News and Views

New Zealand’s first hyperscale data centre is set to open in 2024, marking a major milestone in the country’s digital landscape. First announced in 2020, this ambitious project once seemed like a distant vision. Now, it’s becoming a reality, connecting New Zealand to a global network of over 200 data centres, 190 points of presence, and 175,000 miles of terrestrial and subsea fibre. This expansion will offer significant advantages for local businesses, enhancing connectivity and opening up new opportunities. A local data centre can significantly improve data security and compliance, enabling businesses to meet local data residency requirements and adhere to the new Privacy Act. This is especially important for companies that handle sensitive customer information. Additionally, Microsoft’s new cloud services align with the growing emphasis on Māori data sovereignty. The data centre ensures that data remains within Aotearoa New Zealand’s borders, which is a crucial step in protecting Māori knowledge, culture, and data from foreign jurisdiction or governance. It will also provide access to Microsoft’s cloud services, including Azure, Microsoft 365, and Dynamics 365, offering scalable, highly available, and resilient solutions that can enhance business operations. Local data storage means reduced latency and faster access to data, leading to improved performance and reliability. This hyperscale data centre is more than just an infrastructure upgrade—Microsoft’s local presence will unlock new opportunities for innovation and growth, shaping the future of New Zealand’s digital economy.  While the transition from Australia to a local data centre may not happen overnight for all businesses, it's a development worth considering. If you’d like to learn more or have any questions, feel free to reach out.

Yorb is aware of a multi-stage phishing campaign currently impacting New Zealand organisations. Compromised email accounts are being used by attackers to send phishing emails. This makes it look like it originates from trusted or known contacts . These phishing emails are being sent via Microsoft sharing invitations. The attacker gains access to a compromised email account, uploads a malicious file to their Microsoft OneDrive/SharePoint , and shares this out to the all the compromised accounts contacts. What to look for: This email is from a known contact or vendor you may deal with every now and again The email contains a legitimate OneDrive share , which leads to a fake document. See below example

October 2025 still feels like a long way off, but with 70% of devices still running Windows 10, there is a lot of work for IT teams before that time to ensure devices are safely upgraded to Windows 11. Microsoft gives a predictable support period for all the software, five years of mainstream support, followed by five years of extended support. During the extended support phase, Microsoft continues to provide security updates to their products. Windows 10 was released in July 2015, and Microsoft will cease to provide security updates in October next year. Windows 11 was released in 2021 and over that time has matured to be a reliable solution that retains a similar look and feel. Furthermore, Windows 11 will run all the same software as Windows 10. The vast majority of hardware released in the past five years is also supported, though there are a few exceptions where some of the new security requirements cannot be met. To ensure all your systems continue to be supported past October next year, we strongly suggest clients start planning their upgrades now to avoid the late rush. Yorb is providing free upgrade assessments that will identify any potential upgrade issues and provide a roadmap to October 2025, please contact us to arrange your assessment.

It's cliche that we all believe this year is racing by faster than the last, though it certainly feels like it again, already we are talking about our end of year function, staff leave approvals, and most importantly our annual Christmas donation. Each year, in lieu of Christmas gifts to clients we have made donations to charities, past years have been: 2023 - $9,000 to Salvation Army Food Bank 2022 - $9,000 to Salvation Army Food Bank 2021 - $6,000 to Womans Refuge 2020 - $6,000 to Salvation Army Food Bank This year we've been polling our staff on who they feel we should support in 2024; they've whittled them down to these very worthwhile causes: Womans Refuge (Whanganui, Hawkes Bay, Manawatu, West Coast) SPCA (Whanganui, Hawkes Bay, Manawatu, West Coast) Big Brothers Big Sisters (Manawatu, Hawkes Bay, West Coast) Good Bitches Baking (Whanganui, Hawkes Bay, Manawatu) Wildbase Recovery Trust (Manawatu) Hato Hone St John (Whanganui, Hawkes Bay, Manawatu, West Coast) Life Education Trust (Whanganui, Hawkes Bay, Manawatu, West Coast) Manchester House Feilding (Manawatu) Just Zilch (Manawatu) Arohanui Hospice (Manawatu) Family Start West Coast (West Coast) Nourished for Nill (Hawkes Bay) Napier Riding for the Disabled (Hawkes Bay) Sustainable Whanganui Trust (Whanganui) Bushy Park (Whanganui) We would like our clients to help us select our 2024 recipient(s) by voting on these nominees. Please visit the Yorb Christmas donation page and vote before 30 November. Every person that votes will go in the draw to win a Christmas Hamper. In August I attended IT Nation in Sydney, this is a bi-annual event and one of the largest events in the IT calendar. This year, as you can imagine, the focus was heavily on AI and how it will impact business over the remainder of the 2020s. Chat-GPT, Gemini from Google and Co-Pilot from Microsoft have received the vast majority of headlines over the past year, though there is also a lot of very important with industry apps such as Financial, CRM, and ERP tools. Within our own ConnectWise job management solution, we are seeing AI begin to classify tickets as they are created, analyse sentiment and assess urgency. It's worth looking at your own line-of-business apps and understanding from the vendors how they are looking to bring AI into their solutions. Lastly, did you know Yorb has a Software Development team? No? I suspect you are not alone, our Software team is in my view our best kept secret. Over the years they've helped businesses solve problems using unique custom software solutions, ranging from $5,000 through to $500,000. With automation tools such as Power Automate and low code solutions like Power App maturing, the opportunities are greater than ever. As one client I spoke to last month said, "their investment in software has given them a 10-point advantage over the competition." In New Zealand we often hear of the productivity gap, the mission of our software team is to provide real solutions to this problem. We will be focusing more on talking to our clients about the opportunities available.

In today’s world, where AI is becoming increasingly central to business operations, ensuring that our data is well-governed is not just a best practice— it’s a necessity.

With the rise in remote work, the sophistication of hacking tools, and the surge in AI, brute force & VPN attacks are soaring. Since at least March 2024, there has been a global surge in brute-force attacks identified against a variety of targets including VPN services, web application authentication interfaces, and SSH services. Known Affected Services Cisco Secure Firewall VPN Checkpoint VPN Fortinet VPN SonicWall VPN RD Web Services Ubiquiti A Virtual Private Network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet. Current trends indicate that VPN attacks are not only increasing in frequency but also growing in sophistication. The rise in ransomware cases exploiting VPN vulnerabilities, especially following public disclosures, underscores the inherent weaknesses of traditional VPNs. These flaws provide attackers with easy access points to penetrate networks and move laterally, resulting in significant data breaches and operational disruptions. Progressive organisations are shifting to zero trust architectures to achieve more detailed control and significantly minimise the attack surface. This is achieved by eliminating implicit trust, both within and outside the network perimeter. This approach tackles the immediate weaknesses of traditional VPNs and aligns with a proactive cybersecurity strategy, crucial for adapting to the changing threat landscape. A Brute Force Attack is a hacking technique that uses trial and error to crack passwords, login credentials, and encryption keys. The term “brute force” reflects the attackers’ relentless attempts to gain access. Hackers employ computers to test numerous username and password combinations until they find the correct one. ↓ Downside: An attacker can eventually discover a password through a brute-force attack. ↑ Upside: By following best practices for password creation and storage, it could take years to crack. With a sufficiently long and complex password, there could be trillions of possible combinations, making it extremely difficult for attackers. Although it is impossible to completely stop these attacks, the following best practices can significantly thwart their efforts and enhance your security posture. Use Strong & Unique Passwords – passwords should be long and complex; each account should have a unique password. Limit Login Attempts - Block accounts after “x” number of failed login attempts. Monitor IP Addresses – Block login attempts from suspicious IP addresses. Use Multifactor Authentication (MFA) – Multiple ways to identify a user is who they say they are. Something you have, something you know, something you are. EG. Password + Authenticator App code.

The big tech story over the past week, perhaps ever has been the CrowdStrike incident. It would be impossible to put out a newsletter article this week and not draw some attention to it. Luckily, none of our managed customers have been directly impacted, although we have had discussions with CrowdStrike in the past, their particular security offering is not well aligned to small business requirements. But, could this have happened to another provider? The very simple answer is yes , this is the worst-case nightmare of all IT professionals, a bad update is a reality for all software, and we all dread the day it happens to us on any scale. The irony is that the very software designed to help prevent these situations has created the biggest and most costly IT outage in history. The reason for the scale of this outage is that the update got pushed to approximately 8.5 million Windows computers and servers, although servers have redundant systems with backups, laptops and desktops do not. The fix for these devices by in large required multiple passwords, often not easily obtainable, and physical access to the device and procedures not readily available to the common end user. The net effect of this bad update was vast, Hospitals and Doctors across the US & UK were unable to operate, Upwards of 5,000 flights have been cancelled with a backlog of around 40,000 delays across the US and abroad that is expected to take months to clear. Major public transport providers were affected halting Train and bus services. Locally, mostly Banks and Payment systems were the only major systems affected. In all of this, we should still count ourselves lucky. This particular incident affected less than 1% of all Windows devices globally. So the question arises, what happens in a larger outage? What happens when a bigger brand pushes a bad update? What happens when a major Internet or power provider goes offline? What happens when my cloud services go offline? Not only are these possible scenarios, they are all real-world scenarios that have happened in the past. Many questions will be asked over the coming months, what happens if a bigger brand pushes a bad update? Who pays? How can it be prevented? Are we too reliant on a few major Mega corps? The reality is that any solution to risk carries trade-offs that will erode security and require careful consideration. Delaying security updates and allowing individual company admins to test each update is an unreasonable overhead and would create windows for cyber miscreants. The question then gets asked, is it time for the humble desktop to be retired and all users moved to a centralised remote desktop architecture with backups and more redundancy? The de-centralised nature of the desktop has been one of its enduring strengths, and moving all users to a centralised model would, at first glance, appear to increase the risk of major meltdowns, not decrease it. How will your business operate during a large-scale IT outage regardless of the architecture employed? So, what do we all do now? This will be a question thousands of businesses are asking and there will be plenty of new company's popping up saying they have the answer. My thoughts, Talk to your technology team, ensure they've got good documentation, would the appropriate passwords be available quickly should a similar issue arise? Look at your Business Continuity (BC) plans, too often these plans are left up to the tech department. The whole business needs to be involved in your BC plans, the old adage, to a man with a hammer, everything looks like a nail is apt here. If you leave your tech department to work on your BC plans alone, they will come up with a technology solution. Technology is not the solution to every business problem. You still need security, don't look to weaken your security to prevent this. The software update in question could have equally been released by any number of software vendors, on Windows, Apple, or Linux devices. There is no quick fix, every option has trade-offs and these need to be considered carefully before any wholesale changes are made, don't buy-in to the marketing of any business that claims they have a solution. As always, our team is happy to discuss any concerns you may have, we have people versed in business continuity planning, security and appropriate digital architecture. We are happy to work through these discussions with your business, coming up with solutions that meet your requirements.