This week:
3 – IT Service Providers need to improve their security
2 – Microsoft 365 goes offline for 3 hours
1 – Google uses AI to stop the phone scammers
3 – IT Service Providers need to improve their security
“The ICT service management sector [..] is assessed at moderate maturity but ranks notably lower than the rest of the digital-by-default sectors.”
Summary: The EU’s Agency for Cybersecurity (ENISA) has released a “NIS360 assessment” report, which assesses how sectors falling under the NIS2 Directive are getting on with their cyber security improvement programmes. The report suggests that while IT Managed Service Providers (MSPs) are critical to many businesses, their cyber security maturity is lower than they think. In other words, as ENISA’s press release states, “there is room for improvement in their maturity relative to their criticality”.
So what? Your IT MSP has lots of powerful access to your key IT systems and your important information. Gaps in their security controls don’t only endanger the MSP – They also endanger you. This is one reason why Supply Chain Management / Vendor Management / Third Party Risk Management has been on the regulatory agenda for many years, and why it is a critical component of your DORA compliance. And when I help my clients with their third party risk management and supplier assessments, their IT MSP is usually the first supplier I call.
Source: ENISA
2 – Microsoft 365 goes offline for 3 hours
“A widespread Microsoft outage on March 1 left tens of thousands of users unable to access key services, including Outlook, Teams, and Office 365, for more than three hours.”
Summary: Microsoft experienced a significant outage last weekend affecting services such as Outlook, Teams, SharePoint, and OneDrive. The issue prevented users from accessing the platform for over 3 hours. Microsoft has said that the disruption was caused by “problematic code change.” – Also known as a programming bug.
So what? A 3 hour outage over a weekend is unlikely to impact you. But…
- If the outage lasted a full business day, what’s your plan to keep working?
- If the outage lasted a full working week, what’s your plan?
- And if an outage caused some or all of your Microsoft 365 data to be lost, what’s your plan?
If you think this could never happen, you’re wrong. As this outage demonstrates, even Microsoft can make ‘problematic code changes’ that cause the whole platform to collapse.
And if you only have the standard Microsoft 365 contract and think Microsoft are contractually obliged to ensure your data is never lost, you’re wrong.
What’s my point? DORA is all about Operational Resilience – The clue is in the name! To remain operationally resilient when Microsoft releases its next batch of dodgy code, at a minimum, you must have a separate copy / backup of all of your Microsoft 365 data. Otherwise, this unlikely event in Microsoft could have a catastrophic impact on you.
Source: Tech Republic
1 – Google uses AI to stop the phone scammers
“Scam Detection for phone calls, powered by Gemini Nano, protects you from fraud with on-device AI while keeping your conversations private to you [..] And Scam Detection is now available in Google Messages, too.”
Summary: Google has released new functionality on its Pixel phones which uses AI to monitor what is being said on phone call and text message conversations. The phone’s user will receive a real-time warning if it detects patterns in the conversation that seem suspicious. While the functionality is currently only available on Google Pixel phones, there’s a good chance other phones will get similar capabilities soon.
So what? There are clear privacy risks of Google monitoring our conversations (although apparently, the AI runs on the device itself and does not share any information with the Google Mothership). But, there are also very clear rewards: Applying the capabilities of AI in this way will make the scammer’s job so much harder.
Source: Google Press Release