Menu
Close

Microsoft AMPS its latest operating system up to 11. But ...

frame-KN
Marc Beckers
July 25, 2023

Microsoft AMPS its latest operating system up to 11. But is it one notch above the rest?

INTRODUCTION

As technology continues to evolve at a rapid pace, organizations must adapt to stay ahead in a highly competitive landscape. With the release of Windows 11, Microsoft has introduced what it calls: ‘a new era of computing.’ In this blog post, BNZSA will explore the key reasons why organizations should consider migrating to Windows 11 and the benefits it offers as well as the challenges faced by organisations-such as incompatible legacy hardware.

Let us start with some facts & figures:

  • The original version of Windows 11 (also known as version 21H2) was released in October 2021. Windows 11 feature updates will release with a yearly cadence, in the second half of the calendar year. Currently the latest version of Windows 11 is version 22H2.
  • The latest major release of Windows 10 is version 21H1 which was released on May 18, 2021. Microsoft is ending support for Windows 10 on October 14th, 2025.
  • There are still millions of devices used, which don´t meet the bar for Windows 11. But, according to analyst Forrester, endpoint modernization with a PC refresh and Windows 11 migration increases the endpoint security, provides better manageability and user experience.

SO, WHY SHOULD YOU MIGRATE TO WINDOWS 11?

■ Security

Security is a top concern for organizations. In previous blogs we reported on the evolving threat landscape with a growing number of sophisticated malware and ransomware attacks. Due to the hybrid work environment, PCs are getting used in environments where they are much more vulnerable to cyber threats. Windows 11 addresses these concerns by integrating advanced security features. Windows 11 provides hardware-based security through Trusted Platform Module (TPM) 2.0 and Secure Boot, making it more resistant to cyber threats. With the introduction of Windows Hello for Business, organizations can utilize biometric authentication, such as facial recognition or fingerprint scanning, for enhanced login security. This can help prevent unauthorized access to sensitive data and applications.

■ Improved performance and efficiency

Windows 11 also offers improved performance and efficiency. The new operating system (OS) is optimized for modern hardware, utilizing the latest technologies to deliver faster boot times, improved battery life, and reduced resource consumption. Windows 11 takes advantage of the latest hardware technologies and accelerates performance through optimized hardware utilization. For example, Windows 11 is optimized to leverage the processing power of latest families of Intel CPUs with efficient and performant cores. The OS is designed to make the most efficient use of the available cores, ensuring that tasks and applications run smoothly and efficiently. This can result in better overall performance, faster application responsiveness, and smoother multitasking experiences, according to the manufacturer.

■ User experience and productivity

Microsoft also claims that Windows 11 represents a significant leap forward in terms of user experience & productivity. It strengthens collaboration within organizations by integrating with Microsoft 365 services. It also provides contextual recommendations for more efficient workflows across Windows with suggestions for files, contacts, and actions. And in an era of increased working from home (WFH) and working from anywhere, Windows 11 is designed to support hybrid work enhancing the Microsoft Teams experience, enabling users to connect with colleagues, join meetings, and share content. The integration of Microsoft Teams directly into the taskbar has been designed to streamline communication and collaboration workflows, to promote efficient teamwork and productivity. In this latest release, videoconferencing becomes smarter and easier including intelligent noise canceling, and background blur. Windows 11 includes several other features that can offer improved productivity for your organization. For example, it includes a new feature called “Snap Layouts” which allows users to quickly arrange multiple windows on their desktop for better multitasking. It also includes a new feature called “Snap Groups” which allows users to save groups of apps together for easy access.

■ System Management

Windows 11 offers enterprise-grade management and deployment tools to facilitate the migration process and ongoing system management. Current management tools provide centralized control, and it offers a streamlined approach to the management of devices, updates, and security policies. These tools simplify the migration process and enable efficient management of the Windows 11 ecosystem within the enterprise.

■ Testing

Finally, in terms of testing, Microsoft Windows 11 Version 23H2, due for release this autumn, this one shares the same servicing branch and code base as last year’s release (22H2), which could mean less time for IT managers in testing according to Techfinitive.

WHY SHOULDN’T I MIGRATE TO WINDOWS 11…YET?

■ Hardware requirements

Perhaps the biggest reason Windows 11 has received some negative comments, but not as bad as for some of its past releases, is the new hardware requirements and especially the requirement for the TPM chip, but for some commentators the incompatibility was not with the TPM module but with the CPU itself, especially 32bit processors, as Windows 11 will only run on 64-bit Intel or AMD chips. Depending on a company’s refresh cycle, some organisations have already refreshed their fleet of PCs and Laptops and have been unaware that the CPU not the TPM chip would be responsible for incompatibility.

■ Two Year timeframe to decide

Although it would be fair to say that the longer companies take to migrate, the more complex the process is, some firms are adopting a wait and see approach especially when the support for Windows 10 doesn’t end till October 2025, So although Microsoft has stated it will not be releasing anymore features to Windows 10, save for security patches, some companies are asking if they really need to refresh fleets now — especially if they have just recently done it to support more Windows 11. And although as we have discussed above, the new OS has been designed to support and sustain hybrid work, sometimes he first iterations of a major release are not always bulletproof out of the box and require revisions and patches further down the line. Although Microsoft has said new features will be released with a yearly cadence, some firms are asking if it would be best to wait for the next hardware refresh to ensure compatible TPM and CPUS and an OS that has been out in the field with enough time to be stable.

To read on and gain full access to exclusive Knowledge Exchange insights and analysis

please subscribe

Download Now
KN-Frame-Titles-Down
Latest Trends
related Articles
Latest Trends
Types of Cybersecurity Threats
Sinead Conboy
No Comments

Summary

In part one of our cybersecurity and digital transformation blog series, we set out the importance of keeping security needs at the forefront of any digital strategy. This installment will present the most common cybersecurity threats that businesses are faced with.

Cybersecurity threats come in various forms from different sources, and can be defined as either passive or active, attacking both operating systems and hardware.  

Passive Threat & Active Attacks

Passive cybersecurity threats are attacks which does not harm a company’s system directly, but information is obtained which may be sensitive data. A hacker will attempt to remain unnoticed while gathering information about the victim’s machine, network, or other systems.  

An active attack encompasses a wide range of different techniques that jeopardises a system’s integrity and availability. This type of attack poses a threat to both the organisation and individuals where a hacker attempts to directly modify resources. Unlike a passive attack, these breaches are more easily identified.  

Cybersecurity threats

Common passive attacks:  

  • Phishing – A common, but effective type of attack typically carried out via email. It is designed to steal users’ credentials and trick them into installing malicious software on their device. Over time, phishing attacks have evolved into more sophisticated and efficient tactics, with attackers frequently utilizing authentic-looking credentials to increase their success rate. 
     
  • Cyber espionage – Where a hacker accesses, steals, or exposes classified data or intellectual property with malicious intent which can lead to damaging consequences. Common methods include advanced persistent threats (APT), social engineering and spear phishing.  
     
  • Data packet sniffing – Similar to wiretapping, packet sniffing allows anyone to eavesdrop on computer conversations. An attacker will install hardware or software to monitor, collect and analyse data sent over a network.  

Common active attacks:  

  • Malware – any malicious software which aims to cause disruption or damage a computer, server, or network. Devices can be infected through simple means such as clicking on a suspicious link, but it can allow the hacker access to personal and sensitive information.  
     
  • Denial of Service (DoS) – An attack carried out by bots designed to flood an organisations system with fake requests, therefore blocking legitimate requests. This type of attack both seriously effects company resources and damages infrastructure.  
     
  • Domain spoofing – This is another form of phishing where an attacker impersonates a known business or person by using a fake web or email domain hoping to fool people into trusting them as at first glance they often look legitimate. However, users can be tricked into revealing sensitive information, sending money or clicking malicious links.  

Cyberattacks can affect both operating systems and hardware, creating challenges for businesses who wish to fortify their infrastructure against cybersecurity threats. This can create even greater challenge for smaller businesses who are trying to manage this with limited resources. The third installment of this blog series will discuss the challenges caused by these security breaches.  

☉☉☉

Read More
Cybersecurity challenges faced by businesses
Sinead Conboy
No Comments

In part two of our cybersecurity and digital transformation series we detailed the most common forms of cyberattacks. In this blog, we will discuss the biggest cybersecurity challenges facing businesses.

As digital transformation introduces new, and ever evolving technology to small business IT infrastructure, it is inevitable that an organization’s potential attack surface grows, introducing more cybersecurity challenges.  

As they try to navigate a wide range of potential threats, small businesses can struggle to distribute the right resources to ensure they stay safe, meaning they are vulnerable to various cybersecurity challenges such as:   

  • Secure back-up and recovery of data
  • Detection and response to threats and vulnerabilities
  • Supply chain integrity
  • Manage security activities 24/7
Cybersecurity challenges

Secure back-up and recovery of data

One major cybersecurity challenge that small businesses face is the secure back-up and recovery of data. Companies must have adequate systems in place to ensure that their data is securely backed up and recoverable in the event of damage or corruption.  

Data-driven companies, in particular, must protect their information from sophisticated ransomware attacks. As small businesses increasingly include multi-cloud and on-premise storage of data in their IT infrastructures, cyber resilience is essential to ensure business continuity in the event of a data loss. 

Detection and response to threats and vulnerabilities

The vulnerability of cybersecurity breach above and below a company’s operating system will inevitably increase as the business grows. Threats can present themselves in various forms with the intention of accessing, changing, destroying, or deleting information without authorized access.  

The challenge arises for businesses to install the right systems that can promptly identify these threats and adequately defend their IT infrastructure. According to IBM, in 2022 it took an average of 277 days or 9 months to identify and contain a breach. The longer a breach lasts, the greater the strain on a business’ resources.  

Supply chain integrity

Supply chains are a multi-party ecosystem. Businesses rely on advanced technology to support connectivity and sophisticated logistics networks. However, this technology is also vulnerable to attacks, threatening the integrity of supply chain systems. It is vital to maintain the security of the supply chain eco-systems to avoid operational disruptions, lost revenue, jeopardized data, reduced productivity and potential brand and reputation damage. 

Technology supply chains can also be infiltrated with counterfeit devices that have been tampered with. IT teams work hard to secure their infrastructure, but this is a futile activity if a third party does not maintain their defence along the supply chain. Businesses must ensure devices and their components are safe to deploy using secure verification.   

Manage security activities 24/7

With cyber-attacks posing a threat at any time of day, businesses must remain vigilant around the clock. However, companies often face the challenge of not having the necessary resources in house to physically monitor their networks continuously.  

As threats continue to increase in frequency and complexity, efficient threat detection systems are essential in identifying and preventing attacks before any damage can occur. This can mean having to invest in outsourced services to ensure networks are monitored 24/7. 

Small businesses face numerous cybersecurity challenges in the ever-changing landscape of digital transformation. To ensure their safety, companies must prioritize cyber resilience and invest in efficient threat detection systems. By doing so, they can protect their data, maintain supply chain integrity, and prevent cyber-attacks from disrupting their operations. In the fourth and final blog in this series we will lay out the steps you can take to improve your security measures to keep your infrastructure safe.

Part four will conclude this blog series by detailing the steps needed to implement practices that best address your cybersecurity challenges.  

☉☉☉

Read More
Cyber Security Research Round Up
Paul Briggs
No Comments

Research Round Up

THIS MONTH'S LATEST CYBER SECURITY RESEARCH From security vendors, bloggers, and analysts

Checkpoint Security: Cyber Security Report 2023

Author: Maya Horowitz, VP Research at Check Point Software Technologies

  • “In 2022, the proportion of email-delivered-attacks has increased, reaching a staggering record of 86% of all file-based attacks in-the-wild.”
  • “The Russia-Ukraine war demonstrated how traditional, kinetic war can be augmented by a cybernetic war. It has also influenced the broader threat landscape in the rapid changes of hacktivism and how independent threat actors choose to work for state-affiliated missions.
  • The war has also seen enhanced usage of wiper malware, malware that intends to erase or wipe data of the drive it infects, and this trend has been adopted by several actors, reaching a point where 2022 has seen more wiper attacks globally, than in the previous decade altogether.”

IBM Security Report: Cost of a Data Breach Hits Record High During Pandemic

  • In 2021 systems and software giant, IBM Security found that over half of SMBs had experienced a cyber-attack largely as the result of the pandemic where new hybrid working models were introduced or with the increased migrations to cloud infrastructure.
  • IBM notes that 40% of SMBs do not have comprehensive and updated cyber-security incident plan. Other findings of the IBM research found that or companies with less that 500 employees the cost of an average Cyber breach was around $3m per incident.

Venture Beat/ Forrester 2023 Cyber Security Predictions

  • More than 50% of chief risk officers (CROs) will report directly to the CEO.
  • A C-level executive will be fired for their firm’s use of employee monitoring.
  • A Global 500 firm will be exposed for burning out its cybersecurity employees 
Cyber security research

SecureList by Kaspersky: What your SOC will be facing in 2023

Authors: Sergey Solatov, Roman Nazarov

  • Ransomware will increasingly destroy data instead of encrypting it
  • Public-facing applications will continue to be exploited for initial access
  • More supply chain attacks via telecom
  • More reoccurring targeted attacks by state-sponsored actors
  • Rise in attacks on Media outlets

EMP Research

  • Future-proof: bunkered data centres and the selling of ultra-secure cloud storage
  • Challenges in Protecting Cyber Critical Infrastructure-GOA
  • North Korea’s Satellites Could Unleash Electromagnetic Pulse Attack
  • Critical Infrastructure Cyber Recommendations Go Largely Unaddressed-Nextgov
  • EMP/Solar flare-Grid Down Consulting
  • Infrastructure Security-CISA

Cyber Security Podcasts-Compiled by Fabian Weber

Read More
Related News
Will EMP Attacks Be The Next Emerging Cyber Threat?
Paul Briggs

This month’s Knowledge Exchange white paper on emerging and existing Cyber Security threats will examine why ITDMs and Business Leaders are extremely worried about a ‘catastrophic cyber event’ that could have more of a societal impact than Covid-19 in next few years, and what ITDMs can do today and longer term to mitigate those risks. 

It may be pure co-incidence, but it was certainly chilling to see that in a matter of weeks after the World Economic Forum’s (WEF) 2023 annual summit in Davos, Switzerland that warned of a total “grid down” scenario caused by a ‘catastrophic cyber event;’ a mysterious high-altitude balloon was seen floating across America. 

And while many in the mainstream media have quickly judged this and subsequent other balloons to be a surveillance or spy balloons, other commentators claim that most state sponsored espionage is done via satellites1 and that this vehicle has potentially a more sinister capability: The ability to activate an electromagnetic pulse or EMP at high altitude (HEMP) using a smaller lighter nuclear payload. 

Therefore, if the balloon was carrying an EMP device or was just a drill to test the detection and response time of such devices, at the sort of altitude the vehicle was flying it would have a greater geographical reach than a ground detonated device and could have knocked out a big chunk of the infrastructure it was flying over.  

A grid down scenario would make Covid’s impact seem like, ‘a small disturbance’

Klaus Schwab, founder of the WEF. 

he result would be an instant shut down of power, communication, finance, and business systems that would have a devastating effect to emergency services and supply chains that could tip society into chaos in a matter of days. 

A grid down scenario would make Covid’s impact seem like, ‘a small disturbance,’ according to Klaus Schwab, founder of the WEF.  

President of the Centre for American Defence Studies, Paul Crespo also confirmed the high-altitude vehicles could be a trial run for a cyber-attack using a balloon-mounted weapon.  

Speaking in the Epoch Times Crespo said: 

“While China has tested hypersonic missiles launched from balloons in the past, that isn’t a likely use for these airships."

“The biggest threat is sending one or more of these high-altitude balloons over the US with a small nuclear EMP device.” 

While we hope the vehicle may be nothing more than a ‘weather balloon,’ with rising geopolitical tension between the US with China2, over Taiwan, tensions with Russia, over Ukraine; an increasingly unstable regime in Iran and a reescalation of tension with North Korea, the usage of EMP enabled weapons for a global pre-emptive strike seems alarmingly possible.  

Military strategists at these countries may be in favour of a high-altitude pre-emptive HEMP strike over a conventional full blown nuclear attack as it limits immediate death, radiation fall out and keeps the infrastructure intact, albeit broken, that can be repaired in time.

Read More
Cyber Security Research Round Up
Paul Briggs

Research Round Up

THIS MONTH'S LATEST CYBER SECURITY RESEARCH From security vendors, bloggers, and analysts

Checkpoint Security: Cyber Security Report 2023

Author: Maya Horowitz, VP Research at Check Point Software Technologies

  • “In 2022, the proportion of email-delivered-attacks has increased, reaching a staggering record of 86% of all file-based attacks in-the-wild.”
  • “The Russia-Ukraine war demonstrated how traditional, kinetic war can be augmented by a cybernetic war. It has also influenced the broader threat landscape in the rapid changes of hacktivism and how independent threat actors choose to work for state-affiliated missions.
  • The war has also seen enhanced usage of wiper malware, malware that intends to erase or wipe data of the drive it infects, and this trend has been adopted by several actors, reaching a point where 2022 has seen more wiper attacks globally, than in the previous decade altogether.”

IBM Security Report: Cost of a Data Breach Hits Record High During Pandemic

  • In 2021 systems and software giant, IBM Security found that over half of SMBs had experienced a cyber-attack largely as the result of the pandemic where new hybrid working models were introduced or with the increased migrations to cloud infrastructure.
  • IBM notes that 40% of SMBs do not have comprehensive and updated cyber-security incident plan. Other findings of the IBM research found that or companies with less that 500 employees the cost of an average Cyber breach was around $3m per incident.

Venture Beat/ Forrester 2023 Cyber Security Predictions

  • More than 50% of chief risk officers (CROs) will report directly to the CEO.
  • A C-level executive will be fired for their firm’s use of employee monitoring.
  • A Global 500 firm will be exposed for burning out its cybersecurity employees 
Cyber security research

SecureList by Kaspersky: What your SOC will be facing in 2023

Authors: Sergey Solatov, Roman Nazarov

  • Ransomware will increasingly destroy data instead of encrypting it
  • Public-facing applications will continue to be exploited for initial access
  • More supply chain attacks via telecom
  • More reoccurring targeted attacks by state-sponsored actors
  • Rise in attacks on Media outlets

EMP Research

  • Future-proof: bunkered data centres and the selling of ultra-secure cloud storage
  • Challenges in Protecting Cyber Critical Infrastructure-GOA
  • North Korea’s Satellites Could Unleash Electromagnetic Pulse Attack
  • Critical Infrastructure Cyber Recommendations Go Largely Unaddressed-Nextgov
  • EMP/Solar flare-Grid Down Consulting
  • Infrastructure Security-CISA

Cyber Security Podcasts-Compiled by Fabian Weber

Read More
Steps to improve cybersecurity practices
Sinead Conboy

Summary

The first three blogs of our cybersecurity and digital transformation series focused on the threats and security challenges faced by businesses when implementing a digital transformation strategy. In this concluding installment we will lay out the steps you can take to protect your company from potential attacks.

How can businesses reduce the risks of cyber-attacks?

SMBs face a significant risk of cyber-attacks and security breaches. Businesses can take this steps to improve cybersecurity practices. A single attack can cause irreparable damage to the business. Therefore, it's essential for businesses to establish robust security practices to mitigate security threats to their infrastructure and organization. In this fourth and final installment of our cybersecurity series, we will lay out the best ways to tackle these challenges and threats.

Preparing your business for potential security breaches may seem daunting, but there are many steps you can take to improve your security measures. Here are some ways to improve your business's cybersecurity practices:

• Back up your data on the cloud:

Backing up your data on the cloud is an easy and secure way to ensure that your data is safe and accessible even in the event of hardware failure or corruption. Cloud storage is less susceptible to theft or damage than physical on-premise devices as cloud service providers offer firewall protection, making it a safer choice for data storage. Public and private cloud options are available to businesses of all sizes, and data can be accessed from anywhere with an internet connection.

• Implement access controls:

Access control policies limit access to your business's critical assets. Avoid sharing user IDs for accessing systems and data. Instead, use unique IDs and login credentials to make it easier to track who is accessing your resources. Implementing automated Identity Access Management (IAM) systems helps streamline this task and eliminates a large amount of risk.

• Thoroughly train employees in best practices:

Humans are often the weakest link in the cybersecurity chain. It is essential that your employees and adequately trained in your more updated security procedures. They need to be equipped with the knowledge and skills to be able to identify and avoid potential threats. Without this, they may be more likely to fall victim to sophisticated phishing attacks, and unintentionally expose the company’s data or put it at risk of an attack.

• User Authentication:

User authentication is the process of verifying the identity of a user before they are granted access to a system or application. Multi-factor authentication creates a layered security system that requires employees to use a randomly generated one-time code sent via SMS or email in addition to their password to verify their identity. This type of security system protects your data by preventing unauthorized third-party users from gaining entry to business systems and websites.

• Implement a Managed Detection and Response (MDR) service:

Small businesses and their IT security teams can struggle to keep pace with their growing volume of technology and threats. A Managed Detection and Response (MDR) service is a cybersecurity service that combines high-end technology with human expertise to rapidly identify and limit the impact of cyber threats without the need to hire additional staff. This service monitors your systems and applications 24/7 to detect and respond to any security incidents.

Final Thoughts

In conclusion, improving your business's cybersecurity practices is essential to safeguarding your data and ensuring the continuity of your business. By implementing these security measures, you can help protect your business from cyber threats and avoid the devastating consequences of a security breach.

☉☉☉

Read More

Unlock the power

Speak with the Knowledge Exchange team

call me
expert-IT-trend-advisor-from-Knowledge-Exchange
envelopephone-handsetcrossmenupointer-right