Microsoft has announced that as of November 1st 2021, they will be making some changes to the version requirements of Outlook application to connect to Microsoft 365 services. This means that some older Outlook versions will no longer work – and need to be updated.
What versions are impacted?
Microsoft is removing the capability of connecting with Microsoft 365 services for the versions below:
Outlook 2007
Outlook 2010
Office 2013 (15.0.4970.9999 and older)
Office 2016 (16.0.4599.9999 and older)
Office 365 ProPlus (1705 and older)
Office 365 Business (1705 and older)
If you are running any of the above versions, you will need to upgrade your application. Continue reading to see our suggestions and guide how to proceed.
What versions am I on?
First, let’s find out what Outlook version you are running:
For Outlook 2013 or higher
Open your Outlook desktop application
Click on “File” (Top left) in the tool bar
On the left-hand side find and click “Office Account”
On the right-hand side you should now see “Product Information”
Click on “About Outlook” icon to reveal more information and take note of your version build
For Outlook 2010
Open your Outlook desktop application.
Click on “File” (Top left) in the tool bar
On the left-hand side find and click “Help”
On the right-hand side you should now see “About Microsoft Outlook”
If you are using Microsoft 365 Apps or other M365 subscriptions with Apps included, then you do not need to take any further action since you will not be impacted.
Why is this change happening?
As Microsoft continue to evolve their Microsoft 365 services with new features, they introduce security enhancements and improved application stability. The result is that some legacy applications either become incompatible with the service change implemented or they pose a security risk to its users. Microsoft explain that “Support for basic authentication is ending to increase the security of Microsoft 365 by relying on modern authentication protocols, which are not only more secure, but also provide compliance and policy controls to help you manage your data.” - (read more here)
“We’re working on adding support for HTTP/2 in Microsoft 365. HTTP/2 is a full duplex protocol, which decreases latency through header compression and request multiplexing. On the service side, we’ll be able to better prioritize requests and more effectively push data to clients.”
My version is going out of support; what should I do?
BMIT suggests that businesses and users upgrade to a subscription-based monthly license for Microsoft 365 Apps or Microsoft 365 Business Standard. You can do so by visiting our online store or contact us so that we can analyse and provide you with a tailored recommendation.
Outlook 2007 and Outlook Outlook 2010 users have two options: either upgrade to Microsoft Apps for Business or if your organisation is highly regulated or user’s devices cannot take upgrades then we suggest upgrading to Office 2019 or Office LTSC 2021 (released September 2021).
Office 2013 users can upgrade their Version to 15.0.4971.1000 of Office 2013 (Service Pack 1 with the October 2017 Update)
Office 2016 users must ensure that their Outlook and Windows client is updated with the latest September 2021 PU (KB5001966)
Why should you upgrade to a Microsoft 365 Apps subscription?
As a result of the huge spike in remote working, both product vulnerabilities and malicious threats created new risksMicrosoft 365 Apps subscription users benefit from frequent product security patches and constant product updates delivering enhancements and new features.
Next Steps
If you know what you need to do, then just visit our online store to get the right product for you. If you would like further help or advice, please contact us and we will be in touch.
Some businesses leave their data completely unprotected and never lose it. Some people run across eight lanes of the Marsa bypass in the rush hour and reach the other side unharmed. In both cases, it’s a matter of calculating whether the cost of acting safely is worth it when compared to the probability and the cost of failure.
Based on actual evidence and case histories, there is a surprisingly large number of factors that can pose a threat to your data. The obvious and well-known factors are cybercrime, natural disasters, or hardware failures but some of the most common ones also include a simple human mistake (clicking the wrong option) or malicious internal actors (for example, a disgruntled employee that is about to be laid off).
There is no good way to protect yourself against such threats. People may be trained to be careful but there is always a chance that they will make a mistake. Employees may be treated well but there is always a chance that one will do something foolish out of spite. Even failure-protected hardware can fail – we’ve personally experienced a failure of two disks from a RAID 5 matrix at the same time. And in recent years, cybercrime has completely dominated the threat landscape with ransomware leading the flock.
Yes, you are a potential ransomware target. This is primarily because ransomware attacks don’t just come from big Russian hacker organisations. Anybody can attack you because ransomware is often available via the software-as-a-service model. This means that even a disgruntled ex-employee could access such a service, target you, and scramble all your data – all hiding behind a cryptocurrency-based anonymised system.
Local statistics also show that ransomware is a major problem for our islands. Based on data from 2020, 8% of Maltese internet users have been affected by ransomware between 2017 and 2020, compared to 1% in other EU states. This may be due to the fact that small and medium businesses, which are predominant on the islands, are an easy attack target when compared to large organisations due to having fewer security measures in place and smaller security teams.
How to protect your data?
There are many ways to try to avoid the impact of factors that may endanger your data. You can establish very strong security policies, you may double-check every action, you may use failure-proof hardware. However, while all these factors reduce the risk a little, they won’t help you recover. The only effective way of making sure that you can recover if your safety measures fail is to have a well-established backup plan.
However, ransomware authors know about backups. Ransomware software is specially designed to infiltrate the system, discover backup methods, and make its way into backups as well. The actual encryption event often happens with a delay, which means that even your last backup is very likely to contain and be restored together with malware. If so, your restored data is automatically encrypted again, making your backup plan utterly useless.
What and how to back up?
One of the most common mistakes that businesses make is backing up just key business data and leaving everything else unprotected, for example, operational data. In the case of an event that doesn’t just affect key business data but, for example, makes every computer in the company inaccessible, the lack of a complete backup means that you have to manually reinstall and reconfigure every single workstation, which makes recovery much longer and much more difficult.
To protect your data against all the threats, not just ransomware, your backups must be:
Complete – you can’t just focus on key business data.
Physically offsite – so you can avoid disasters that influence your live systems along with your backups. This includes natural disasters, accidents, power failures, etc.
Efficiently firewalled – there must be no way for malicious software to automatically access your backup.
Far-reaching – you need backups from several points in history so, in the event of a ransomware attack, you can find a backup that certainly contains no malware.
Monitored – security experts should monitor your backups for any signs of ransomware.
Well supported – in a critical situation, you need all the support you can get. Specialised third-party experts can help you bring your systems back online much faster and easier.
BMIT has your back with our backup solutions, which let you cover all of the above points. Our backup plans include managed backup for M365, backup for Office 365, backup for Azure and other cloud providers, backup for physical servers, backup for VMs, backup for workstations, and Veeam Cloud Connect. You can get full support with backup and recovery operations by taking advantage of our Backup-as-a-Service offering.
With our products and expertise, you can be sure that no matter whether it’s sea breams falling on your roof and causing a short circuit and fire, the interconnector failing during an important data saving operation, or someone demanding a ransom for decrypting your entire system, you can count on us to help you restore everything back to normal.
With the news that Scotland is to trial the 4-day working week, it is evident that changes in the work life balance are playing a major part in how businesses will start to operate, taking into consideration the issues related to people management as well as the financial impact this will have.
By adopting the experiences of Iceland and New Zealand, Scotland will trial the 4-day week without any reduction in pay. What does this mean for businesses? Do they have to employ more staff? Increase prices to retain the same net profit? Adopt new technologies and bring in innovative solutions?
On the flip side, will a 4-day week on the same income levels mean people have more time to spend more money? Increased input to the leisure and entertainment industries? Due to Covid 19, it has become evident that people who have more “free-time” spend more money on entertainment channels such as sports betting (when available), online bingo, lotteries and online casinos.
New business is always good news to operators but only if the right preparation is in place. This will bring greater pressure on their operations to cope with demand, closer monitoring of Responsible Gaming, increased registrations and KYC as well as unexpected inbound customer service volumes. Looking at alleviating such pressure whilst providing a truly world-class service allows for healthy wellbeing for the employees, while increasing revenue and customer satisfaction.
The CX Virtual Agent from BMIT Technologies is designed to help gaming operators achieve this balance. Designed to be indistinguishable from a human agent, this AI-driven technology equips operators with the capability to handle an increased volume of customer support queries – such as account interventions, player onboarding, compliance and responsible gaming checks – therefore allowing the customer support team to handle more specific customer requests and be more proactive. One key area where live agents can play a more effective role relates to player profiling. With other tasks assigned to an intelligent automation system, they can focus on more direct engagement with players, adopting a proactive approach to players’ acquisition, direct marketing of new games or offers and Increased player loyalty via bonuses and other rewards
How can BMIT Technologies help you adopt AI within your customer support?
Every client we work with requires different solutions. So, we tackle each need with our expertise in technology, business strategy and innovation.
We propose and develop intelligent, secure infrastructure solutions, help build your internal capabilities and identify opportunities to enhance your business potential through the application of innovative technologies. This ensures a greater level of business management and progression.
Want to learn more about BMIT Technologies CX-Virtual Agent and its benefits? The CX-Virtual Agent is an additional resource in your customer service team and has the skills to handle requests and tasks on your behalf, as if it was a human agent. Read more about our CX-Virtual agent here or else contact us directly and one of our experts will reach out and guide you accordingly.
Microsoft have just launched a new cloud product - Windows 365, but what is Windows 365 and how can it benefit you on a day-to-day basis?
In a nutshell with Windows 365 feels like a cloud PC on steroids, where businesses are able to support on-site and remote working all at one go, by enabling an instantly available PC environment that can work on many different devices. This is ideal for businesses who have, or plan to have, a BYOD (Bring Your Own Device) policy, that will save up on costs for the business and make life easier for the employee.
So how does Windows 365 work?
Simply put by The Verge - "Microsoft is putting Windows in the cloud". As a business you get the option to choose between 3 different plans – basic, standard, and premium. The differences between the plans lies in the ‘power’ the virtual PC has. You can see the different plans and their intricacies below.
Windows 365 Basic
Windows 365 Standard
Windows 365 Premium
2 vCPU 4 GB RAM 128 GB Storage
2 vCPU 8 GB RAM 128 GB Storage
4 vCPU 16 GB RAM 128 GB Storage
Access and manage the Cloud PC
Access and manage the Cloud PC
Access and manage the Cloud PC
Supports the desktop versions of Office apps, Outlook, and OneDrive
Supports the desktop versions of Office apps, Outlook, and OneDrive
Supports the desktop versions of Office apps, Outlook, and OneDrive
Supports the desktop version of Microsoft Teams (chat and audio calls only)
Supports the desktop version of Microsoft Teams
Supports the desktop version of Microsoft Teams
Up to 300 users
Up to 300 users
Supports Microsoft Visual Studio, Power BI, and Dynamics 365
Up to 300 users
Windows 365 Business Cloud Plans
The main advantage to this is that all the security, processing and resources are being taken off the local machine and being handled by the virtual PC in the cloud. This enables employees to use their own devices or thin clients to get their work done, being at home, the office or anywhere in between. Windows 365 also natively supports some of the more popular products, such as the Office suite, Teams and OneDrive.
Windows 365 virtual PC can run on PCs, Macs, iPads, Linux, and Android device through a native Remote Desktop application. Windows 365 can also run on a simple web browser. Basically, as long as you have an internet connection you can connect to your Windows 365 virtual PC from literally anywhere.
What are the alternatives?
The obvious comparison one initially makes is comparing Windows 365 with the cost of buying a new PC, which at a glance may not seem worth it. Although, when factoring in the initial cost, upkeep, parts replacement, security, and a resource to manage all this, and the devices of an entire organisation the savings are evident.
A more apt comparison would be Azure Virtual Desktop (AVD) since the technology is similar but the savings are much more significant.
How can BMIT Technologies help?
Every client we work with requires different solutions. So, we tackle each need with our expertise in technology, business strategy and innovation.
We propose and develop intelligent, secure infrastructure solutions, help build your internal capabilities and identify opportunities to enhance your business potential through the application of innovative technologies. This ensures a greater level of business management and progression.
Want to learn more about Windows 365 and its benefits? Contact us directly and one of our experts will reach out and guide you accordingly!
As a leading technology provider we are proud to have been invited to make a contribution on the role of technology on citizenship at the State of the Nation conference, hosted by HE The President of Malta on Friday 4th June. In this speech I focused on various opportunities and threats that technology brings to the sphere of citizenship and residency, and the importance of vigilance on global social media platforms, as as a result of their increasing use to manipulate public opinion on matters of critical importance.
Follow the full speech in Maltese here.
Script
It-Teknologija Qed Tibdel Is-Sens Ta’ Ċittadinanza?
"Nixtieq nuża dan il ftit ħin biex naqsam magħkom ftit ħsibijiet rigward kif inhoss li t-teknologija tista qed tibdel is-sens ta ċittadinanza, u kif dan kollu jimpatta ir-relazzjoni bejn l-individwu, r-residenza u n-nazzjonalità.
Għal eluf ta' snin kien faċli li wiehed jidentifika ruħu skond fejn ikun twieled, u ma kien hemm ebda dubju dwar dan. Dak li ġie stabbilit fil-Greċja antika f’dak li għandu x’jaqsam ma’ prinċipji demokratiċi u ċittadinanza, serviena bħala referenza għal tul ta’ zmien mhux ħazin - izda aktar ma kien hemm zviluppi fit-teknologija, aktar din iċ-ċertezza bdiet tonqos – sa kemm wasalna fiż-żmien tal-llum, fejn l-access kontinwu, veloċi u irħis ghal-internet waslu biex ħafna individwi jistaqsu jekk verament art twelidhom tirriflettix huma min huma. L-aċċess għal informazzjoni ta kull tip, tat lil ħafna il-kapaċita li jiffurmaw opinjoni indipendentament mill-verzjonijiet li l-istat jew xi partit politiku jipprova jgħaddilna.
Mistoqsijiet li nħoss li wieħed jista jistaqsi f’dan il kuntest huma:
L-ewwel: “Għalfejn għandi nidentifika ruħi ma’ art twelidi meta l-maġġoranza tan-nies f’art twelidi jħaddnu prinċipji li jmorru kontra dak li nemmen fih jien?” jew
It-tieni: “Għalfejn fi zmien ta’ kommunikazzjoni u kollaborazzjoni diġitali wieħed m’għandux id-dritt jagħzel x’tip ta ċittadinanza jkollu, jew li jagħzel residenza fejn hu, hi jew huma jhossu li l-aktar jagħmel sens għalihom?”
Għalkemm dawn jistaw jinstemaw bħala mistoqsijiet ftit fit-teorija, ta’ min isemmi li diġa jeżistu kunċetti ta e-residency għal negozji, bħal dawk li huma offruti mill-Estonja, esklussivament online. Jista dan il-kunċett jigi estiz għal individwi, minghajr il-bzonn li jkun marbut ma’ kritejri ta rikkezza personali?
Lil hinn minn dawn il mistoqijet, li hu zgur hu li it-teknologija, u aktar min hekk, l-użu tat- teknologija kważi minn kulhadd bidlet id-dinja li ngħixu fiha, u l-ordni soċjali li għal mijiet ta snin stabbiliet rwoli differenti għal kull individwu u kariga. Inbidel il-mod ukoll kif iċ-ċittadin ihares lejn l-istat, u kif aħna bhala ċittadini nippretendu li l-istat, u r-rappreżentati tal-istituzzjoniiet, jaġixxu. Il-midja soċjali tat lil individwu l-għodda li biha jista' jgħid li jrid - jikkritika, jfaħħar u anke jweġġa - u welldet sistema ta' mikro-politika ġdida. Dan kollu jinstema bhala xi haga tajba, izda wiehed ma jistax jinsa il manipulazzjoni li spiss isir permezz tal midja soċjali.
F’dan il-kuntest wieħed irid isemmi ukoll l-użu tal-mezzi diġitali bħala għodda biex uħud jagħmlu definizzjoni ta nazzjon kif jogħgob lilhom – eżempju klassiku hu t-tip ta’ patrijottizmu malti definit mill-ammont ta kummenti razzisti li wiehed jara online, kummenti li tant saru komuni li għal xi whud saru xi haġa normali.
Punt li jidher li hemm kunsens fuqu hu li t-teknologija, u b’mod partikulari l-informatika, qed tibdel b’mod radikali l-erba’ dimensjonijiet li jiffurmaw iċ-ċittadinanza, jiġifieri: l-istatus legali li wieħed ikollu bhala ċittadin, id-drittijiet u obbligi li dan l-istatus iġorr miegħu, l-identita tal-persuna, kif ukoll il-parteċipazzjoni fi sfera politika u soċjali.
Aktar qabel diġa għamilt referenza kif dawn id-dimensjonijiet qed jigu impattati bit-teknologija. Ta’ min wieħed izid kif diġa għaddejja diskussjoni f’diversi sferi fuq jekk għandux ikun hemm ċittadinanza elettronika globali (jew “global e-citizenship”) biex tikkumplimenta iċ-ċittadinanza nazzjonali. Għalkemm personalment għadu mhux ċar għalija il-valur prattiku ta’ din it-tip ta ċittadinanza elettronika, jidher li l-ideja hi marbuta ma’ dak li tkun tirrapreżenta bħala valuri li wieħed iħaddan u mhux biss fejn ikun twieled.
Nixtieq issa ngħaddi għal-punt li, fl-opinjoni tiegħi, hu aktar ta’ priorita. Qed nirreferi għal użu, u l-abbuż, ta data personali biex jigu manipulati aspetti fundamentali ta’ kull nazzjon, bħal ma’ huma deċizjonijiet ta’ importanza nazzjonali, elezzjonijiet, jew opinjoni pubblika fuq policies li gvern partikulari jkun irid jadotta. Fuq naha hemm il-vantaġġ li deċiżjoni issa tista tittieħed fuq data ta vera, u mhux fuq opinjoni ta min jinstema jew jgħajjat l-aktar – u dan iwassal għal “data driven policies”. Min naha l-ohra hemm il-periklu li min għandu aċċess għal dik id-data jista jimmanipulaha kif ikun jaqbel lilu.
Każ klassiku hu Facebook – fejn il-kumpanija kienet kuntenta li tħalli manipulazzjoni sħiħa anke ta elezzjonijiet biex ma titlifx id-dħul mir-reklamar – u agħar min hekk halliet lil min jaċċessa u jimmanipula id-data għal dan l-iskop – bhal ma kien il kaz ta Cambridge Analytica. Ma ninsewx li dak li naraw fuq Facebook u midja soċjali oħra hu kkontrollant minn algorithm, li l-oġġettiv tagħha hu wiehed kummercjali u indipendenti mill-ġid komuni.
Dan l-aċċess għad-data b’mod pubbliku ġab fuq quddiem problemi li 20 sena ilu ma kinux jeżistu, bħal serq ta identita u targeted messaging għal skop politiku - dan tal-aħħar marbut ma aċċess għal data kunfindenzjali li kultant il-partiti politiċi jkollhom aktar minn kulhadd. Din it-taħlita ta data driven policies, viżibilta ta data personali minkejja kontrolli bħal dawk introdotti bil-GDPR, kif ukoll il-bumbardament kontinwu ta’ targeted advertising qed iwassal biex saffi sħaħ tas-soċjeta qed jigu kundizzjonati mingħajr ma jindunaw, a skapitu tal-prinċipji demokratiċi u s-sens ta valuri komuni f’soċjeta.
Nixtieq nagħlaq b’zewg suġġerimenti:
l-ewwel: inħoss li hemm bzonn aktar għarfien ghal kif ligijiet rigward privatezza qegħdin hemm biex jipproteġuna – ngħajja nisma kummenti fuq GDPR li juru li hafna lanqas biss ghandhom ideja fuq xiex qed jitkellmu, filwaqt li ohrajn juzaw dan in-nuqqas bhala skuża biex izommu lura milli jagħtu informazzjoni mitluba.
It-tieni: jista jkun li wasal iż-żmien li issir regolamentazzjoni aktar ċara f’dak li għandu x’jaqsam social media. Huwa ovvju li self regulation mhix taħdem, u għalhekk inħoss li hemm bżonn tibda diskussjoni lokalment fuq kif wiehed jista jiżgura li ma ssirx manipulazzjoni fuq skala kbira fuq suġġetti ta natura serja, kif semmejt qabel.
Nirringrazzja lil organiżżaturi għal opportunita li tawni li nindirizzakom kif ukoll lil BMIT Technologies li huma supporter ewlieni ta’ din il konferenza nazzjonali.
Everyone in the technology sphere is aware about Microsoft Azure and it's expanding set of on-demand cloud services that help your business create a flexible and scalable infrastructure, store and manage data, create complex web apps, improve cybersecurity and compliance practices, and much much more. But what are the actual benefits of Microsoft Azure? Here is a list of all the benefits you will take advantage of when using Microsoft Azure's global cloud platform.
Flexible
Transfer the hardware infrastructure issues and responsibility. Save time, money and labour-intensive tasks to maintain your infrastructure. Eliminate waiting time to deploy new infrastructure, spin new VMS with a click of a button and pay for what you use.
Scalable
Since Azure is a public cloud platform, businesses can scale up their infrastructure and services to align with their needs.
Elastic
With the platform’s automation it enables elasticity to save your business the time and money, so that you pay for what you really need.
High-Availability
Microsoft Azure provides high-availability and redundancy across all its data centres. Azure is available in over 52+ regions worldwide and is available in 140 countries, making Azure well-suited to companies with a global reach. Because of its availability zones, Microsoft can offer a service-level agreement that ensures 99.95% up to 99.99% availability for VM infrastructure, which amounts to under 4.5 hours of downtime per year.
Reliability
Microsoft is committed to continue improving its Azure services reliability by introducing more automation to its infrastructure in order to be less susceptible to component failures. And uses low-and-no-impact methods and technologies during maintenance on its infrastructure and services.
Secure
All data stored on Azure is protected by an advanced encryption process, and Microsoft’s data centers are outfitted with two-tier authentication, proxy card access readers and even biometric scanners. When paired with existing cybersecurity systems and policies, Azure’s built-in security tools can help maintain the privacy, integrity and availability of sensitive customer information. Through its multi-layered security model, Microsoft helps companies ward off data breaches, malware, DDos attacks and other evolving threats.
Compliant
Over the years, Microsoft has become quite familiar with the need for strong and adaptive compliance controls. That’s why Azure offers more than 35 compliance offerings specific to the needs of key industries, including health care, government, finance, education, manufacturing and more. Through its built-in compliance tools, configuration management features and guidance resources, Microsoft helps organizations keep pace with the evolving regulatory guidelines like HIPAA, ISO 27001, GDPR and more.
How can BMIT Technologies help?
Every client we work with requires different solutions. So, we tackle each need with our expertise in technology, business strategy and innovation.
We propose and develop intelligent, secure infrastructure solutions, help build your internal capabilities and identify opportunities to enhance your business potential through the application of innovative technologies. This ensures a greater level of business management and progression.
Want to learn more about Microsoft Azure and how BMIT Technologies can help you take advantage of the benefits mentioned above? Read more about BMIT Technologies Azure services or reach out today and one of our Business Solution Advisors will be in touch!
What is a DDOS? Why am I being targeted and who is attacking me? What do I do now? These are some of the many questions I have heard over many years of handling DDoS attacks at BMIT Technologies.
BMIT Technologies has been in this business for almost 20 years, and we have seen many DDoS attacks. Over the years there were many changes, in size, attack vector, methodologies but one thing remains a constant: The attacker wanting to shut down the operations of the targeted “victim”. One might even say it is a perennial game of cat and mouse were the mouse (the attacker) is always looking for new ways to bypass the cat (security systems) and steal their cheese (bring down their target). Here are some of the most common questions we receive.
So what is a DDOS attack?
In simple words, a Distributed Denial of Service (DDoS) attack, is nothing more than a malicious attempt to bring down a website or a service. This is achieved by either flooding (we call it “over subscribing”) the connectivity of the service or overuse the resources available to the service. To give a simple example: if a customer is serviced by a dedicated Internet line of 100Mbps and suddenly the attacker is sending ten times more (1Gbps) of traffic, the connection becomes oversubscribed with the result being that the customer’s websites/services become unreachable. It is worth noting that a flood is the simplest form of attack. There are many attack vectors. In fact, in recent years multi-vector attacks have become the most common type of attacks.
But why me? Who is targeting me?
There are many reasons why this happens, most attacks are an attempt at extortion. It is very common that either prior or after an attack you will receive an email to pay an amount of money, in bitcoin of course, to avoid being attacked. But this is not the only reason. This attack could be the result of competition. Indeed, many organisations believe that there was at least one instance of attack originating from competition. The DDoS attack could also be instigated by an angry previous employee or just a script kiddie who wants to have some fun. These are all possible scenarios, especially when you realize that a DDoS attack can be very cheaply bought. On the Dark Web you can buy an attack for as low as USD10per hour. This makes the DDoS attack accessible to anyone.
So what do I do now?
When facing such a threat you need to stand up, subscribe to a DDOS mitigation service, and fight. Never surrender and pay the extortion, as the attacker will demand more and eventually end up still attacking you. Indeed, the sentiment is correct, the successful mitigation of an attack is possible if and only if both you and the service provider work together to fine tune and personalize the countermeasures to your traffic profile. One of the most common pitfalls is that during the attack, the mitigation is switched on and left on its default settings without parametrisation and fine tuning. Although this might work, most of the times it will not as there are instances that mitigation will result in collateral damage on traffic towards the customer’s payment gateway or an offsite control office, effectively bringing down the operations even though the attack is being mitigated. The suggestion here is that you get a service provider that can actively manage your connectivity during an attack, with your support. you Get a multi-tiered DDoS mitigation service, document all your external partners and be prepared. You will never know when an attack will hit you.
If you own a business that depends on online presence to survive, or you work in IT security, then it’s not just Covid-19 stats you should be looking at. During 2020, despite the pandemic hitting everyone globally, DDoS attacks increased by over 15% over 2019. That sounds like yet another percentage, but the actual impact can be devastating for businesses, small and big alike.
A quick refresher first - What is a DDoS attack?
One definition, by Netscout, is that “DDoS is an attempt to exhaust the resources available to a network, application, or service so that genuine users cannot gain access”. In practice a DDoS attack on a website or a network feels like a few hundred or a thousand elephants are trying to pass through your hallway, therefore rendering access to your kitchen very difficult, if not impossible.
Over the years, the way cyber criminals attack has become much more sophisticated than just bombarding a website with traffic. Now it is a combination of high-volume attacks, along with more difficult to detect infiltrations that target applications as well as existing network security infrastructure such as firewalls, routers and IPS.
I will spare you the technical differences between a ping / ICMP flood, a TCP SYN flood, an SSL exhaustion or a BGP hijack since they can become numbingly boring, and I might also run out of alphabet letters listing down all the acronyms – the important point to be made here is that the protection and mitigation mechanisms need to be able to handle the complexities behind the attacks, and not just against a “simple” volumetric attack, for example. Indeed, multi-vector attacks has become more common and are now almost the norm.
Why are DDoS attacks so dangerous for your business?
A DDoS attack is a threat to your ability to continue doing business. As businesses have grown more dependent on the Internet and web-based applications and services, online availability has become as essential as electricity and water.
From our experience, the most obvious targets to a DDoS attack are Financial Services and iGaming companies. But a DDoS attack can also target the mission critical business applications that your business relies on, daily email, payment gateways, sales software and automation, CRM and many others. Additionally, other industries, such as manufacturing, pharma and healthcare, have internal resources that the supply chain and other business partners rely on for daily business operations. All of these are targets for today’s sophisticated cyber attackers, as the North Korean attack has shown in a very public way.
Look beyond the high-volume attacks
Many associate DDoS attacks with high-volume, “spectacular” attacks – because that’s what makes news. But for most organisations, this is rarely what they should be worrying at.
Netscout recommend that as businesses start considering the steps needed to mitigate the risk from DDoS attacks and maintain resilience and availability, they should keep the following in mind:
Think beyond volumetric attacks. State-exhaustion DDoS attacks that block devices such as firewalls, load balancers, and VPN concentrators from doing their job can also negatively impact vital applications, services, infrastructure, and data. This is particularly relevant in the current high dependence on VPNs due to remote working. The recommendation here is that companies deploy a DDoS set-up that protects beyond the obvious, to be protected the widest type of DDoS attacks possible. We can help. Reach out and we will set up a quick call to go through your worries and requirements.
Cloud-based protection is not enough. The most common form of DDoS attack protection is a cloud-based mitigation service. This is critical to stop large, volumetric DDoS attacks that outstrip the volume of the internet connection but is only one part of a comprehensive protection strategy. Companies shall also think of their own network and how it can be protected – and ensure that their service provider has mitigation mechanisms within its own network, and not just depend on 3rd parties. BMIT’s Managed DDoS Shield caters for end-to-end protection, and with its multi-tier mitigation mechanisms ensures that you tick these best practice recommendations.
Size doesn’t always matter! Smaller and short-lived attacks can be as lethal as massive attacks and it is therefore important that your service provider can provide instant detection and mitigation mechanisms. Netscout estimate that almost 25% of attacks last less than 5 minutes, and the absolute majority an hour or less.
The end message is that DDoS attacks can be mitigated if, and only if, you are prepared. A key part of that preparation lies in a regular engagement with your service provider to ensure that the right set-up is in place, end-to-end.
Leading Maltese technology solutions provider BMIT Technologies today announced the launch of their new DDoS protection and mitigation solution - BMIT Managed DDoS Shield. This solution is the result of a major investment in technologies and skills, which now allows the company to extend the service to large and smaller organisations using their network services and strengthen its security portfolio further.
BMIT DDoS Shield is a multi-tiered solution which protects against multiple types of attacks. The edge-based mitigation deployed within BMIT Technologies international high speed private network allows the finetuning of countermeasures that are used to protect against protocol and application attacks. An upstream mitigation - Cloud-based – is also activated and both mitigation mechanisms work in sync to mitigate an attack.
“The investment in the latest DDoS technology and in our high speed and resilient international network allowed us to launch an enhanced solution, which is backed up by a team of local experts on a 24x7 basis. We proactively monitor for any attacks and act on them immediately, sometimes well before even a customer realises, they are under attack,” commented Gordon Bezzina, BMIT Technologies’ Chief Technology Officer commented.
“When developing the Managed DDoS Shield solution, we have given particular attention to customers who might wish to be “insured” against an attack, and therefore built a low, fixed subscription fee solution which allows for a pay per attack charging model”, added Ivan Galea, Product Manager at BMIT Technologies. “We have also developed an always-on solution to protect those customers who either are prone to more frequent attacks or else prefer to have quicker response to attacks,” concluded Mr Galea.
BMIT Technologies, a leading Hybrid IT enabler, was recently recognized by the Microsoft Greece, Cyprus & Malta subsidiary as the best performing partner for Azure for fiscal year 2020. This award is a result of BMIT Technologies’ solid performance and investment during the past year and continued focus to drive innovation through the exploitation of cloud technology.
Building on the strategic partnership that it established with Microsoft in 2018, BMIT Technologies continues to invest in both its technology infrastructure and its technical capability to ensure that it has the necessary capacity to help customers harness the power of Microsoft Azure to fulfil their strategic objectives.
BMIT Technologies also offers a secure and quick-to-set-up remote work solution which is designed to address the main pain points of anyone wishing to offer remote work to employees but is constrained by systems or software. Based on Microsoft Azure and Microsoft 365, BMIT’s Remote Work Solution enables organisations to ensure that their IT systems and services are made accessible to employees anytime and anywhere, securely and reliably. This solution has proven to be a vital lifeline for many businesses during the current pandemic, enabling them to remain fully operational by allowing their employees to work from home.
Adopting a Hybrid IT approach, the company also offers regulated businesses, such as online gaming and financial services operators, a quick-to-deploy Hosting Compliance solution that enables them meet all their regulatory requirements, in a fully compliant manner. This solution allows clients to focus on optimizing their operations, CX and marketing and spend less time and resource managing and operating their IT infrastructure. A key element of this solution is BMIT Technologies’ own Microsoft Azure Stack platform, which provides the same Microsoft Azure experience but with the added benefit of being fully hosted in Malta and therefore ensuring data is maintained in Malta in line with regulatory needs.
Nick Tonna, BMIT’s Chief Commercial Officer, said: “We are thrilled to have received this prestigious recognition from Microsoft. It is a huge achievement for our team and reinforces BMIT Technologies’ leadership in Cloud services on the island. We look forward to bringing more exciting things for our clients and ensure they continue to see the benefits of working with us.”
