[vc_row][vc_column][vc_column_text]

Signage for a Chipotle Mexican Grill is seen in Los Angeles, California, United States, April 25, 2016. REUTERS/Lucy Nicholson/File Photo

Chipotle says hackers hit most restaurants in data breach

By Lisa Baertlein as written on reuters.com

Hackers used malware to steal customer payment data from most of Chipotle Mexican Grill Inc's (CMG.N) restaurants over a span of three weeks, the company said on Friday, adding to woes at the chain whose sales had just started recovering from a string of food safety lapses in 2015.

Chipotle said it did not know how many payment cards or customers were affected by the breach that struck most of its roughly 2,250 restaurants for varying amounts of time between March 24 and April 18, spokesman Chris Arnold said via email.

A handful of Canadian restaurants were also hit in the breach, which the company first disclosed on April 25.

Stolen data included account numbers and internal verification codes. The malware has since been removed.

The information could be used to drain debit card-linked bank accounts, make "clone" credit cards, or to buy items on certain less-secure online sites, said Paul Stephens, director of policy and advocacy at the non-profit Privacy Rights Clearinghouse.

The breach could once again threatens sales at its restaurants, which only recently recovered after falling sharply in late 2015 after Chipotle was linked to outbreaks of E. coli, salmonella and norovirus that sickened hundreds of people.

An investigation into the breach found the malware searched for data from the magnetic stripe of payment cards.

Arnold said Chipotle could not alert customers directly as it did not collect their names and mailing addresses at the time of purchase.

The company posted notifications on the Chipotle and Pizzeria Locale websites and issued a news release to make customers aware of the incident.

Linn Freedman, an attorney at Robinson & Cole LLP specializing in data breach response, said Chipotle was putting the burden on the consumer to discover possible fraudulent transactions by notifying them through the websites.

"I don't think you will get to all of the customers who might have been affected," she said.

Security analysts said Chipotle would likely face a fine based on the size of the breach and the number of records compromised.

"If your data was stolen through a data breach that means you were somewhere out of compliance" with payment industry data security standards, Julie Conroy, research director at Aite Group, a research and advisory firm.

"In this case, the card companies will fine Chipotle and also hold them liable for any fraud that results directly from their breach," said Avivah Litan, a vice president at Gartner Inc (IT.N) specializing in security and privacy.

Chipotle did not immediately comment on the prospect of a fine.

Retailer Target Corp (TGT.N) in 2017 agreed to pay $18.5 million to settle claims stemming from a massive data breach in late 2013.

Hotels and restaurants have also been hit. They include Trump Hotels, InterContinental Hotels Group (IHG.L) as well as Wendy's (WEN.O), Arby's and Landry's restaurants.

Shares in Chipotle Mexican Grill ended marginally lower at $480.15 on Friday following the announcement.

(Additional reporting by Natalie Grover and Siddharth Cavale in Bengaluru and Tom Polansek and Nandita Bose in Chicago; Editing by Grant McCool and Lisa Shumaker)

 

[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column][vc_column_text]

Azure Monitor

Get the granular, up-to-date monitoring data you need—all in one place

[/vc_column_text][/vc_column][/vc_row][vc_row font_color="#ffffff" css=".vc_custom_1471641930410{background-color: #6994bf !important;}"][vc_column][vc_column_text css_animation="appear"]

Learn more about professional services provided by Managed Solution

[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column][vc_column_text]

Securing digital transformation through IoT cybersecurity policy

By Paul Nicholas as written on blogs.microsoft.com

Around the world, organizations and individuals are experiencing a fundamental shift in their relationship with technology. This transformation, often called the Fourth Industrial Revolution, has been characterized as a fusion of the physical, digital and biological worlds, with far-reaching implications for economies and industries, and even humankind. These changes create new opportunities and challenges for policymakers as traditional governance frameworks and models will have to be reconsidered for a different world.

Today, we are releasing a new white paper, Cybersecurity Policy for the Internet of Things, which addresses the critical task of developing cybersecurity policies for IoT. This challenge has particular urgency because the merger of physical and digital domains in IoT can heighten the consequences of cyberattacks. The cybersecurity concerns of IoT user communities — whether consumer, enterprise or government — provide a convenient lens for identifying and exploring IoT security issues. For example, enterprises and governments may identify data integrity as a primary concern, while consumers may be most concerned about protecting personal information. Acknowledging these perspectives is just the start; the real question is what industry and government can do to improve IoT security.

Industry can build security into the development and implementation of IoT devices and infrastructure. However, the number of IoT devices, the scale of their deployments, the heterogeneity of systems and the technical challenges of deployment into new scenarios and potentially unsecured environments require an approach specific to IoT. The IoT ecosystem depends on key players with a diverse range of security capabilities — manufacturers and integrators, developers, deployers and operators — and the paper outlines appropriate security practices for each role.

Government can support these efforts through the development of IoT cybersecurity policies and guidelines. As stewards of societal well-being and the public interest, governments are in a unique position to serve as catalysts for the development of IoT security practices, build cross-disciplinary partnerships that encourage public-private collaboration and interagency cooperation, and support initiatives that improve IoT security across borders. There is evidence that this work is well underway, as demonstrated by examples of government initiatives from several countries throughout the paper.

Looking forward, IoT cybersecurity policy will only increase in importance as the world grows more connected and reliant on the efficiencies and opportunities that IoT brings. IoT users and policymakers will face new IoT use cases, including situations where users may not even be aware that they are interacting with a connected device, which will prompt new questions about how to manage security needs alongside opportunities for innovation.

The growth of a secure IoT ecosystem through advancements in technology and policy is important to Microsoft and our customers around the world. We will continue to partner with stakeholders from across the public and private sectors to make this a reality.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
[/vc_column_text][/vc_column][/vc_row][vc_row parallax="content-moving" css=".vc_custom_1465945819577{background-color: #e98922 !important;}"][vc_column width="1/2"][vc_column_text]

Ensure You Have Enhanced Visibility & Control of Security Within Your Environment

800-208-3617

[/vc_column_text][/vc_column][vc_column width="1/2"][vc_column_text css_animation="appear"]Securing productivity, collaboration and enterprise data is critically important as organizations digitally transform. Reduce risk and support compliance requirements. Contact us today to schedule a security assessment.

As a relationship-driven organization, Managed Solution collaborates with you to build scalable technology infrastructures that improve productivity, strengthen culture, and accelerate profitable revenue.

By customizing the perfect mix of software, hardware, and IT services, we deliver a flexible technology solution that evolves and adapts to meet your needs and exceed your expectations at every stage of your business cycle.[/vc_column_text][/vc_column][/vc_row]

Microsoft to acquire Deis to help companies innovate with containers

By Scott Guthrie as written on blogs.microsoft.com

Containers have been at the forefront of cloud transformation in recent years, and for good reason: Container technologies let organizations more easily build, deploy and move applications to and from the cloud. With this increase in agility and portability, containers are helping to make applications the new currency in the cloud. At Microsoft, we’ve seen explosive growth in both interest and deployment of containerized workloads on Azure, and we’re committed to ensuring Azure is the best place to run them.

To support this vision, we’re pleased to announce that Microsoft has signed an agreement to acquire Deis – a company that has been at the center of the container transformation. Deis gives developers the means to vastly improve application agility, efficiency and reliability through their Kubernetes container management technologies.

In addition to their container expertise, the Deis team brings a depth of open source technology experience – furthering Microsoft’s commitments to improve developer productivity and to provide choice and flexibility for our customers everywhere. Members of the Deis team are strong supporters of the open source community – developing tools, contributing code and organizing developer meetups. We expect Deis’ technology to make it even easier for customers to work with our existing container portfolio including Linux and Windows Server Containers, Hyper-V Containers and Azure Container Service, no matter what tools they choose to use.

We’re excited to bring the Deis team and their technology to Microsoft. I look forward to seeing the impact their contributions will have on Azure and the Microsoft developer experience.

To Learn More about Professional Services, contact us at 800-208-3617

Solve Control Issues with Azure Active Directory

 

Azure Active Directory is an identity and access management tool to simplify employee and management IT needs with ease.

The best public cloud for SAP workloads gets more powerful

By Jason Zander as written on azure.microsoft.com

More and more enterprise customers are realizing the benefits of moving their core business applications to the cloud. Many have moved beyond the conversation of “why cloud” to “which cloud provider.” Customers want the assurance of performance, privacy and scale for their mission critical applications. Microsoft Azure sets the bar for scale and performance, leads in compliance and trust measure, and offers the most global reach of any public cloud. Specifically for SAP workloads, our strong partnership with SAP enables us to provide our mutual customers best-in-class support for their most demanding enterprise applications.

We’ve invested deeply to ensure that Azure is the best public cloud for our customers’ SAP HANA workloads. Azure provides the most powerful and scalable infrastructure of any public cloud provider for HANA. Azure also offers customers the ability to extract more intelligence from their SAP solution environments with AI and analytics, and our broad, longstanding partnership with SAP includes integrations with Office 365 to help customer enhance productivity, too. Lastly, we have an enormous partner ecosystem ready to help enterprises succeed with SAP solution workloads.

I’m pleased to announce several new advancements to this key area of focus:

• Support for running some of the largest public cloud estates of SAP HANA, across both virtual machines and Large Instance offerings.

  • To power SAP HANA and other high-end database workloads, we’re introducing M-Series virtual machines powered by Intel® Xeon® processor E7-8890 v3 that support single node configurations up to 3.5TB memory. This will allow customers to quickly spin up a new virtual machine to test a new business process scenario and turn it off when the testing is done to avoid incurring additional costs.

  • Real-time, transactional business applications need scale up power within a single node. For customers using OLTP landscapes like SAP S/4HANA or SoH that go beyond the limits of today’s hypervisors, we’re announcing a range of new SAP HANA on Azure Large Instance SKUs, powered by Intel® Xeon® processor E7-8890 v4 from 4TB to 20TB memory.

  • SAP business warehousing environments that harness and capture intelligence from massive volumes of data require multi-node, scale-out systems. We’re introducing support for SAP HANA Large instances up to 60TB memory for potential future use for applications like SAP BW, and SAP BW/4HANA.

• SAP Cloud Platform: SAP’s platform-as-a-service offering is now available as a public preview hosted on Microsoft Azure. Customers can take advantage of the pre-built SAP Cloud Platform components to build business applications while leveraging the broader toolset of Azure services.

• SAP HANA Enterprise Cloud: In cooperation with SAP, we are working to make Azure available as a deployment option for SAP HANA Enterprise Cloud, SAP’s secure managed cloud offering. Customers will benefit from Azure’s enterprise-proven compliance and security, in addition to close connections between their other Azure workloads and SAP solutions running on Azure in SAP HANA Enterprise Cloud.

• SAP and Azure Active Directory Single-Sign-On: SAP Cloud Platform Identity Authentication Services are now integrated with Azure Active Directory. This integration enables customers to implement friction-free, web-based, single-sign-on capabilities across all SAP solutions that integrate with SAP Cloud Platform Identity Authentication. In addition, SAP SaaS solutions (e.g. Concur, SAP SuccessFactors, etc.), as well as core SAP NetWeaver-based solutions or SAP HANA, are integrated with Azure Active Directory.

Last year, Satya Nadella took the stage at SAPPHIRE, announcing a new era of partnership with SAP – and at the time we shared that early adopters, Coats LLC and Rockwell Automation, were using Azure Large Instance infrastructure to run their SAP solution environments.  Since then, we’ve seen tremendous momentum with customers choosing to deploy SAP on Azure. Just a few examples of the companies deciding on Azure as their cloud platform for SAP solution landscapes are:

• Accenture: This is the largest business warehousing SAP HANA deployment in the public cloud, running Accenture’s own mission-critical financial reporting systems on Azure. For more about Accenture’s use of Azure, don’t miss their session at SAPPHIRE NOW’17 this week.

• Pact Group: By choosing to migrate their on-premises SAP servers to Azure, this Asia-Pacific packaging company anticipates annualized savings of 20 percent with their business now running more than 90% of its applications and compute on Azure.

• Mosaic: One of the world’s largest producers of phosphate and potash crop nutrients moved all its global financial, commercial, and supply-chain SAP systems to Azure, increasing speed and agility. The company anticipates a year over year cost savings of 20 percent.

• IXOM: When they needed to separate from their parent company, water treatment and chemical distributor IXOM chose to move its SAP applications to Microsoft Azure, taking a cloud-first approach to the future.

• Subsea7: This world-leading seabed-to-surface engineering, construction and services contractor is working with Accenture to unlock cost savings and greater efficiencies through SAP Business Suite on SAP HANA hosted on Azure. Subsea 7 aims to deliver a simpler, faster and more tightly integrated landscape to its global employees, providing more mobility, agility and an enhanced user experience.

One of the key advantages of Azure is that customers can drive intelligence and insights from their SAP solution environments by integrating with solutions like Power BI and Cortana Intelligence, powering new business opportunities and efficiencies.

Our integration partners are a critical part of SAP solutions on Azure deployments as they help ensure customer success, leveraging their skill and expertise across both the Microsoft and SAP ecosystems. At SAPPHIRE NOW’17, Microsoft will host some of our top Global System Integrator partners including Accenture, Cognizant, HCL, Infosys, TCS and Wipro to showcase the value and operational improvements each of these organizations can provide to customers looking to deploy SAP on Azure.

To Learn More about Professional Services, contact us at 800-208-3617

[vc_row][vc_column][vc_column_text]

Cost of Data Breaches High for Small Businesses

By Meg Conlan as written on biztechmagazine.com

Cybersecurity concerns aren’t limited to large enterprises.

According to a newly released Kaspersky Lab survey, small businesses shell out an average of $38,000 to recover from a single data breach. The amount climbs once indirect expenses and damage to reputation are taken into account.

Kaspersky Lab calculated $8,000 in indirect expenses, which included staffing, training and infrastructure upgrades designed to prevent future breaches. Losses due to brand damage were more difficult to determine. Kaspersky Lab landed on an estimate of $8,653 after factoring in consultancy expenses, lost business opportunities and the cost of PR and marketing campaigns aimed at restoring corporate image.

The release of those findings coincides with the 12th annual National Cyber Security Awareness Month. President Barack Obama designated October as a time to educate public and private organizations about the importance of data protection during a national security incident, and the Kaspersky Lab results work to underscore that importance.

“These numbers should serve as a wakeup call for both large and small businesses,” Chris Doggett, managing director of Kaspersky Lab North America, said in a statement. “IT security needs to become a more common priority for organizations and it is our hope that these numbers will motivate businesses to take the necessary steps to implement effective cybersecurity technology and strategies to prevent having to pay an enormous cybersecurity bill.”

Thus far, it doesn’t appear that businesses have found that motivation. The survey results show that half of IT professionals don’t list security-breach prevention among their top three IT priorities. Forty-four percent of businesses have not yet implemented anti-malware solutions.

Moving forward, a casual stance on security could be an issue for many organizations, especially considering that security breaches have become pervasive: Kaspersky Lab found that 90 percent of the 5,500 small, medium and large companies surveyed have experienced at least one security incident.

The causes of those breaches vary. Data from the Ponemon Institute’s “2015 Cost of Data Breach Study: United States” shows that 49 percent of data breaches stemmed from malicious or criminal attacks, 19 percent involved employee negligence and 32 percent were caused by system glitches.

Thankfully, policies, procedures and technologies can help mitigate risks. And according to the Ponemon Institute, incident response plans, the extensive use of encryption, CISO leadership, employee training and insurance protection can help reduce the costs of a data breach.

Of course, such factors will only benefit organizations that are willing to pump substantial time and resources into IT, but Kaspersky Lab says IT personnel need only think about the alternative to justify the investments.

“One thing is certain — the cost of a security breach is always higher than the cost of protection,” the report states. “The ability to reduce the risk and avoid the shaky path of recovery always pays off.”

[/vc_column_text][/vc_column][/vc_row][vc_row font_color="#ffffff" css=".vc_custom_1471641930410{background-color: #6994bf !important;}"][vc_column][vc_column_text css_animation="appear"]

Learn more about professional services provided by Managed Solution

Network Assessment & Technology Roadmap

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

To Learn More about Professional Services, contact us at 800-208-3617

[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column][vc_column_text]

The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack

By Brad Smith as written on blogs.microsoft.com

Early Friday morning the world experienced the year’s latest cyberattack.

Starting first in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year. A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers. While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected.

All of this provides the broadest example yet of so-called “ransomware,” which is only one type of cyberattack. Unfortunately, consumers and business leaders have become familiar with terms like “zero day” and “phishing” that are part of the broad array of tools used to attack individuals and infrastructure. We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident. This included a decision to take additional steps to assist users with older systems that are no longer supported. Clearly, responding to this attack and helping those affected needs to be our most immediate priority.

At the same time, it’s already apparent that there will be broader and important lessons from the “WannaCrypt” attack we’ll need to consider to avoid these types of attacks in the future. I see three areas where this event provides an opportunity for Microsoft and the industry to improve.

As a technology company, we at Microsoft have the first responsibility to address these issues. We increasingly are among the first responders to attacks on the internet. We have more than 3,500 security engineers at the company, and we’re working comprehensively to address cybersecurity threats. This includes new security functionality across our entire software platform, including constant updates to our Advanced Threat Protection service to detect and disrupt new cyberattacks. In this instance, this included the development and release of the patch in March, a prompt update on Friday to Windows Defender to detect the WannaCrypt attack, and work by our customer support personnel to help customers afflicted by the attack.

But as this attack demonstrates, there is no cause for celebration. We’ll assess this attack, ask what lessons we can learn, and apply these to strengthen our capabilities. Working through our Microsoft Threat Intelligence Center (MSTIC) and Digital Crimes Unit, we’ll also share what we learn with law enforcement agencies, governments, and other customers around the world.

Second, this attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers. The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past. This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support.

At the same time, we have a clear understanding of the complexity and diversity of today’s IT infrastructure, and how updates can be a formidable practical challenge for many customers. Today, we use robust testing and analytics to enable rapid updates into IT infrastructure, and we are dedicated to developing further steps to help ensure security updates are applied immediately to all IT environments.

Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality. This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world.

We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. We recognize our responsibility to help answer this call, and Microsoft is committed to doing its part.

[/vc_column_text][/vc_column][/vc_row][vc_row hide_row="ct_tt_hide_content_timeline" font_color="#ffffff"][vc_column][vc_column_text]

Looking for a technology partner to assist with a specific project? Call Managed Solution at 800-208-3617  or contact us to schedule a full analysis on the performance of your network.

Network Assessment & Technology Roadmap

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row]