With activity dwindling across a number of industries, you’d be forgiven for thinking it’s been an equally quiet quarter for Vapour. The truth is, both our pre-sales and renewals teams have seen greater demand than ever from customers keen to unlock the full potential of our toolkit. But which services have got people talking the most? Here’s a snapshot of just some of our recent activity.

Renowned for our network security expertise, several clients see Vapour as a bolt-on essential to help monitor web applications, filter through threats in traffic, and prevent large and small data breaches. More than simple set-and-forget technology, our hosted firewall offers hyper vigilance to help defend against threats — key not only for compliance mandates, but also for budgets, reputation, and more. Circle Recycling, a champion in waste management, is the latest customer to tap into this service. 

Meanwhile, CHIORINO UK, a plastic fabrication specialist and steadfast customer since 2017, embraced a new era of connectivity with enhanced internet service for its new site. And for Walker Fire, who we’ve partnered with since 2019, enhanced reporting capabilities have elevated their fire protection capabilities for 2024. 

But it’s not just about the new. A number of enduring partnerships were also reflected in our Q4 renewals. Logistics firm Ark-H Handling — a name many may recognise as our very first customer in 2013 — chose to continue its journey with our voice services. Northern Building Plastics, a Leeds-based building material supplier we’ve worked with since 2014, also renewed their connectivity commitments with Vapour. 

We’ve been a popular force among the resellers throughout this period too. Smart Solutions and Radius Connect — who we’ve partnered with for eight and two years, respectively — reinforced their trust in our toolkit by renewing connectivity and voice services for their own clientele.

And Walk Investments, the media and merchandise wholesaler that first chose Vapour in 2014, not long after we broke into the market, renewed both their connectivity and session initiation protocol (SIP) services. With the latter being used for internet telephony and multimedia distribution between two or more endpoints, it goes without saying that connectivity and voice have dominated our dialogue for much of the quarter.

So, what’s to come? James Wood, senior sales support, talks about Vapour’s vigilance: “Cyber threats are constantly evolving, so we’re always ready to address concerns for our clients. But the recent survey by Enterprise Strategy Group reveals the stark reality of vulnerabilities in the cloud. With 99% of respondents facing a cloud-focused cyber attack in the last 12 months, there's a growing urgency to ensure the resilience of IT estates. We anticipate an uptick in enquiries as organisations prioritise stability over hasty migrations.”

As we bid adieu to 2023, we thank our clients for their unwavering trust. Here's to more success, innovation, and strengthened partnerships in the coming year.

Want more where this came from? Explore our case studies.

The construction industry's growing reliance on technology and remote systems, coupled with alarming cyber security statistics, necessitates a paradigm shift towards ‘zero trust’. Our CEO Tim Mercer, recently explored how this burgeoning access model can help fortify cyber security strategies in the era of digital construction in this article for PBC Today. If you missed the original piece, you can find it here...

The construction industry is undergoing a remarkable technological transformation, underpinned by the adoption of digital tools and remote systems. For the most part, this is a monumental shift. As well as revolutionising efficiency, collaboration, and project management, embracing technology has optimised processes, enhanced communication, and accelerated innovation — propelling the sector toward a future of sustainable growth and competitiveness.

However, with this progress comes an increased vulnerability to cyber threats. And as the construction industry forges ahead, it must not overlook the digital sentinels guarding its progress.

A growing number of personnel — from contractors and subcontractors to architects, engineers, surveyors, and more — have access to shared IT platforms today, heightening the potential for insider breaches. Plus, with all three key stages of construction (design, construction, and handover) involving extensive digital workflows, cyber security risks exist from the tender stage right through to completion, and thereafter. 

A glance at the Department for Culture, Media and Sport (DCMS) Cyber Security Breaches Survey 2023 paints a sobering picture. The construction sector significantly lags behind others in assigning importance to cyber security, with just 21% of firms having a board member overseeing this domain – a mere 1% increase from the previous year. Alarmingly, the industry is also identified as one of the top three least likely to have cyber security rules or active threat identification measures in place.

Software's integral role in the construction process further amplifies the urgency of robust cyber security too. According to Grand View research, the global construction software market was valued at around $9.6 billion (£8.42 billion) in 2021, and is projected to grow at an annual rate of 8.5% from 2022 to 2030. As software usage expands, data harvests increase, subsequently offering more opportunities for cyber attackers.

As such, the need for stringent cyber security has never been more critical. This is where the concept of zero trust comes into play.

The essence of zero trust

Just as the sector’s professionals meticulously inspect every brick and beam, so must they scrutinise every digital entry point into their domain. Zero trust, a paradigm shift from the traditional "trust but verify" approach, dictates that no user or system is inherently trustworthy — assuming that threats can emerge from within and outside the organisation, thereby minimising vulnerabilities.

Part of a multi-layered defence strategy, this framework involves meticulous identity verification, continuous monitoring, and robust encryption. User access privileges should be granted on a need-to-know basis, with rigorous verification processes for each request.

Constructing a resilient cyber security strategy

Establishing a resilient zero trust access strategy can be a daunting task, particularly in the absence of expert guidance. Make one wrong move, and the very digital foundation meant to enhance operations could become a vulnerable gateway for malicious actors seeking to exploit weaknesses.

While each element will differ slightly from one organisation to the next, the following framework outlines a comprehensive roadmap that construction companies can tailor to suit their specific needs:

1. Comprehensive identity verification: The foundation of a zero trust strategy lies in meticulous identity validation. Construction companies must implement multi-factor authentication (MFA) and identity verification protocols for all users seeking access to digital resources. This ensures that only authorised individuals gain entry.

2. Least privilege access: Embracing the principle of least privilege, the strategy should grant users the minimum access necessary for their roles. This prevents over-privileged accounts from becoming potential entry points for cyber attackers, reducing the attack surface and potential damage.

3. Continuous monitoring and behavioural analytics: Real-time monitoring of user behaviour and network activities is integral to detecting anomalies promptly. Behavioural analytics enable the identification of unusual patterns, allowing immediate response to potential threats before they escalate.

4. Micro-segmentation: Segmenting the network into smaller, isolated sections limits lateral movement for attackers. This containment approach isolates potential breaches, preventing unauthorised access to critical assets.

5. Robust encryption: Data encryption, both in transit and at rest, is pivotal to maintaining data integrity and confidentiality. Encryption ensures that even if unauthorised access occurs, the intercepted data remains indecipherable.

6. Zero trust architecture: Implement a comprehensive architecture that enforces zero trust principles across all layers of the IT infrastructure. From endpoints to applications and data repositories, consistency in zero trust application enhances overall security.

7. Continuous training and awareness: Employees play a crucial role in any cybersecurity strategy. Regular training and awareness programmes educate personnel about the zero trust approach, fostering a security-conscious culture.

8. Vendor and third-party management: Extend zero trust principles to third-party vendors, contractors, and partners who interact with the company's digital environment. Rigorous vetting and monitoring ensure that external entities adhere to the same security standards.

As digital tools proliferate and data volumes surge, a proactive cybersecurity strategy is no longer a luxury but a necessity for the UK’s most ambitious construction firms. In a world where innovation knows no bounds, neither should construction firms’ commitment to safeguarding their digital foundations.

Vapour’s CEO Tim Mercer was invited to attend the much-talked-about Comms Vision event delivered by Comms Dealer at the beautiful Gleneagles venue in Scotland last month.

Here are his top 10 takeaways from the two-day discussions:

  1. Cyber security was the number one topic of the entire event, I would say. Our lives are becoming increasingly connected and with that comes risk, particularly in the home. IT security should therefore be considered a process, not a product. There isn’t a quick fix, particularly where human error is involved. It was interesting to note that while customer service is something I would hope everyone cares about, it gained only a couple of fleeting mentions – particularly on day one. Let’s not lose sight of why we’re all here!
  1. When it comes to people management, there are a number of issues keeping tech firms awake at night, including diversity, hybrid working, mental health and the cost of living crisis. The biggest concern from the last 12 months, however, has been recruitment. Businesses therefore need to think carefully about how they attract and retain top talent moving into 2023 and beyond, and how the attitudes and behaviour of colleagues throughout entire organisations can influence whether a company is a great place to work, or not. Culture is undoubtedly key – something panellists repeatedly agreed on. Corporate values can’t just exist to tick a box.
  1. While many people love the flexibility of remote working, it should not be forgotten that for others, it can cause increased anxiety, especially when it comes to holding meetings on platforms such as Microsoft Teams. It’s important to keep talking to colleagues about how they feel. Also, while hybrid working policies may feel to contradict flexibility – the very reason hybrid working is so popular in lots of cases – they can give definition that better sets out the expectations of everyone involved.
  1. While conversation surrounding net zero is mounting – something nobody would dispute – a third of people in the room admitted that they do care about the topic, there are more pressing priorities on their strategic agenda at the moment.
  1. The channel is optimistic about the year ahead, on the whole, with 85% predicting some degree of growth.
  1. The date for BT’s switch off of their 35-year-old network – 2025 – is looming. Porting and provisioning is difficult and time consuming, so the channel must ensure it’s ready. The consensus seemed to be that the Government has to work harder in terms of communicating the change too.
  1. Mobile is taking priority over fixed line connectivity, and while 5G progress has come a long way, with BT aiming for 50% of all coverage by 2028, infrastructure on the whole still requires some work.
  1. There was a fantastic talk about the role of anthropology at the heart of a successful business strategy, with some incredibly interesting insight into why one athletics club in Kingston, Jamaica, produces most of the world’s best sprinters. The conversation centred on the notion that, usually, people – in all walks of life including their careers – reach an acceptable standard then stop trying as hard. Elite performers, on the other hand, have a deliberate practice that makes them continue to succeed when others typically stop – they want it the most. Thank you Rasmus Ankersen, for your brilliant presentation.
  1. We shouldn’t confuse great talent with the right talent needed for a particular role. The story of American football was eye-opening here. Athletes attend camps every year where they are tested on everything from their speed and how high they can jump, through to their IQ. However, the tests don’t delve into the true detail of the person, and arguably, in the middle of a game, when milliseconds matter, IQ and speed become less important. The ability to see and feel the game, and react quickly, is critical, and these star players are quite different.
  1. Thank you also to RPD Development – another brilliant session, this time on the topic of innovation. I found this talk particularly interesting because of the speaker’s backstory – a teenager influencing millions of dollars of R&D design in the robotics industry before he’d even sat his GCSEs (because customers weren’t aware he was still in school!) His session shed a superb light on the role of culture, mindset and internal PR in driving true innovation within organisations.

It’s no secret that the global tech sector is advancing at an astonishingly rapid pace – not least in relation to the now integral role of digital transformation in spearheading growth and success. But no matter the size or scope or your organisation – or how sophisticated your innovation strategy is – the only way to drive significant change is to leverage the power of people.

So, to champion some of the industry’ finest talent, and gain some insight into the minds of individuals from across the tech space, we’re inviting friends and partners of the business to take part in our quickfire Q&A.

Up next, it’s Greg Gyves, Business Manager, MSSP - EMEA at Fortinet

Tell us about your role at Fortinet and the part you play in the tech sector.

Fortinet is the world’s leading cyber security company, and we help a range of organisations – from the smallest micro businesses to the world’s largest enterprises and governments – to securely accelerate their digital journey.

All my time in the last 10 years at Fortinet has been dedicated to supporting the growth of our MSP and MSSP partner community, as well as helping them build new and incremental recurring revenue streams from managed security services.

What innovation was the turning point for your organisation, to get it to where you are now?

A significant turning point was the introduction of the Fortinet Security Fabric vision – which has existed for almost a decade now, and helps deliver broad, integrated, and automated protections across the entire digital attack surface.

This is a strategic approach most recently validated by Gartner, with the introduction of their cyber security mesh architecture (CSMA).

And where’s next for your business?

Fortinet has several strategic growth engines in different technology areas – driven in a large part by the increasing volume and variety of sophisticated cyberthreats, the shift to working from anywhere, and the convergence of network and security.

Our key priority areas are continuing our growth in network firewall and Secure SD-WAN, along with SASE and ZTNA, to accelerate the digital transformation of our customers. We’re also keen to further develop comprehensive products and solutions to secure operational technology (OT) environments, as we see a rising volume of attacks that are targeting these traditionally isolated environments.

The biggest misconception faced by the tech sector is…

That it’s an industry for men and that you have to be technical to succeed. While it is true that there are few women working in the field of cybersecurity, and even fewer if we only consider engineering positions, I don’t think it’s necessarily more difficult for them to enter this space. We should collectively make it more balanced by hiring a greater number of women, to bring diversity as well as help to address the global skills shortage.

What do you think will be the biggest tech trend over the next 12 months?

Although the trend will span longer than 12 months, there is a continued convergence of IT and OT, where there is a requirement to leverage previously unconnected operational networks by connecting them to the cloud, and in turn the IT network.

There is a significant addressable opportunity in OT security, and we believe we are well placed to take advantage of this fast-growing trend.

What top tip would you give to an individual trying to excel in their tech career?

Don’t stand still – it’s equivalent to falling behind. Constantly looking for ways to push beyond your comfort zone is crucial to keep up with the pace of the industry.

The next purchase on my personal tech wish list is…?

A Peloton exercise bike – I love the idea of that immersive experience from the comfort of your own home.

And what is your earliest memory of tech in your life?

Probably a Commodore VIC 20, that I think was originally given to my older brother. It was later superseded by the Commodore 64 and Amiga 500, before we became a Nintendo house instead.

What is one longstanding piece of tech you are shocked is still used today?

Well, I’m shocked my wife still forces me to keep the Blu Ray player (not that I can remember the last time we used it!), against my best efforts to stick it in the bin. If anyone reading this actually still uses a DVD or Blu Ray player, then I am shocked!

If you are without the internet for an hour, what would be the first activity you resort to, to pass the time?

I imagine it would be a game of football in the house or in the garden with my two boys, aged 10 and 5. They are both mad for the sport and any ‘unconnected’ activity usually involves a football.

Cyber Security Awareness Month may have dominated the headlines in October, but it remains an ongoing priority at Vapour HQ.

And the team is delighted to have secured Cyber Essentials certification – a government-backed scheme that evidences our deeply-engrained commitment to security, and our protection against cyber-attacks.

Independently assessed by the ISAME Consortium – a Cyber Essentials Partner – the accreditation hasn’t just encouraged the Vapour team to review and validate our cyber security protocol. It also now reassures our customers across public and private sectors – ranging from construction to education, and healthcare to professional services – that we take proactive steps to protect our cloud technology infrastructure from risk.

Commenting on the success, Vapour’s head of transformation and operations Carol McGrotty – who led the certification project – said: “A key part of being ‘cyber ready’ is never becoming complacent. It’s a mantra we share with our customers, so it’s important we live and breathe it too – not least because many attacks are a result of fairly unskilled hackers exploiting innocent human error.

“So, while we know we take cyber security extremely seriously throughout the Vapour team, the exercise to achieve certification provided a helpful ‘sense check’ that we’ve got all bases covered. It should also act as a further sign of confidence for our customers – large and small – that when you’re working with us, you’re in safe hands.”

Last month, the iconic Olympia London opened its doors to over 5,000 delegates, for the 2022 International Cyber Security Expo.

With an esteemed Advisory Council, chaired by Professor Ciaran Martin CB (former CEO of the NCSC), the event combines world-class education with practical business solutions, as well as leading products and innovations.

Not ones to miss such an opportune event, our cyber security team headed down to scope out some key insights.

Here’s what they came back with…

Software Bill of Materials (SBOM) as a strategy 101

Recently emerging as a key building block in software security and supply chain risk management, a SBOM is a complete inventory of a codebase – including open source components, their license and version information, and any known vulnerabilities.

Having an SBOM is one of the most effective ways to identify impacted systems, as well as help organisations secure their infrastructure to minimise cyber security risks.

Attack tree analysis: identifying and ranking cyberattack paths

Conceptual diagrams showing how a system or target can be compromised, attack trees are an excellent tool in the world of cyber security.

Utilising telemetry data and estimates to reduce the risk of an attack, David Wiseman of Isograph Software ran through an example of a threat imposed on an automotive infotainment system – and what an insightful demo it was!

Application security – present and future

A panel of cyber powerhouses delved deeper into application security automation testing.

Specifically, the discussion focused on API security, cloud native application security, and supply chain risks – highlighting how our growing reliance upon such services have exposed users to a variety of new security risks, and exploring how to protect them from constantly-evolving threats.

Hunting the actors behind the threat

Clustering is the process of dividing entire data into groups, based on the patterns in the data – allowing experts to observe activity and identify any anomalies that could indicate a threat. Very Jason Bourne!

Zero Trust for applications and protecting yourself from zero-day vulnerabilities

Zero Trust is a hot topic for network security. Yet, many are yet to grasp its impact or understand successful implementation.

Delving into the various endpoint evasion techniques that are undetectable by most Endpoint Detection and Response (EDR) and antivirus solutions, offered some great insight into the need for such architecture in an increasingly connected world.

An insight into  penetration testing

With a whistle-stop demo of penetration testing in action, attendees were encouraged to think like a hacker, and detect vulnerabilities in a sample software system.

But why is this so important?

Want to continue the conversation? Get in touch.

We have received a growing number of enquiries over the past two weeks, from customers concerned about the threat of cyberattacks. And the number of people contacting us in search of guidance is continuing to rise. Our head of transformation and operations – Carol McGrotty – has therefore summarised our advice in this short post. If you wish to discuss this any further, please contact our Service Desk at gethelp@vapourcloud.com, and we will do our best to assist.

With Russian military operations currently underway in Ukraine, the question of whether cyber warfare will also be employed remains unanswered.

Vapour is liaising with Tier 1 providers – with no known immediate threat – and shall continue to do so.

There is a heightened sense of concern being felt by many organisations. Our focus is to help clients prepare for potential cyberattacks. For that, we have put together this cyber readiness checklist. While many of these suggestions are standard cyber hygiene protocols and best practices, simple actions can also go a long way towards fighting against cyberthreats.

Key takeaways

Access: Review admin access to Firewalls and Firewall policies to ensure only permitted access has been given and not open to vulnerabilities

Patching: Ensure that all systems are fully patched and updated

Protection Databases: Make sure your security tools have the latest databases

Backup: Create or update offline backups for all critical systems

Phishing: Conduct phishing awareness training and drills

Hunt: Proactively hunt for attackers in your network using the known TTPs of Russian threat actors

Emulate: Test your defences to ensure they can detect the known TTPs of Russian threat actors

Response: Test your incident response against fictitious, real-world scenarios.

We hope you find this helpful, and if you have any queries, please contact our Service Desk at gethelp@vapourcloud.com.

The hybrid world of work is here to stay and brings a raft of benefits with it. But we can’t forget the data security risks that come with being away from the usual corporate setting.

And, to celebrate the launch of our SD-WAN solution for hybrid workers, we decided to team up with One Minute Briefs in a bid to educate the nation around some of the cyber risks which lurk with remote work.

Enlisting the help of One Minute Brief’s 33k-strong online community (otherwise known as OMBLES), we set about creating posters which highlight the cyber risks associated with hybrid working – if organisations don’t better protect their colleagues’ devices.

Of course, we’d highly recommend using Vapour’s new hybrid working solution, which integrates endpoint and network security through state-of-the-art SD-WAN technologies, to reduce organisations’ exposure to cyber threats, regardless of where employees decide to work from one day to the next.

The OMBLES were inspired too, and not only did the campaign feature amongst Twitter’s ‘trending’ charts – alongside National Tea Day and The Queen’s 95th birthday – but it generated over 200 entries, 76.6k impressions, and reached around 6.6 million people.

The level of creativity was sky-high, and it took us a while to settle on a shortlist of just 20 – never mind our eventual winner. But do you agree with our selection? Find out more about our SD-WAN solution, here.

sign up for latest news
  • This field is for validation purposes and should be left unchanged.