MDW-240x110
Digital
Workspace

Our Managed Digital Workspace service gives your people everything they need to work securely from any location.

Find out more

    Cloud-240x110
    Cloud
    & infrastructure

    24/7/365 monitoring, alerting, incident remediation, and maintenance for all your network, storage, and compute infrastructure.

    Find out more

      serviceDesk-240x110
      Service
      desk

      Completely outsource your first or second line service desk functions to our team of in-house technical experts.

      Find out more

        security-240x110
        Security
        service

        Total threat detection, prevention, and response designed to protect you, your people, and your organisation.

        Find out more

          infrastructure-240x110
          Infrastructure
          solutions

          We offer a full range of infrastructure solutions that can be tailored to suit your organisation’s specific requirements.

          Find out more

            publicCloud-240x110
            Quadris
            Public Cloud

            Quadris Public Cloud provides a simple, scalable public cloud service but with much greater emphasis on security, data integrity, and support. 

            Find out more

              prevensys-240x110
              Prevensys
              monitoring

              An industry-leading monitoring solution that maintains the health and performance of your IT network with ease and clarity.

              Find out more

                additional-240x110
                Additional
                solutions

                Find out more about digital workspaces, networking, data centres, security, and our other professional services.

                Find out more

                  Procurement
                  frameworks

                  Quadris is a registered supplier and approved partner on the most important UK public sector buying framework.

                  Find out more

                    Secure
                    remote access

                    Access the Quadris support portal to create a new remote support session with a member of our service desk team.

                    Find out more

                      Careers
                      @ Quadris

                      We're always on the lookout for exceptional individuals that have a desire to learn and to deliver outstanding service.

                      Find out more

                        Customer
                        portal

                        The place for existing customers to access and manage their entire account and all interactions with the Quadris team.

                        Find out more

                          Tech
                          articles

                          A variety of technical articles authored by our internal team of technical experts and covering a wide range of subjects.

                          Find out more

                            Success
                            stories

                            Discover why some of our most valuable customers chose Quadris to deliver a wide range of IT and professional services.

                            Find out more

                              Sector
                              news

                              Every month we roundup the latest news from across the IT sector and present it here in an easily digestible format.

                              Find out more

                                Brand
                                guidelines

                                Discover how the various Quadris brands should be used correctly and access high-resolution downloads of a range of assets.

                                Find out more

                                  4 min read

                                  Could an IT security breach cost you your job?

                                  Ever since the lockdown, millions of employees have been accessing their company’s data from remote locations, more often than not using unsecured internet access.

                                  As a direct result, it has provided hackers with a golden opportunity to gain access to corporate accounts and data. This has been borne out by security researchers at Check Point who reported that as hackers continue to take advantage of mass remote working, ransomware attacks in the UK increased by 80% in the third quarter of 2020. 

                                  And it’s not just your remote workers that you should be concerned about. Failure to ensure that every corporate device is always updated, patched, protected, and connected securely to the internet, is basically an open invitation to hackers. 

                                  A single attack can cost an organisation a fortune, as the University of California at San Francisco recently discovered when it paid over $1 million to to recover files locked down by a ransomware infection.

                                  Money aside, the repercussions can potentially be fatal. Only last week, we published a report about an attack on the University Hospital of Düsseldorf where a 78-year-old woman may have died because of this criminal action. 

                                  In addition to launching a negligent homicide case against the hackers, the authorities have also said that the hospital itself could be placed under investigation. The very fact that hospital administrators could be questioned, raises some very serious issues about who is ultimately responsible for the security of IT systems. 

                                  Where does the buck stop? 

                                  The existing legal framework surrounding breaches of data isn’t particularly defined. Once you go beyond the requirement that an organisation immediately discloses any data breaches to those customers who have been affected, there are very few laws that govern who takes responsibility. 

                                  The data owners (the organisation that stores the user data) is responsible for any breaches and as a result can be fined accordingly. But under normal circumstances, the data holder (the organisation that stores the data) cannot be held responsible, aside from failing to notify affected parties. 

                                  The level of liability for data owners is dependent on the safeguards they take in order to protect the data.  If they can be shown to have failed to control access to the network or not encrypting sensitive data, they will be more liable for damages suffered as a result of the breach. 

                                  But putting legalities to one side, who within an organisation should or rather could take the fall for a major breach? 

                                  IT and cybersecurity staff. 

                                  It’s all too easy to point the finger at hard-pressed IT staff. 

                                  The problem is that for a variety of reasons networks are becoming far less secure, while the cost of cybersecurity is growing by the day. Tighter budgets, fewer people in the IT department, and an increasing shortage of people with the necessary skills, all add up to create a perfect storm that could lead to a breach. 

                                  Across the country IT departments are crying out for money to shore up their creaking security protocols and implement policies such as encryption, only for their cries to fall on deaf ears. That is until a security breach occurs, and the organisation is left counting the enormous cost. 

                                  In such a situation, it’s hard if not impossible to lay the blame on anyone other than the powers who control the IT department’s budget. 

                                  CEOs, CIOs and CISOs. 

                                  C-level executives are the most likely candidates to fall on their swords in the event of a major breach such as in the cases of Target and Equifax. But it’s not a given that the CEO, CIO or CISO will resign and there are countless cases of organisations sticking with their senior appointees even after a costly error. 

                                  But there are some people who argue that the C-suite should be made responsible, as they wield the power that determines both the level of funding for security and the corporate culture that underpins it. Consequently, the C-suite and its management teams should bear responsibility for any failures in security. 

                                  Gartner has predicted that soon the C-suite will no longer be able to hide behind their corporate legal teams. This is a direct result in the growth of cyber-physical systems (CPSs), that will increasingly interact with the physical world, including humans. They even go as far to suggest that by 2024 three quarters of CEOs could be held responsible, especially where incidents lead to the destruction of property, environmental disasters, or cause harm to people. 

                                  Strong sentiments indeed, but if this were to come to pass who in their right mind would take on a position that could result in incarceration? 

                                  The organisation. 

                                  The organisation as a whole always takes the biggest fall in the event of a security breach, both financially and in the subsequent damage to its brand. 

                                  It also reflects the view of both the law as it stands and the vast majority of cybersecurity professionals, as trying to shift the blame onto one individual or a group doesn’t reflect the true collective nature of organisation. 

                                  It’s true that with greater power comes greater responsibilities, but it’s up to every organisation to embed security across its IT landscape. By proving that your organisation is doing everything possible to mitigate potential security breaches, that should surely be enough. 

                                  It’s time to end the blame game. 

                                  With the best will (and skills) in the world, no-one can guarantee 100% security. 

                                  You only have to look at the big-name businesses that have succumbed to hackers to realise that it’s almost impossible to protect your organisation from groups or individuals who are determined to find a way. 

                                  Having said that, should a hacker gain access to your organisations systems on your watch, no doubt it would result in the powers to be questioning your ability to carry out your job. Not only will your organisation’s reputation be damaged, it’s unlikely to do much for your own career prospects. 

                                  The question remains, are you being advised about all potential vulnerabilities such as with Citrix ADC (CVE-2019-19781) that may have resulted in the death of the 78-year-old woman

                                  If you aren’t, then we strongly suggest you start asking why. 

                                  Concerned about the security of your organisation’s IT systems? 

                                  If for any reason you are concerned about security breaches that could leave your organisation at the mercy of hackers, don’t hesitate to contact us.

                                  For immediate help and advice call Peter Grayson on 0161 537 4980 or email peter.grayson@quadris.co.uk 

                                  If your remote workers get hacked, don't just blame the IT department.

                                  It’s the nightmare scenario that gives IT professionals sleepless nights...

                                  Read More

                                  7 steps that will ensure your new distributed workforce stays connected, productive, and secure.

                                  How to go about ensuring that your organisation is ready, willing, and able to operate a digital workspace that can meet the growing and...

                                  Read More

                                  Why the Managed Digital Workspace must place security at its very heart.

                                  While most organisations have embraced remote working, the one area that is proving to be the weakest link is security.

                                  Read More