All Posts By

Brenda Caseley

Good questions, better answers

By | General News

News and developments from Spark-sponsored Lightning Lab GovTech

Lightening Lab GovTech is a Spark-sponsored accelerator programme for public sector agencies to build, test, and validate new approaches and technologies for government. Ten teams are working side-by-side in the Lightning Lab facility over three months, before lifting the lid on their handiwork at a demo day showcase event on 5 November.

Stuart Van Rij coached teams participating in this year’s edition of Lightning Lab GovTech – Van Rij, a coach with the Camp Negotiation Institute, says the science of a good question involves knowing your mission and purpose – you’ve got to know why you’re asking the question and what you aim to find.

Ten teams have been working side-by-side in the Lightning Lab facility and will lift the lid on their handiwork at a demo day showcase event on 5 November.

Maggie Ford, a member of the Department of Conservation’s team exploring improvements to waste management practices at DOC sites, put the theory to test in a problem discovery sprint – a process designed to pinpoint the nature of problems and how they map to opportunities.

Learn more >>

Mental Health Awareness Week

By | General News

This week is Mental Health Awareness Week and CCL Together with Revera is focusing on the Five Ways to Wellbeing – Connect, Keep Learning, Take Notice, Be Active and Give. There is a lot happening this week, starting off with a wee treat on everyone’s desk encouraging team members to take a break and focus on the Five Ways to Wellbeing.

Explore your way to wellbeing – Whāia te ara hauora, Whitiora.

Meet the CCL, Reseller News Innovation Awards 2019 Finalists

By | General News

CCL has been shortlisted for three awards at this year’s Reseller News Innovation Awards:

Josh Penfold – finalist for Management Excellence

Karl Moore – finalist for Sales Excellence

And, CCL is a finalist for the Mid-market Partner of the Year award (CCL has won this award in 2018 and 2017).

The awards ceremony will be held on 23rd October. Good luck team.

CCL appoints Suzanne Miller – Director, Central Region

By | General News

Suzanne Miller has been appointed Director, Central Region, spearheading the newly-merged CCL’s business across the greater  Wellington and lower-North Island regions.

Completing CCL’s top-table line-up, announced in May this year, Miller joins CCL from Spark, where she held the position of Customer Unit Lead.

A former general manager of Datacom’s government cloud services, Miller’s track-record in the IT industry includes roles for a slew of top-tier organisations, including HPE and, client-side, IRD, Capital Coast District Heath Board, and Westpac Bank.

CCL CEO Andrew Allan said he was delighted with Miller’s appointment. “Suzanne has a formidable CV, with technical and leadership skills tested and proven in some of the country’s most dynamic organisations,” he said. “Her experience in cloud services, transformational change, and central government make her ideally placed to lead CCL in the central region.”

With 700-plus employees and 11 offices nationwide, CCL is the country’s largest New Zealand-focused IT services company, providing end-to-end IT management and multi-platform expertise to some of New Zealand’s most important organisations.

Since announcing the merger late February, the company has maintained a head of steam, winning significant transformation project work for New Zealand’s primary workplace health and safety regulator WorkSafe, and Children’s charity Barnados, as well was adding muscle in the public cloud arena with new accreditations from Microsoft and Amazon Web Services (AWS).

Workers still falling victim to old cyber tricks

By | General News

Fraudsters prey on busy execs’ impulsive email behaviour  

Few people these days fall for unsolicited emails from Nigerian princes offering juicy commission to transfer funds from a multimillion-dollar inheritance. But still plenty of Kiwis are being sucked in by a rising number of email phishing scams – and you can blame their impulsive email behaviour.

CCL’s security awareness service, which each week sends phishing look-a-like emails to thousands of employees working in organisations across the country, is registering a phishing success rate of 20-to-30 per cent among participating employees presented with their first duplicitous email.

CCL’s Head of Security, Tim Sewell, said analysis showed that while people in all job roles fell victim to phishing attacks, certain personality types, especially Type-A personalities, often found working in sales and leadership roles, appear more inclined to click duplicitous links and attachments.

However, personality type wasn’t the only factor to determine susceptibility, he said. “Personal workloads, stress, timing and context also influence the success rates of phishing attacks. For example, receiving a phishing email that looks like a courier company when you’re expecting to receive a parcel – bingo.”

Sewell said CCL’s training and education programme had reduced phishing success rates to around five per cent, with well-trained employees now regularly reporting phishing scams and being part of the solution.

In the meantime, real-life phishing incidents were likely to remain high as phishermen got more sophisticated, launching scams from previously compromised email accounts and impersonating trusted providers, such as Microsoft Office 365, Amazon, Google, even the IRD and NZ Post, he said.

“More people are working in the cloud and using browser-based logins to access services. As this behaviour becomes routine, people tend to let their guard down, providing an easy in for fraudsters to steal user login credentials,” said Sewell.

A report published by cloud security firm Avanan shows one in every 99 emails is a phishing attack, using malicious links and attachments as the main vector.

Closer to home, CERT NZ figures show the number of malware reports from Kiwi organisations more than doubled to 43 in the three months ended 31 December.

Phishing campaigns containing malware and targeting business customers of some New Zealand banks contributed to the increase. And in three incidents reported to the NCSC this year, New Zealand organisations lost nearly NZD$800,000 to ‘successful’ fraudulent invoice emails.

Sewell said multi-factor authentication (also known as MFA) helped reduce credential theft – one of the main prizes from phishing attacks – by requiring users to authenticate themselves to a website by another method, in addition to the standard username and password login procedure.

However, he said the additional cost of MFA and the inconvenience to users who are quick to moan about laboured access discouraged adoption, increasing the “attack surface” for criminals.

“And that’s a big problem, because once the bad guys have captured a user’s credentials their behaviour goes largely unnoticed – because there isn’t anything to trigger a security alert,” said Sewell. “That gives the crims time to watch and learn, email customers with revised payment details, send out mocked-up invoices, gain the trust of contacts linked to the compromised email account, and reply to existing emails.”  

He said regular, friendly phishing exercises, multi-factor authentication, and anti-phishing technology were essential steps in the current cybersecurity landscape, though tweaking existing policies in some cases was the fastest way to bolster defences, he said.

“For example, financial policies should ensure requests to change payment details are authorised and properly validated, without relying on email. Don’t accept emails as authorisation of payment method. And if someone keeps taking the phishing bait, maybe they’re in the wrong job,” said Sewell.

CCL scoops Dell Solution Provider Workforce Transformation Award 2018

By | General News

CCL’s delivery of Dell solutions has been recognised at the vendor’s annual A/NZ partner event held last week in Nouméa, New Caledonia.

The Spark-owned provider took home the solution provider workforce transformation award 2018.

CCL was the only New Zealand partner to win among the 13 categories in the regional award.

The awards recognise the ways in which partners are growing their businesses within the Dell Technologies Partner Program, unlocking limitless possibilities for their customers with innovative transformational solutions, the vendor explained.

Read the full story.

CCL-Revera appoints executive leadership team

By | General News

CEO Andrew Allan appoints leadership team to extend company’s cloud and IT services leadership.

Seven executives from the ranks of Revera and CCL pre-merger have been appointed to the executive leadership team of the now merged entity, called CCL.

Joining CEO Andrew Allan at the top table is:

  • COO – Sri Gazula, who held the same position at Revera
  • CFO – Chris Fairfield, previously Revera CFO
  • Troy Myer – Technical Director (formerly Revera General Manager Business Development)
  • Cherie Roache – Director Southern Region (formerly CCL General Manager, Southern Region)
  • Guy Inglis – Director Northern Region (formerly CCL General Manager, Northern Region)
  • Rik Rogers – Director Client Delivery (formerly CCL General Manager Managed Services)
  • Richard Hansen – Director Enterprise Sourcing (formerly CCL General Manager Strategy).

The company is currently recruiting for an executive to fill the role of Director Central Region.

“The formation of this team is a significant milestone in what is a new beginning for two established businesses,” said CEO Andrew Allan. “Now we can leverage our collective strengths to accelerate our success in cloud and IT services.”

Allan oversees more than 700 employees, in offices across Auckland, Wellington, Christchurch and Nelson, in additional to Blenheim, Dunedin, Invercargill and Queenstown.

“The merger was conceived to create a single organisation providing end-to-end IT management and cloud technology services unrivalled in New Zealand,” he said. “Work continues apace as we streamline processes, culture, and customer experience – the results of which will bubble to the surface without too much fanfare.”

Since announcing the merger late February, the company has maintained a head of steam, winning significant transformation project work for New Zealand’s primary workplace health and safety regulator WorkSafe and Children’s charity Barnados, as well was adding muscle in the public cloud arena with new accreditations from Microsoft and Amazon Web Services (AWS).

Allan said the Spark-owned entity had full license to write its own rules for success  but was remodelling aspects of its services portfolio to support Spark Group’s strategy in the cloud.

Jolie Hodson, Customer Director at Spark, said the new CCL was the best form to leverage the company’s investment in the two businesses – a move that effectively created Spark Group’s IT managed services and cloud delivery engine.

“We want to extend our position as arguably the leader of IT management and cloud technology services in the country,” she said at the time of the announcement. “Combining these two businesses delivers the seamless end-to-end services and expertise more clients demand, and ensures we put a panoptic lens to their businesses.”

Intel MDS Vulnerabilities

By | Security News

On 15 May 2019, NZ time, Intel announced a new group of vulnerabilities collectively known as “Microarchitectural Data Sampling”, which are a subset of previously disclosed speculative execution side channel vulnerabilities.

The vulnerabilities have been assigned the following four CVE’s:

•             CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (CVSSv3 = 6.5)

•             CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (CVSSv3 = 6.5)

•             CVE-2018-12127 – Microarchitectural Load Port Data Sampling (CVSSv3 = 6.5)

•             CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (CVSSv3 = 3.8)

Like the previous Intel chip vulnerabilities, these utilise side channel attacks against speculative performance optimisation techniques to infer data in chip components that are meant to be protected. Attacks against these vulnerabilities could allow attackers to leak private data from internal CPU buffers and Load Ports.

Successful exploitation requires malicious code to be run on a targeted system. Intel is reporting that real-world exploits, outside of controlled conditions is complex, but there are currently demonstration videos and proof of concept code published on the Internet for at least one of the vulnerabilities.

Mitigation will typically involve updates at multiple layers, including microcode, virtualisation and operating system. In some cases, full mitigation may also require additional steps, including disabling Hyper-Threading. Refer to vendor guidance to understand cases where such decisions need to be considered.

Remediation:

CCL Polaris IaaS Platform

CCL is programmatically addressing the identified vulnerabilities at the hardware, hypervisor and management software layers. Clients are responsible for patching non-CCL managed operating systems residing on the platform. Additional information will be provided through our standard change control notifications or directly from your Customer Relationship Manager.

Public Cloud Platforms

All major public cloud providers are indicating that they have taken steps to mitigate the vulnerabilities in their environments:

All major public cloud providers are indicating that they have taken steps to mitigate the vulnerabilities in their environments:

https://support.google.com/faqs/answer/9330250

https://aws.amazon.com/security/security-bulletins/AWS-2019-004/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190013

Client Dedicated Virtual Platforms, On-premise Private Cloud and On-premise Infrastructure:

For dedicated virtualisation platforms, patching may be required at the hardware microcode and operating system level in addition to the Hypervisor. Please refer to applicable vendor guidance for detailed mitigation requirements. Links for some major vendors are included below.

Recommendations:

CCL recommends that all clients assess their risk and appropriately patch systems. Standard update procedures should be appropriate for most systems. Shared environments that run untrusted code may warrant more urgent, out-of-band update procedures.

Please note that some vendors are indicating system reboots will be required for updates to be applied. Always perform thorough testing to avoid unexpected outages or performance impacts. Vendors have indicated that some performance impact should be expected.

Please contact support@concepts.co.nz or 0800 225 737, if you would like more information.

References:

Note – please hover over and validate hyperlinks prior to clicking

https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling

https://support.microsoft.com/en-nz/help/4457951/windows-guidance-to-protect-against-speculative-execution-side-channel

https://www.vmware.com/security/advisories/VMSA-2019-0008.html

https://access.redhat.com/security/vulnerabilities/mds

NZ Cert Security Warnings

By | Security News

NZ Cert has released two security advisories this week regarding security vulnerabilities that present a high risk to systems connected to the Internet.

  • The first advisory warns of known active attacks against a previously patched SharePoint vulnerability to compromise corporate websites.
  • The second details a newly patched vulnerability in Microsoft Remote Desktop Services on older operating systems (Windows 7/Server 2008 R2 and earlier). It is expected that exploits will be developed and used against this vulnerability in the near future. Microsoft has also released patches for unsupported software, including Windows XP and Server 2003.

Recommendations

CCL recommends that clients remain diligent about implementing and maintaining strong security controls and practices for all public facing systems. This includes ensuring that the entire software stack, from the OS to third party applications, is kept fully patched against known vulnerabilities.

Specifically, we recommend that security patches for the SharePoint and RDS vulnerabilities are tested and implemented as soon as possible, with priority placed on systems connected to the Internet.

If you have any concerns about potential risks to existing systems or would like to discuss ways CCL can help provide visibility to any exposed systems, please reach out to your Customer Relationship Manager or Service Delivery Manager.

References

https://www.cert.govt.nz/it-specialists/advisories/vulnerability-microsoft-rdp-services/

https://www.cert.govt.nz/it-specialists/advisories/microsoft-sharepoint-vulnerability-being-exploited/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604