With activity dwindling across a number of industries, you’d be forgiven for thinking it’s been an equally quiet quarter for Vapour. The truth is, both our pre-sales and renewals teams have seen greater demand than ever from customers keen to unlock the full potential of our toolkit. But which services have got people talking the most? Here’s a snapshot of just some of our recent activity.
Renowned for our network security expertise, several clients see Vapour as a bolt-on essential to help monitor web applications, filter through threats in traffic, and prevent large and small data breaches. More than simple set-and-forget technology, our hosted firewall offers hyper vigilance to help defend against threats — key not only for compliance mandates, but also for budgets, reputation, and more. Circle Recycling, a champion in waste management, is the latest customer to tap into this service.
Meanwhile, CHIORINO UK, a plastic fabrication specialist and steadfast customer since 2017, embraced a new era of connectivity with enhanced internet service for its new site. And for Walker Fire, who we’ve partnered with since 2019, enhanced reporting capabilities have elevated their fire protection capabilities for 2024.
But it’s not just about the new. A number of enduring partnerships were also reflected in our Q4 renewals. Logistics firm Ark-H Handling — a name many may recognise as our very first customer in 2013 — chose to continue its journey with our voice services. Northern Building Plastics, a Leeds-based building material supplier we’ve worked with since 2014, also renewed their connectivity commitments with Vapour.
We’ve been a popular force among the resellers throughout this period too. Smart Solutions and Radius Connect — who we’ve partnered with for eight and two years, respectively — reinforced their trust in our toolkit by renewing connectivity and voice services for their own clientele.
And Walk Investments, the media and merchandise wholesaler that first chose Vapour in 2014, not long after we broke into the market, renewed both their connectivity and session initiation protocol (SIP) services. With the latter being used for internet telephony and multimedia distribution between two or more endpoints, it goes without saying that connectivity and voice have dominated our dialogue for much of the quarter.
So, what’s to come? James Wood, senior sales support, talks about Vapour’s vigilance: “Cyber threats are constantly evolving, so we’re always ready to address concerns for our clients. But the recent survey by Enterprise Strategy Group reveals the stark reality of vulnerabilities in the cloud. With 99% of respondents facing a cloud-focused cyber attack in the last 12 months, there's a growing urgency to ensure the resilience of IT estates. We anticipate an uptick in enquiries as organisations prioritise stability over hasty migrations.”
As we bid adieu to 2023, we thank our clients for their unwavering trust. Here's to more success, innovation, and strengthened partnerships in the coming year.
Want more where this came from? Explore our case studies.
The construction industry's growing reliance on technology and remote systems, coupled with alarming cyber security statistics, necessitates a paradigm shift towards ‘zero trust’. Our CEO Tim Mercer, recently explored how this burgeoning access model can help fortify cyber security strategies in the era of digital construction in this article for PBC Today. If you missed the original piece, you can find it here...
The construction industry is undergoing a remarkable technological transformation, underpinned by the adoption of digital tools and remote systems. For the most part, this is a monumental shift. As well as revolutionising efficiency, collaboration, and project management, embracing technology has optimised processes, enhanced communication, and accelerated innovation — propelling the sector toward a future of sustainable growth and competitiveness.
However, with this progress comes an increased vulnerability to cyber threats. And as the construction industry forges ahead, it must not overlook the digital sentinels guarding its progress.
A growing number of personnel — from contractors and subcontractors to architects, engineers, surveyors, and more — have access to shared IT platforms today, heightening the potential for insider breaches. Plus, with all three key stages of construction (design, construction, and handover) involving extensive digital workflows, cyber security risks exist from the tender stage right through to completion, and thereafter.
A glance at the Department for Culture, Media and Sport (DCMS) Cyber Security Breaches Survey 2023 paints a sobering picture. The construction sector significantly lags behind others in assigning importance to cyber security, with just 21% of firms having a board member overseeing this domain – a mere 1% increase from the previous year. Alarmingly, the industry is also identified as one of the top three least likely to have cyber security rules or active threat identification measures in place.
Software's integral role in the construction process further amplifies the urgency of robust cyber security too. According to Grand View research, the global construction software market was valued at around $9.6 billion (£8.42 billion) in 2021, and is projected to grow at an annual rate of 8.5% from 2022 to 2030. As software usage expands, data harvests increase, subsequently offering more opportunities for cyber attackers.
As such, the need for stringent cyber security has never been more critical. This is where the concept of zero trust comes into play.
The essence of zero trust
Just as the sector’s professionals meticulously inspect every brick and beam, so must they scrutinise every digital entry point into their domain. Zero trust, a paradigm shift from the traditional "trust but verify" approach, dictates that no user or system is inherently trustworthy — assuming that threats can emerge from within and outside the organisation, thereby minimising vulnerabilities.
Part of a multi-layered defence strategy, this framework involves meticulous identity verification, continuous monitoring, and robust encryption. User access privileges should be granted on a need-to-know basis, with rigorous verification processes for each request.
Constructing a resilient cyber security strategy
Establishing a resilient zero trust access strategy can be a daunting task, particularly in the absence of expert guidance. Make one wrong move, and the very digital foundation meant to enhance operations could become a vulnerable gateway for malicious actors seeking to exploit weaknesses.
While each element will differ slightly from one organisation to the next, the following framework outlines a comprehensive roadmap that construction companies can tailor to suit their specific needs:
1. Comprehensive identity verification: The foundation of a zero trust strategy lies in meticulous identity validation. Construction companies must implement multi-factor authentication (MFA) and identity verification protocols for all users seeking access to digital resources. This ensures that only authorised individuals gain entry.
2. Least privilege access: Embracing the principle of least privilege, the strategy should grant users the minimum access necessary for their roles. This prevents over-privileged accounts from becoming potential entry points for cyber attackers, reducing the attack surface and potential damage.
3. Continuous monitoring and behavioural analytics: Real-time monitoring of user behaviour and network activities is integral to detecting anomalies promptly. Behavioural analytics enable the identification of unusual patterns, allowing immediate response to potential threats before they escalate.
4. Micro-segmentation: Segmenting the network into smaller, isolated sections limits lateral movement for attackers. This containment approach isolates potential breaches, preventing unauthorised access to critical assets.
5. Robust encryption: Data encryption, both in transit and at rest, is pivotal to maintaining data integrity and confidentiality. Encryption ensures that even if unauthorised access occurs, the intercepted data remains indecipherable.
6. Zero trust architecture: Implement a comprehensive architecture that enforces zero trust principles across all layers of the IT infrastructure. From endpoints to applications and data repositories, consistency in zero trust application enhances overall security.
7. Continuous training and awareness: Employees play a crucial role in any cybersecurity strategy. Regular training and awareness programmes educate personnel about the zero trust approach, fostering a security-conscious culture.
8. Vendor and third-party management: Extend zero trust principles to third-party vendors, contractors, and partners who interact with the company's digital environment. Rigorous vetting and monitoring ensure that external entities adhere to the same security standards.
As digital tools proliferate and data volumes surge, a proactive cybersecurity strategy is no longer a luxury but a necessity for the UK’s most ambitious construction firms. In a world where innovation knows no bounds, neither should construction firms’ commitment to safeguarding their digital foundations.
Vapour’s CEO Tim Mercer was invited to attend the much-talked-about Comms Vision event delivered by Comms Dealer at the beautiful Gleneagles venue in Scotland last month.
Here are his top 10 takeaways from the two-day discussions:
It’s no secret that the global tech sector is advancing at an astonishingly rapid pace – not least in relation to the now integral role of digital transformation in spearheading growth and success. But no matter the size or scope or your organisation – or how sophisticated your innovation strategy is – the only way to drive significant change is to leverage the power of people.
So, to champion some of the industry’ finest talent, and gain some insight into the minds of individuals from across the tech space, we’re inviting friends and partners of the business to take part in our quickfire Q&A.
Up next, it’s Greg Gyves, Business Manager, MSSP - EMEA at Fortinet…
Fortinet is the world’s leading cyber security company, and we help a range of organisations – from the smallest micro businesses to the world’s largest enterprises and governments – to securely accelerate their digital journey.
All my time in the last 10 years at Fortinet has been dedicated to supporting the growth of our MSP and MSSP partner community, as well as helping them build new and incremental recurring revenue streams from managed security services.
A significant turning point was the introduction of the Fortinet Security Fabric vision – which has existed for almost a decade now, and helps deliver broad, integrated, and automated protections across the entire digital attack surface.
This is a strategic approach most recently validated by Gartner, with the introduction of their cyber security mesh architecture (CSMA).
Fortinet has several strategic growth engines in different technology areas – driven in a large part by the increasing volume and variety of sophisticated cyberthreats, the shift to working from anywhere, and the convergence of network and security.
Our key priority areas are continuing our growth in network firewall and Secure SD-WAN, along with SASE and ZTNA, to accelerate the digital transformation of our customers. We’re also keen to further develop comprehensive products and solutions to secure operational technology (OT) environments, as we see a rising volume of attacks that are targeting these traditionally isolated environments.
That it’s an industry for men and that you have to be technical to succeed. While it is true that there are few women working in the field of cybersecurity, and even fewer if we only consider engineering positions, I don’t think it’s necessarily more difficult for them to enter this space. We should collectively make it more balanced by hiring a greater number of women, to bring diversity as well as help to address the global skills shortage.
Although the trend will span longer than 12 months, there is a continued convergence of IT and OT, where there is a requirement to leverage previously unconnected operational networks by connecting them to the cloud, and in turn the IT network.
There is a significant addressable opportunity in OT security, and we believe we are well placed to take advantage of this fast-growing trend.
Don’t stand still – it’s equivalent to falling behind. Constantly looking for ways to push beyond your comfort zone is crucial to keep up with the pace of the industry.
A Peloton exercise bike – I love the idea of that immersive experience from the comfort of your own home.
Probably a Commodore VIC 20, that I think was originally given to my older brother. It was later superseded by the Commodore 64 and Amiga 500, before we became a Nintendo house instead.
Well, I’m shocked my wife still forces me to keep the Blu Ray player (not that I can remember the last time we used it!), against my best efforts to stick it in the bin. If anyone reading this actually still uses a DVD or Blu Ray player, then I am shocked!
I imagine it would be a game of football in the house or in the garden with my two boys, aged 10 and 5. They are both mad for the sport and any ‘unconnected’ activity usually involves a football.
Cyber Security Awareness Month may have dominated the headlines in October, but it remains an ongoing priority at Vapour HQ.
And the team is delighted to have secured Cyber Essentials certification – a government-backed scheme that evidences our deeply-engrained commitment to security, and our protection against cyber-attacks.
Independently assessed by the ISAME Consortium – a Cyber Essentials Partner – the accreditation hasn’t just encouraged the Vapour team to review and validate our cyber security protocol. It also now reassures our customers across public and private sectors – ranging from construction to education, and healthcare to professional services – that we take proactive steps to protect our cloud technology infrastructure from risk.
Commenting on the success, Vapour’s head of transformation and operations Carol McGrotty – who led the certification project – said: “A key part of being ‘cyber ready’ is never becoming complacent. It’s a mantra we share with our customers, so it’s important we live and breathe it too – not least because many attacks are a result of fairly unskilled hackers exploiting innocent human error.
“So, while we know we take cyber security extremely seriously throughout the Vapour team, the exercise to achieve certification provided a helpful ‘sense check’ that we’ve got all bases covered. It should also act as a further sign of confidence for our customers – large and small – that when you’re working with us, you’re in safe hands.”
Last month, the iconic Olympia London opened its doors to over 5,000 delegates, for the 2022 International Cyber Security Expo.
With an esteemed Advisory Council, chaired by Professor Ciaran Martin CB (former CEO of the NCSC), the event combines world-class education with practical business solutions, as well as leading products and innovations.
Not ones to miss such an opportune event, our cyber security team headed down to scope out some key insights.
Here’s what they came back with…
Software Bill of Materials (SBOM) as a strategy 101
Recently emerging as a key building block in software security and supply chain risk management, a SBOM is a complete inventory of a codebase – including open source components, their license and version information, and any known vulnerabilities.
Having an SBOM is one of the most effective ways to identify impacted systems, as well as help organisations secure their infrastructure to minimise cyber security risks.
Attack tree analysis: identifying and ranking cyberattack paths
Conceptual diagrams showing how a system or target can be compromised, attack trees are an excellent tool in the world of cyber security.
Utilising telemetry data and estimates to reduce the risk of an attack, David Wiseman of Isograph Software ran through an example of a threat imposed on an automotive infotainment system – and what an insightful demo it was!
Application security – present and future
A panel of cyber powerhouses delved deeper into application security automation testing.
Specifically, the discussion focused on API security, cloud native application security, and supply chain risks – highlighting how our growing reliance upon such services have exposed users to a variety of new security risks, and exploring how to protect them from constantly-evolving threats.
Hunting the actors behind the threat
Clustering is the process of dividing entire data into groups, based on the patterns in the data – allowing experts to observe activity and identify any anomalies that could indicate a threat. Very Jason Bourne!
Zero Trust for applications and protecting yourself from zero-day vulnerabilities
Zero Trust is a hot topic for network security. Yet, many are yet to grasp its impact or understand successful implementation.
Delving into the various endpoint evasion techniques that are undetectable by most Endpoint Detection and Response (EDR) and antivirus solutions, offered some great insight into the need for such architecture in an increasingly connected world.
An insight into penetration testing
With a whistle-stop demo of penetration testing in action, attendees were encouraged to think like a hacker, and detect vulnerabilities in a sample software system.
But why is this so important?
Want to continue the conversation? Get in touch.
We have received a growing number of enquiries over the past two weeks, from customers concerned about the threat of cyberattacks. And the number of people contacting us in search of guidance is continuing to rise. Our head of transformation and operations – Carol McGrotty – has therefore summarised our advice in this short post. If you wish to discuss this any further, please contact our Service Desk at email@example.com, and we will do our best to assist.
With Russian military operations currently underway in Ukraine, the question of whether cyber warfare will also be employed remains unanswered.
Vapour is liaising with Tier 1 providers – with no known immediate threat – and shall continue to do so.
There is a heightened sense of concern being felt by many organisations. Our focus is to help clients prepare for potential cyberattacks. For that, we have put together this cyber readiness checklist. While many of these suggestions are standard cyber hygiene protocols and best practices, simple actions can also go a long way towards fighting against cyberthreats.
Access: Review admin access to Firewalls and Firewall policies to ensure only permitted access has been given and not open to vulnerabilities
Patching: Ensure that all systems are fully patched and updated
Protection Databases: Make sure your security tools have the latest databases
Backup: Create or update offline backups for all critical systems
Phishing: Conduct phishing awareness training and drills
Hunt: Proactively hunt for attackers in your network using the known TTPs of Russian threat actors
Emulate: Test your defences to ensure they can detect the known TTPs of Russian threat actors
Response: Test your incident response against fictitious, real-world scenarios.
We hope you find this helpful, and if you have any queries, please contact our Service Desk at firstname.lastname@example.org.
The hybrid world of work is here to stay and brings a raft of benefits with it. But we can’t forget the data security risks that come with being away from the usual corporate setting.
And, to celebrate the launch of our SD-WAN solution for hybrid workers, we decided to team up with One Minute Briefs in a bid to educate the nation around some of the cyber risks which lurk with remote work.
Enlisting the help of One Minute Brief’s 33k-strong online community (otherwise known as OMBLES), we set about creating posters which highlight the cyber risks associated with hybrid working – if organisations don’t better protect their colleagues’ devices.
Of course, we’d highly recommend using Vapour’s new hybrid working solution, which integrates endpoint and network security through state-of-the-art SD-WAN technologies, to reduce organisations’ exposure to cyber threats, regardless of where employees decide to work from one day to the next.
The OMBLES were inspired too, and not only did the campaign feature amongst Twitter’s ‘trending’ charts – alongside National Tea Day and The Queen’s 95th birthday – but it generated over 200 entries, 76.6k impressions, and reached around 6.6 million people.
The level of creativity was sky-high, and it took us a while to settle on a shortlist of just 20 – never mind our eventual winner. But do you agree with our selection? Find out more about our SD-WAN solution, here.