Since 2016, they have been targeting MSPs (Managed Service Providers) in an attempt to compromise a target’s security via their supply chain.
APT10 have hit specific targets primarily based in Japan, but other countries including the UK, are known to be affected. This highlights how important it is for you and your business to vet your providers and partners to ensure that they are doing everything they can to keep your digital assets secure.
This has been achieved, not only through technology but also by awareness and accreditation. We applied for and achieved our ISO 27001 accreditation back in 2014 and have maintained this standard through 3rd party auditing ever since. ISO 27001 is a framework that ensures that all of our staff are “security aware” and helps us to consider the implications of our actions internally and on our client’s networks.
We are also practitioners of the government backed, Cyber-Essentials scheme. With this certification, we can help our client’s to improve their own awareness and security in a practical way.
Finally, our technology: we minimise our exposure to the Internet, we store client passwords in 256bit AES encryption and we run 3 separate desktop products to protect against Anti-Virus, Anti-Malware and Anti-Ransomware. Of course, we also use FitzBackup to make sure that key systems and data are available in any Business Continuity or Disaster Recovery scenario.
You can find out more about the work done by PwC, the National Cyber Security Centre and BAE Systems HERE.