguar Land Rover (JLR), the UK’s largest automaker and a subsidiary of Tata Motors, has confirmed that the recent cyberattack on its systems has not only disrupted global operations but also resulted in a data breach. The company revealed during its ongoing investigation that sensitive information had been compromised, although it has not yet specified whether the data belonged to customers, suppliers, or employees. JLR stated that it will directly contact anyone impacted once the scope of the breach is confirmed. 

The incident has forced JLR to shut down its IT systems across the globe in an effort to contain the ransomware attack. Production has been halted at its Midlands and Merseyside factories in the UK, with workers told they cannot return until at least next week. Other plants outside the UK have also been affected, with some industry insiders warning that it could take weeks before operations return to normal. The disruption has spilled over to suppliers and retailers, some of whom are unable to access databases used for registering vehicles or sourcing spare parts. 

The automaker has reported the breach to all relevant authorities, including the UK’s Information Commissioner’s Office. A JLR spokesperson emphasized that third-party cybersecurity experts are assisting in forensic investigations and recovery efforts, while the company works “around the clock” to restore services safely. The spokesperson also apologized for the ongoing disruption and reiterated JLR’s commitment to transparency as the inquiry continues. 

Financial pressure is mounting as the costs of the prolonged shutdown escalate. Shares of Tata Motors dropped 0.9% in Mumbai following the disclosure, reflecting investor concerns about the impact on the company’s bottom line. The disruption comes at a challenging time for JLR, which is already dealing with falling profits and delays in the launch of new electric vehicle models. 

The attack appears to be part of a growing trend of aggressive cyber campaigns targeting global corporations. A group of English-speaking hackers, linked to previously documented attacks on retailers such as Marks & Spencer, has claimed responsibility for the JLR breach. Screenshots allegedly showing the company’s internal IT systems were posted on a Telegram channel associated with hacker groups including Scattered Spider, Lapsus$, and ShinyHunters. 

Cybersecurity analysts warn that the automotive industry is becoming a prime target due to its reliance on connected systems and critical supply chains. Attacks of this scale not only threaten operations but also risk exposing valuable intellectual property and sensitive personal data. As JLR races to restore its systems, the incident underscores the urgent need for stronger resilience measures in the sector.
Read more »
Websites
cyber threat CyberCrime Cybersecurity Digital Slavery Global Network Ingram Micro IT Infrastructure Ransomware Attach Websites

Ingram Micro Faces Major Outage Following Ransomware Incident


 

An assault on Ingram Micro's global network started on July 3, which crippled parts of the company's global network as well as disrupted its ordering portals and customer service channels. Ingram Micro is currently restoring critical systems. 

It became evident that the disruption was caused first when clients were suddenly unable to place orders or communicate with account teams via standard telephone lines, particularly resellers and managed service providers that rely heavily on the distributor's platforms. 

A wide array of regional websites became unavailable as a consequence of the outage, which forced them into maintenance mode landing pages that offered only minimal contact information for sales and technical support, emphasising the extent of the damage and how urgent it was to get them back online. 

A ransomware attack that began on July 3 triggered widespread disruptions across Ingram Micro's global infrastructure, severely affecting the ability of company to support its partners and customers. As a first sign of trouble, customers began experiencing difficulties placing orders and getting in touch with account representatives through standard communication channels, especially resellers and managed service providers, which comprise a substantial portion of the company's customer base. 

After a series of disruptions, the company decided to redirect traffic to temporary maintenance pages that contained only basic contact information for sales and support teams, as traffic to its regional websites had quickly escalated. While it was necessary to move, this move highlighted the extent of the problem and the limited availability of core services. As one of the world's largest IT distributors, Ingram Micro relied heavily on interconnected digital systems, and the impact was far-reaching, affecting partners throughout multiple countries. 

Since then, the company has worked tirelessly to restore its systems, focusing on service restoration as well as launching an investigation into the nature and extent of the breach. Ingram Micro is a global leader in business-to-business technology distribution and service providers, recognised as one of the most important and reliable technology service providers globally. 

As a leading provider of comprehensive IT solutions encompassing hardware, software, cloud computing, logistics, and professional training, Ingram Micro plays a crucial role in the IT supply chain. As a key enabler of digital infrastructure for organisations around the world, the company serves a vast network of resellers, system integrators, and managed service providers. 

It has been unresponsive since Thursday, including its official website, online ordering systems, and support systems, leading to a significant operational disruption for customers who use its digital platforms to access inventory in real-time, place orders, and receive support. Despite the fact that Ingram Micro did not publicly disclose the cause of the outage, the sustained downtime has raised concerns across the entire technology distribution ecosystem as the sustained outage has raised increasing concern. 

The incident has not only hampered the company's day-to-day operations but has also rippled across supply chains and service delivery for its clients and partners, due to the company's integral position in the global IT channel. When the cyberattack began on Thursday, it quickly took Ingram Micro's primary website, as well as significant parts of the global network infrastructure, offline and inoperable.

Late Saturday night, the company released a brief public statement acknowledging the incident, informing customers of its intent to restore systems as quickly as possible to resume order processing and core operations. Before the opening of the financial markets in the United States on Monday, Ingram Micro formally notified its shareholders regarding the breach, indicating that there may be a negative impact on the business continuity and the interest of investors. 

As a result of the timing of this outage, coincidental with the approaching long holiday weekend, it immediately triggered immediate concern, especially since ransomware attacks on high-profile organisations are becoming increasingly common during times of diminished staffing and increased vulnerability. 

With headquarters in California, Ingram Micro holds a prominent position as one of the largest distributors of hardware, software, and information technology solutions in the global technology supply chain, with several products on offer. As well as providing distribution services, the company is also a managed service provider (MSP), offering cloud management and outsourced IT services to a wide range of corporate clients, particularly small and mid-sized organisations. 

A significant portion of the outage has extended beyond logistical and e-commerce functions, with reports indicating that software licensing processes have also been disrupted as a result of the outage. Ingram Micro's backend systems have been compromised by this attack, which has made it more difficult for many customers to provision or access certain digital products which are dependent on them. It has also impacted the company's service ecosystem on multiple levels.

On Saturday evening, Ingram Micro released an official statement confirming that a ransomware attack caused the service outage that had gone on for almost 48 hours, validating the concerns expressed by the company's global customer base. In parallel with the public disclosure of the incident, the company also filed a Form 8-K with the Securities and Exchange Commission, which indicated that the incident was likely to have a significant impact on the company's operations and materiality. 

There is no doubt that this formal regulatory filing emphasises the seriousness of the attack and shows how the company is expected to maintain transparency with its stakeholders, investors, and regulators in the aftermath of a cybersecurity breach of this magnitude, as well as the seriousness of the incident. According to industry analysts, Ingram Micro's handling of the incident highlights just how critical it is to communicate rapidly, transparently, and coordinatedly during large-scale cyber crises of any scale. 

A cascading effect has been caused across the entire global IT supply chain as core systems have been severed from vendors and clients as a result of the attack, even though it is still unclear how much damage has been caused. It is not just apparent that interconnected ecosystems can be operationally vulnerable, but the incident also serves to underscore the importance of cybersecurity resilience in the digital age in terms of strategic importance. 

"Neil Shah, Vice President at Counterpoint Research, stated that the attack exposed vulnerabilities in a broader IT value chain, particularly due to the central role Ingram Micro plays in channel operations. As a consequence of this event, Ingram's IT infrastructure was disabled, preventing access to its partners as well as its clients from being able to work. 

Consequently, Shah explained to me that this caused significant delays in processing and fulfilment, as well as the potential exposure to sensitive customer information, such as pricing structures and data related to channel partnerships,” he explained. As well, Greyhound Research's Chief Analyst and CEO, Vir Gogia, echoed these concerns by stating that cyberattacks targeting IT distributors can directly hinder the agility of global supply chains. 

If fulfilment platforms fail, a ripple effect takes place: enterprise buyers are left with backlogs and shipment delays, OEMs lose insight into downstream demand, resellers are unable to meet customer service level agreements (SLAs), and enterprise procurement teams are forced to defer capital recognition. According to the author, the consequences of centralised procurement models are especially acute in industries and regions with large-scale retail, government, and telecommunications. 

A renewed interest has also been drawn to the systemic risks associated with cloud-based infrastructures as a result of the incident. As today's supply chains rely heavily on cloud-based logistics, vendor-client management systems, and real-time data visibility, the breach at Ingram Micro highlights one of the biggest vulnerabilities in today's cloud-centric IT ecosystems. 

Besides halting the company's global operations, Ingram Micro was also disrupted by the ransomware attack, disrupting the flow of billions of dollars worth of channel transactions, which forced resellers and enterprise customers to seek alternative sources for procurement. As a result of this sudden shift in purchase behaviour, business continuity across the supply chain was severely compromised, and Ingram Micro's reputation for operational reliability and efficiency for logistical reasons was temporarily eroded. 

Industry analysts have cautioned that the incident might result in revenue deferrals, contract fulfilment delays, and possible penalties due to breaches of service-level agreements (SLAs). Several experts, however, have also pointed out that the timely disclosure of the company's issues and the coordination of remediation efforts have played a crucial role in reducing the reputational and financial consequences for the company in the long run. 

In light of this incident, the entire industry has been jolted awake, reinforcing the urgency for robust cybersecurity preparedness and agile response frameworks. During Ingram Micro's experience with the SafePay ransomware variant, it was clear that maintaining a secure and modern IT infrastructure, including security patches updated to the latest version, optimised system configurations and constant threat monitoring protocols, was imperative. 

There has been a great deal of learning from this breach, such as the importance of clear, fast communication, both internally among operational teams as well as externally to partners, clients, and regulatory authorities. Through the company's response strategy, which involved a thorough investigation and a structured recovery process, actionable insights have been gained that can be applied to enhancing cybersecurity resilience. 

In the future, this event is expected to help shape future risk management practices by emphasising the importance of being proactive and preventative in defending against cyber threats that are evolving. In the wake of the Ingram Micro ransomware attack, the broader IT industry has to reexamine and strengthen its cyber preparedness posture as soon as possible in order to recover from the incident. 

The resilience of technology supply chains depends on more than just operational efficiency, as digital infrastructure increasingly intertwines with global commerce. They must also have a strong cyber foundation in place to protect them. Organisations, particularly large-scale distributors, service providers, and vendors, need to prioritise developing incident response frameworks that are both agile and deeply integrated into business continuity plans to stay on top of cyber threats. 

The organization must adopt zero-trust architectures, run regular threat simulations, ensure system visibility in real-time, and establish clear escalation protocols with technical, legal, and communications teams simultaneously, in order to ensure real-time system visibility. Enhanced vendor risk management, third-party audits, and contingency procurement strategies should no longer be optional safeguards, but rather become a standard part of operations. 

The Ingram Micro incident has highlighted the vulnerabilities inherent in today’s cloud-reliant ecosystems; moving forward, we need to focus on proactive cyber resilience not just as a precautionary measure, but as a vital part of ensuring trust, continuity, and competitive viability in a digital economy that is increasingly dependent on cloud technologies.
Read more »
IT Infrastructure
ALPHV Change Healthcare Cyber Attacks CyberCrime Cybersecurity cybersecurity in healthcare CyberThreat data security EHRs IT Infrastructure

Weak Links in Healthcare Infrastructure Fuel Cyberattacks

 


Increasingly, cybercriminals are exploiting systemic vulnerabilities in order to target the healthcare sector as one of the most frequently attacked and vulnerable targets in modern cybersecurity, with attacks growing both in volume and sophistication. These risks go well beyond the theft of personal information - they directly threaten the integrity and confidentiality of critical medical services and patient records, as well as the stability of healthcare operations as a whole. 

There has been an increase in threat actors targeting hospitals and medical institutions due to the outdated infrastructure and limited cybersecurity resources they often have. Threat actors are targeting these organisations to exploit sensitive health information and disrupt healthcare delivery for financial or political gain. The alarming trend reveals that there is an urgent and critical security issue looming within the healthcare industry that needs to be addressed immediately. 

Such breaches have the potential to have catastrophic consequences, from halting life-saving treatments due to system failures to eroding patients' trust in healthcare providers. Considering the rapid pace at which the digital transformation is taking place in healthcare, it is important that the sector remains committed to robust cybersecurity strategies so as to safeguard the welfare of its patients and ensure the resilience of essential medical services in the future. 

BlackCat, also referred to as ALPHV, is at the centre of a recent significant cybersecurity incident. In recent months, it has gained prominence as a highly organised, sophisticated ransomware group that has been linked to the high-profile attack on Change Healthcare. As a result of the infiltration of the organisation's IT infrastructure and the theft of highly sensitive healthcare data by the group, the group has claimed responsibility for obtaining six terabytes of data.

As a result of this breach, not only did it send shockwaves throughout the healthcare sector, but it also highlighted the devastating power of modern ransomware when targeting critical systems. It has been reported that the attack was triggered by known vulnerabilities in ConnectWise's ScreenConnect remote access application, a tool that is frequently employed in many industries, including healthcare, as a remote access tool. 

Having this connection has given rise to more concern about the broader cybersecurity risks posed by third-party vendors as well as software providers, showing that even if one compromised application is compromised, it can lead to widespread data theft and operational disruption as a result. This incident has served as a stark reminder that digital ecosystems in healthcare are fragile and interconnected, with a breach in one component leading to cascading effects across the entire healthcare service network. 

There is a growing concern in the healthcare sector that, as investigations continue and new details emerge, healthcare providers are still on high alert, coping with the aftermath of the attack as well as the imperative necessity of strengthening their defensive infrastructure in order to prevent similar intrusions in the future. As one of the most frequently targeted sectors of the economy by cybercriminals, healthcare continues to be one of the most highly sensitive data centres in the world. 

It is important to note that even though industry leaders often fail to rank cybersecurity as one of their top challenges, Mike Fuhrman, CEO of Omega Systems, pointed out that despite this growing concern, there are already significant consequences resulting from insufficient cyber risk management, including putting patient safety at risk, disrupting care delivery, and making compliance with regulations even more difficult. Even though perceived priorities are not aligned with actual vulnerabilities, this misalignment poses an increasing and significant risk for the entire healthcare system. 

Fuhrman stressed the necessity of improving visibility into security threats and organisational readiness, as well as increasing cybersecurity resources, to bridge this gap. As long as healthcare organisations fail to take proactive and comprehensive steps to ensure cyber resilience, they may continue to experience setbacks that are both detrimental to operational continuity as well as eroding public trust, as well as putting patient safety at risk. 

As cybersecurity has become more and more important to the leadership, it has never been more important to elevate it from a back-office issue to an imperative. As a result of the growing number of cyberattacks targeting the healthcare sector in the past few years, the scale and frequency of these attacks have reached alarming levels.

According to the Office for Civil Rights (OCR), the number of security breaches reported by the healthcare industry between 2018 and 2023 has increased by a staggering 239%. Over the same period, there was a 278% increase in ransomware incidents, which suggests that cybercriminals are increasingly looking for disruptive, extortion-based attacks against healthcare providers as a means of extorting money. 

There is a likelihood that nearly 67% of healthcare organisations will have been attacked by ransomware at some point shortly, which indicates that such threats are no longer isolated events but rather a persistent and widespread threat. According to experts within the health care industry, one of the primary contributing factors to this vulnerability is the lack of preparedness at all levels. In fact, 37% of healthcare organisations do not have an incident response plan in place, leaving them dangerously vulnerable to ever-evolving cyberattacks. 

Health care institutions are appealing to malicious actors because they manage a huge amount of valuable data. Cybercriminals and even nation-state threat actors are gaining an increasing level of interest in electronic health records (EHRs), which contain comprehensive information about patient health, financial health, and medical history.

As a result of outdated cybersecurity protocols, legacy IT infrastructure, and operational pressures of high-stress environments, these records are frequently inadequately protected due to the likelihood that human error will occur more often. These factors together create an ideal storm for exploitation, making the healthcare industry a very vulnerable and frequently targeted industry in today's digital threat landscape.

Despite the growing frequency and complexity of cyberattacks, healthcare organisations face a critical crossroads as 2025 unfolds. Patient safety, data security, and regulatory compliance all intersect at the same time, resulting in a crucial crossroads more than ever before. Enhancing cyber resilience has become a strategic priority and a fundamental requirement, not just a strategic priority. 

Healthcare institutions must proactively adopt forward-looking security practices and technologies to secure sensitive patient data and ensure continuous care delivery. As a key trend influencing the healthcare cybersecurity landscape, zero-trust architectures are a growing trend that challenges traditional security models by requiring all users and devices to be verified before they are allowed access. 

In a hyperconnected digital environment where cyber threats exploit even the most subtle of system weaknesses, a model such as this is becoming increasingly important. IoT devices are becoming increasingly popular, and many of them were not originally designed with cybersecurity in mind, so we must secure them as soon as possible. Providing robust protections for these devices will be crucial if we are to reduce the attack surfaces of these devices. 

AI has been rapidly integrated into healthcare, and it has brought new benefits as well as new vulnerabilities to the healthcare sector. In order for organisations to meet emerging risks and ensure a responsible deployment, they must now develop AI-specific safety frameworks. Meanwhile, the challenge of dealing with technological sprawl, an increasingly fragmented IT environment with disparate security tools, calls for a more unified, centralised cybersecurity management approach.

A good way to prepare for 2025 is to install core security measures like multi-factor authentication, strong firewalls, and data backups, as well as advanced measures like endpoint detection and response (EDR), segmentation of the network, and real-time AI threat monitoring. In addition to strengthening third-party risk management, it will also be imperative to adhere to global compliance standards like HIPAA and GDPR.

There is only one way to protect both healthcare infrastructure and the lives that are dependent on it in this ever-evolving threat landscape, and that is by implementing a comprehensive, proactive, and adaptive cybersecurity strategy. Healthcare organisations must take proactive measures rather than reactive measures and adopt a forward-looking mindset so they can successfully navigate the increasing cybersecurity storm. 

Embedding cybersecurity into healthcare operations' DNA is the path to ensuring patient safety, operational resilience, and institutional trust in healthcare organisations, not treating it as a standalone IT concern, but as a critical pillar of patient safety, operational resilience, and institutional trust in healthcare organisations.

To achieve this, leadership must take the initiative to champion security from the boardroom level, integrate threat intelligence into strategic planning, and invest in people and technology that will be able to anticipate, detect, and neutralise emerging threats before they become a major issue. As part of the process of fostering cyber maturity, it is also essential to cultivate a culture of shared responsibility among all stakeholders, ranging from clinicians to administrative personnel to third-party vendors, who understand the importance of keeping data and systems secure. 

Training on cybersecurity hygiene, cross-functional collaboration, and continuous vulnerability assessment must become standard operating procedures in the healthcare industry. As attackers become more sophisticated and bold, the costs of inaction do not stop at regulatory fines or reputational damage. Rather, inaction may mean interruptions of care, delays in treatments, and the risk to human life. 

Only organisations that recognise cybersecurity as a strategic imperative will be in the best position to deliver uninterrupted, trustworthy, and secure care in an age when digital transformation is accelerating. This is a sector that is built on the pillars of trust, a sector that offers life-saving services, which does not allow for room for compromise. They have to act decisively, investing today in the defensive measures that will ensure the future of their industry.
Read more »
Software
API security Broward Data Breach Cloud based services Cyber Security CyberCrime CyberThreat Encoding IT Infrastructure Malicious actor Operators saaS Software

Securing the SaaS Browser Experience Through Proactive Measures

 


Increasingly, organisations are using cloud-based technologies, which has led to the rise of the importance of security concerns surrounding Software as a Service (SaaS) platforms. It is the concept of SaaS security to ensure that applications and sensitive data that are delivered over the Internet instead of being installed locally are secure. SaaS security encompasses frameworks, tools, and operational protocols that are specifically designed to safeguard data and applications. 

Cloud-based SaaS applications are more accessible than traditional on-premise software and also more susceptible to a unique set of security challenges, since they are built entirely in cloud environments, making them more vulnerable to security threats that are unique to them. 

There are a number of challenges associated with business continuity and data integrity, including unauthorized access to systems, data breaches, account hijacking, misconfigurations, and regulatory compliance issues. 

In order to mitigate these risks, robust security strategies for SaaS platforms must utilize multiple layers of protection. They usually involve a secure authentication mechanism, role-based access controls, real-time threat detection, the encoding of data at rest and in transit, as well as continual vulnerability assessments. In addition to technical measures, SaaS security also depends on clear governance policies as well as a clear understanding of shared responsibilities between clients and service providers. 

The implementation of comprehensive and adaptive security practices allows organizations to effectively mitigate threats and maintain trust in their cloud-based operations by ensuring that they remain safe. It is crucial for organizations to understand how responsibility evolves across a variety of cloud service models in order to secure modern digital environments. 

As an organization with an on-premises setup, it is possible to fully control, manage, and comply with all aspects of its IT infrastructure, ranging from physical hardware and storage to software, applications, data, and compliance with regulatory regulations. As enterprises move to Infrastructure as a Service (IaaS) models such as Microsoft Azure or Amazon Web Services (AWS), this responsibility begins to shift. Security, maintenance, and governance fall squarely on the IT team. 

Whenever such configurations are used, the cloud provider provides the foundational infrastructure, namely physical servers, storage, and virtualization, but the organization retains control over the operating systems, virtual machines, networking configurations, and application deployments, which are provided by the organization.

It is important to note that even though some of the organizational workload has been lifted, significant responsibilities remain with the organization in terms of security. There is a significant shift in the way serverless computing and Platform as a Service (PaaS) environments work, where the cloud provider manages the underlying operating systems and runtime platforms, making the shift even more significant. 

Despite the fact that this reduces the overhead of infrastructure maintenance, organizations must still ensure that the code in their application is secure, that the configurations are managed properly, and that their software components are not vulnerable. With Software as a Service (SaaS), the cloud provider delivers a fully managed solution, handling everything from infrastructure and application logic to platform updates. 

There is no need to worry, however, since this does not absolve the customer of responsibility. It is the sole responsibility of the organization to ensure the safety of its data, configure appropriate access controls, and ensure compliance with particular industry regulations. Organizations must take a proactive approach to data governance and cybersecurity in order to be able to deal with the sensitivity and compliance requirements of the data they store or process, since SaaS providers are incapable of determining them inherently. 

One of the most important concepts in cloud security is the shared responsibility model, in which security duties are divided between the providers and their customers, depending on the service model. For organizations to ensure that effective controls are implemented, blind spots are avoided, and security postures are maintained in the cloud, it is crucial they recognize and act on this model. There are many advantages of SaaS applications, including their scalability, accessibility, and ease of deployment, but they also pose a lot of security concerns. 

Most of these concerns are a result of the fact that SaaS platforms are essentially web applications in the first place. It is therefore inevitable that they will still be vulnerable to all types of web-based threats, including those listed in the OWASP Top 10 - a widely acknowledged list of the most critical security threats facing web applications - so long as they remain configured correctly. Security misconfiguration is one of the most pressing vulnerability in SaaS environments today. 

In spite of the fact that many SaaS platforms have built-in security controls, improper setup by administrators can cause serious security issues. Suppose the administrator fails to configure access restrictions, or enables default configurations. In that case, it is possible to inadvertently leave sensitive data and business operations accessible via the public internet, resulting in serious exposure. The threat of Cross-Site Scripting (XSS) remains a persistent one and can result in serious financial losses. 

A malicious actor can inject harmful scripts into a web page that will then be executed by the browser of unsuspecting users in such an attack. There are many modern frameworks that have been designed to protect against XSS, but not all of them have been built or maintained with these safeguards in place, which makes them attractive targets for exploitation. 

Insider threats are also a significant concern, as well. The security of SaaS platforms can be compromised by employees or trusted partners who have elevated access, either negligently or maliciously. It is important to note that many organizations do not enforce the principle of least privilege, so users are given far more access than they need. This allows rogue insiders to manipulate or extract sensitive data, access critical features, or even disable security settings, all with the intention of compromising the security of the software. 

SaaS ecosystems are facing a growing concern over API vulnerabilities. APIs are often critical to the interaction between SaaS applications and other systems in order to extend functionality. It is very important to note that API security – such as weak authentication, inadequate rate limiting, or unrestricted access – can leave the door open for unauthorized data extraction, denial of service attacks, and other tactics. Given that APIs are becoming more and more prevalent across cloud services, this attack surface is getting bigger and bigger each day. 

As another high-stakes issue, the vulnerability of personally identifiable information (PII) and sensitive customer data is also a big concern. SaaS platforms often store critical information that ranges from names and addresses to financial and health-related information that can be extremely valuable to the organization. As a result of a single breach, a company may not only suffer reputational damage, but also suffer legal and regulatory repercussions. 

In the age when remote working is increasingly popular in SaaS environments, account hijacking is becoming an increasingly common occurrence. An attacker can compromise user accounts through phishing, credential stuffing, social engineering, and vulnerabilities on unsecure personal devices—in combination with attacks on unsecured personal devices. 

Once inside the system, they have the opportunity to escalate privileges, gain access to sensitive assets, or move laterally within integrated systems. In addition, organizations must also address regulatory compliance requirements as a crucial element of their strategy. The industry in which an entity operates dictates how it must conform to a variety of standards, including GDPR, HIPAA, PCI DSS, and SOX. 

In order to ensure compliance, organizations must implement robust data protection mechanisms, conduct regular security audits, continuously monitor user activities, and maintain detailed logs and audit trails within their SaaS environments in order to ensure compliance. Thus, safeguarding SaaS applications requires a multilayer approach that goes beyond just relying on the vendor’s security capabilities. 

It is crucial that organizations remain vigilant, proactive, and well informed about the specific vulnerabilities inherent in SaaS platforms so that a secure cloud-first strategy can be created and maintained. Finally, it is important to note that securing Software-as-a-Service (SaaS) environments involves more than merely a set of technical tools; it requires a comprehensive, evolving, and business-adherent security strategy. 

With the increasing dependence on SaaS solutions, which are becoming increasingly vital for critical operations, the security landscape becomes more complex and dynamic, resulting from distributed workforces, vast data volumes, and interconnected third-party ecosystems, as well as a continuous shift in regulations. Regardless of whether it is an oversight regarding access control, configuration, user behavior, or integration, an organization can suffer a significant financial, operational, and reputational risk from a single oversight. 

Organizations need to adopt a proactive and layered security approach in order to keep their systems secure. A continuous risk assessment, a strong identity management and access governance process, consistent enforcement of data protection controls, robust monitoring, and timely incident response procedures are all necessary to meet these objectives. Furthermore, it is also necessary to cultivate a cybersecurity culture among employees, which ensures that human behavior does not undermine technical safeguards. 

Further strengthening the overall security posture is the integration of compliance management and third-party risk oversight into core security processes. SaaS environments are resilient because they are not solely based on the cloud infrastructure or vendor offerings, but they are also shaped by the maturity of an organization's security policies, operational procedures, and governance frameworks in order to ensure their resilience. 

A world where digital agility is paramount is one in which companies that prioritize SaaS security as a strategic priority, and not just as an IT issue, will be in a better position to secure their data, maintain customer trust, and thrive in a world where cloud computing is the norm. Today's enterprises are increasingly reliant on browser-based SaaS tools as part of their digital infrastructure, so it is imperative to approach safeguarding this ecosystem as a continuous business function rather than as a one-time solution. 

It is imperative that organizations move beyond reactive security postures and adopt a forward-thinking mindset to align SaaS risk management with the long-term objectives of operational resilience and digital transformation, instead of taking a reactive approach to security. As part of this, SaaS security considerations should be integrated into procurement policies, legal frameworks, vendor risk assessments, and even user training programs. 

It is also necessary to institutionalize collaboration among the security, IT, legal, compliance, and business units to ensure that at all stages of the adoption of SaaS, security impacts are considered in decision-making. As API dependency, third-party integration, and remote access points are becoming more important in the SaaS environment, businesses should invest in visibility, automation, and threat intelligence capabilities that are tailored to the SaaS environment in order to further mitigate their attack surfaces. 

This manner of securing SaaS applications will not only reduce the chances of breaches and regulatory penalties, but it will also enable them to become strategic differentiators before their customers and stakeholders, conveying trustworthiness, operational maturity, and long-term value to them.
Read more »
User Privacy
Data Breach Data Leak IT Infrastructure Kelly Benefits User Privacy

Kelly Benefits Data Leak Affects 260,000 People

 

A Maryland-based outsourced benefits and payroll manager is notifying nine large customers and nearly 264,000 individuals that their private and sensitive data may have been compromised in a December hack. The number of impacted people has increased by eight-fold since Kelly & Associates Insurance Group, also known as Kelly Benefits, published an estimate of the hack's scope earlier this month. 

The company's current total of 263,893 affected persons is far higher than the 32,234 initially reported on April 9 to state regulators and the US Department of Health and Human Services as a HIPAA breach. 

The benefits company announced that it is sending breach notices to impacted individuals on behalf of nine clients: Amergis, Beam Benefits, Beltway Companies, CareFirst BlueCross BlueShield, Guardian Life Insurance Co., Intercon Truck of Baltimore, Publishers Circulation Fulfilment, Quantum Real Estate Management, and Transforming Lives. 

Kelly Benefits declined to comment, citing "the sensitive nature of the incident and subsequent investigation.” An investigation following the incident revealed that unauthorised access to the company's IT infrastructure occurred between December 12 and December 17, 2024. The company claimed that throughout that period, the attackers copied and stole specific files.

"Kelly Benefits then began a time-intensive and detailed review of all files affected by this event to determine what information was present in the impacted files and to whom it related," the company noted. It analysed internal records to match the individual with the relevant client or carrier. 

Individuals' information compromised in the event varies, but it could include their name, Social Security number, date of birth, medical information, health insurance information, or financial account information.

Kelly Benefits informed the FBI about the incident. This company stated that it is still reviewing its security policies, procedures, and technologies. At the time of writing, at least one proposed federal class action lawsuit against Kelly Benefits was filed in connection with the hacking incident. The lawsuit claims Kelly Benefits was negligent in failing to safeguard sensitive personally identifying information from unauthorised access.

"Even with several months of credit monitoring services, the risk of identity theft and unauthorized use of plaintiff's and class members' PII is still substantially high. Cybercriminals need not harvest a person's Social Security number or financial account information in order to commit identity fraud or misuse plaintiffs and the class's PII," the lawsuit notes. "Cybercriminals can cross-reference the data stolen from the data breach and combine with other sources to create 'Fullz' packages, which can then be used to commit fraudulent account activity on plaintiff and the class's financial accounts."
Read more »
Sensitive data
Co-op Customer Data Customer Data Exposed cyber attack Data Breach Data Leak data security IT Infrastructure Sensitive data

Co-op Cyberattack Exposes Member Data in Major Security Breach

 

Millions of Co-op members are being urged to remain vigilant following a significant cyberattack that led to a temporary shutdown of the retailer’s IT infrastructure. The company confirmed that the breach resulted in unauthorized access to sensitive customer data, although it emphasized that no financial or account login information was compromised. 

Shirine Khoury-Haq, Chief Executive Officer of Co-op, addressed members directly, expressing regret and concern over the breach. She assured customers that the company’s core operations were largely unaffected by the attack and that members could continue to use their accounts and services as normal. However, she acknowledged the seriousness of the data exposure, which has affected both current and past members of the Co-op Group. 

“We deeply regret that personal member information was accessed during this incident. While we’ve been able to prevent disruption to our services, we understand how unsettling this news can be,” Khoury-Haq stated. “I encourage all members to take standard security precautions, including updating their passwords and ensuring they are not reused across platforms.” 

According to an official statement from Co-op, the malicious activity targeted one of their internal systems and successfully extracted customer data such as names, contact information, and dates of birth. Importantly, the company clarified that no passwords, payment details, or transactional records were included in the breach. They also emphasized that their teams are actively investigating the incident in coordination with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA). 

The company said that it has implemented enhanced security measures to prevent further unauthorized access, while minimizing disruption to business operations and customer services. Forensic specialists are currently assessing the full scope of the breach, and affected individuals may be contacted as more information becomes available. In response to the incident, Stephen Bonner, Deputy Commissioner of the UK Information Commissioner’s Office (ICO), offered guidance to concerned members. “Cyberattacks like this can be very unsettling for the public. 

If you’re concerned about your data, we recommend using strong, unique passwords for each of your online accounts and enabling two-factor authentication wherever possible,” he advised. “Customers should also stay alert to updates from Co-op and follow any specific instructions they provide.” The Co-op has apologized to its customers and pledged to continue prioritizing data protection as it works to resolve the issue. While the investigation continues, members are encouraged to remain cautious and take proactive steps to safeguard their personal information online.
Read more »
Subscribe to: Comments (Atom)