Information Technology

CafePress’s past owner has been fined $500,000 over a litany of security failures and data breaches. CafePress is a US platform offering print-on-demand products including clothing, home decor, and kitchenware. Sellers can sign up to the platform, upload their designs, and CafePress takes a cut of any sales made. 

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

These businesses require key financial information from sellers and purchasers to operate, and as such, they are expected to securely manage this information and handle transactions with security in mind.  However, CafePress became the subject of a US Federal Trade Commission (FTC) investigation surrounding how it handled security — and how the firm allegedly “failed to secure consumers’ sensitive personal data and covered up a major breach.” On March 15, the US regulator said that Residual Pumpkin is required to pay $500,000 in damages. According to the FTC’s complaint (.PDF), issued against the platform’s former owner Residual Pumpkin Entity, LLC, and its current owner PlanetArt, LLC, there was a lack of “reasonable security measures” to prevent data breaches.   In addition, the FTC claims that CafePress kept user data for longer than necessary, stored personally identifiable information (PII) including Social Security numbers and password reset answers in cleartext, and did not patch against known system vulnerabilities.  “As a result of its shoddy security practices, CafePress’ network was breached multiple times,” the FTC says.  CafePress experienced a major security incident in 2019. An attacker infiltrated the platform in February 2019 and was able to access data belonging to millions of users.  This included email addresses, poorly-encrypted passwords, names, home addresses, security questions and answers, some partial card payment records, phone numbers, and at least 180,000 unencrypted Social Security numbers.  The datasets, some of which were then sold online, were added to Troy Hunt’s HaveiBeenPwned search engine in August 2019.  According to the FTC, CafePress was notified a month after the breach and did patch the security flaw — but did not investigate the breach properly “for several months.”  Customers were also not told. Instead, CafePress implemented a forced password reset as part of its “policy” and only informed users in September 2019, once the data breach had been publicly reported.  In a separate case in 2018, CafePress allegedly was made aware of shops being compromised. These accounts were closed — and the shopkeepers, the victims, were then charged $25 account closure fees.  The FTC also claims that the company “misled” users by using consumer email addresses for marketing, despite promises to the contrary.  While Residual Pumpkin will bear the cost of the order, PlanetArt is also required to notify consumers who were impacted by CafePress security incidents.  In addition, both companies will have to hire third-party experts to perform security audits and must redress any existing security issues — including replacing security questions with multi-factor authentication (MFA) processes, encrypting Social Security numbers, and tightening up their data storage and retention practices.  “CafePress employed careless security practices and concealed multiple breaches from consumers,” commented Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “These orders dial-up accountability for lax security practices, requiring redress for small businesses that were harmed, and specific controls, like multi-factor authentication, to better safeguard personal information.” The agreement is subject to public comment before being made final.  Update 14.58 GMT: CafePress told ZDNet: “The data breach occurred well before PlanetArt bought the CafePress brand and happened under the technology leadership of the brand’s prior owner. PlanetArt was happy to agree to the FTC’s request that PlanetArt also become obligated to the FTC’s settlement with the prior owner, as it comports with the priority PlanetArt has always placed on cybersecurity specifically and, more generally, on consumer protection.”Clarification 10.32amGMT: ZDNet has corrected the penalty amount to $500,000. ZDNet regrets the error. See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Google
Google has announced it will be expanding age verification checks to users in Australia who want to access age-restricted content on YouTube and Google Play.In the coming month, the search giant will introduce age verification checks where users are asked to provide additional proof-of-age when attempting to watch mature content on YouTube or downloading content on Google Play. The move is to provide users with “age appropriate experiences,” Google government affairs and public policy senior manager Samantha Yorke explained in a blog post. “As part of this process some Australian users may be asked to provide additional proof of age when attempting to watch mature content on YouTube or downloading content on Google Play.”If our systems are unable to establish that a viewer is above the age of 18, we will request that they provide a valid ID or credit card to verify their age.”Google considers a valid ID as one issued by government, such as a driver’s licence or passport. The company assured if a user uploads a copy of their ID, it would be “securely stored, won’t be made public, and would be deleted” once a person’s date of birth is verified. It noted, however, that it will not only use a person’s ID to confirm their age but also to “improve our verification services for Google products and protect against fraud and abuse”. Google said the move is in response to the Australian government’s Online Safety (Restricted Access Systems) Declaration 2022, which requires platforms to take steps to confirm users are over the age of 18 before they can access content that could potentially be inappropriate for under-18 viewers. The declaration was introduced under the Online Safety Act. See also: eSafety thinks identity verification for social media would be impracticalSimilar age verification steps have already been implemented in the European Union under the Audiovisual Media Services Directive (AVMSD). To ensure the experience is consistent, viewers who attempt to access age-restricted YouTube videos on “most” third-party websites will be redirected to YouTube to sign-in and verify their age to view it. “It helps ensure that, no matter where a video is discovered, it will only be viewable by the appropriate audience,” Yorke said.Meanwhile, Meta is rolling out parental supervision tools on Quest and Instagram, claiming it will allow parents and guardians to be “more involved in their teens’ experiences”. The supervision tool for Instagram will allow parents and guardians to view how much time their teens spend on the platform and set time limits; be notified when their teens shares they’ve reported someone; and view and receive updates on what accounts their teen follow and the accounts that follow their teen. There are also plans to add additional features, including letting parents set the hours during which their teens can use Instagram and the ability for more than one parent to supervise a teen’s account.The supervision tool on Instagram is currently available only in the US, but Meta says there are plans for a global rollout in the “coming months”. Teens will need to initiate Instagram parental supervision for now in the app on mobile devices, Meta said, but it explained parents would have the option to initiate supervision in the app on the desktop by June.”Teens will need to approve parental supervision if their parent or guardian requests it,” Meta said. As for the VR parental supervision tools being introduced to Quest, it will be rolled out over the coming months, starting with the expansion of the existing unlock pattern on Quest headsets to allow parents to use it block their teen from accessing experiences they deem as inappropriate. In May, Meta will automatically block teens from downloading IARC rated age-inappropriate apps, as well launch a parent dashboard, hosting a suite of supervision tools that will link to the teen’s account based on consent from both sides.Additionally, Meta has established what it is calling the Family Center to provide parents and guardians access to supervision tools and resources, including the ability to oversee their teens’ accounts within Meta technologies, set up and use supervision tools, and access resources on how to communicate with their teens about internet use.”Our vision for Family Center is to eventually allow parents and guardians to help their teens manage experiences across Meta technologies, all from one central place,” the company said. The moves from both tech giants follow the parliamentary committee responsible for conducting Australia’s social media probe releasing its findings earlier this week.In its findings, it believes online harms would be reduced if the federal government legislates requirements for social media companies to set the default privacy settings for accounts owned by children to the highest levels and all digital devices sold in Australia to contain optional parental control functionalities.  Related Coverage More

New South Wales Residents Head To Polls In State Election
Image: Brook Mitchell/Getty Images
The NSW Electoral Commission (NSWEC) has confirmed it will scrap using the iVote system for next year’s state election as there is a lack of confidence it will be ready in time. The decision comes after an unknown number of voters were unable to cast a vote during local elections at the end of last year due to the iVote online voting system suffering a failure for a portion of the voting period. An NSWEC investigation into the local election bungle found the system failure impacted the outcomes of three local elections. The NSWEC had already shelved the iVote system for “extensive reconfiguration and testing” to resolve the issues encountered during local elections, but the latest move indicates the system will not be used until at least March 25 next year. “The current version of the iVote software used by the Electoral Commission will be phased out and the short runway for configuring and testing a new version before March 2023 means the Electoral Commissioner cannot be confident an updated system adapted for elections in NSW will be ready in time,” the NSWEC said in a statement. The decision to scrap using the iVote system until next year at the earliest also means it will not be used for any intervening by-elections in the lead up to the state election. For core users of the iVote system, people with disability and those who are based overseas or in remote areas, the NSWEC said it would explore other ways to support their participation in future elections. In particular, the electoral commissioner will be recommending to the NSW Government for ordinary telephone voting to still be made available for blind and low vision electors.During the system failure’s aftermath, Dr Vanessa Teague, a cryptographer with a particular interest in privacy and election security, criticised the flaws within the iVote system. “Every serious investigation of iVote found serious problems,” Teague tweeted in December in light of the iVote failure. Teague’s comments at the end of last year were not her first in warning about the iVote system’s flaws. Starting in 2015, she and her colleagues found numerous flaws in iVote, problems that NSWEC had previously downplayed.  At the federal level, Australia’s electoral commissioner launched a new disinformation register last week to debunk misleading and deceptive information regarding how elections are run to protect the integrity of the country’s upcoming federal election. The Australian Electoral Commission said its main focus for the upcoming federal election would be handling the recent uptick of election conspiracy theories circulating online. Social media companies, meanwhile, have given assurances that they will allocate more resources for monitoring election disinformation and misinformation for the upcoming Australian federal election. On Tuesday, Meta unveiled its plan for handling election misinformation, which it labelled as its most comprehensive package ever in Australia. Related Coverage More

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published updated guidance about how to harden Kubernetes for managing container applications. Kubernetes is an open-source system that automates deployment, scaling, and management of applications run in containers.The updated guidance refreshes the two agencies’ first Cybersecurity Technical Report regarding Kubernetes hardening guidance from August 2021. CISA says the update contains additional details and explanations based on feedback from industry, including more detailed info on logging and threat detection in addition to other clarifications. Some of the updates are subtle but important for those who protect Kubernetes clusters. NSA and CISA do not list what the changes are in the updated guidance, but the initial recommendations weren’t met with universal approval. For example NCC Group noted that advice about Kubernetes authentication was “largely incorrect when it states that Kubernetes does not provide an authentication method by default”, whereas most customer implementations NCCGroup had reviewed “support both token and certification authentication, both of which are supported natively.” NCCGroup advised against both for production loads because Kubernetes does not support certificate revocation, which can be a problem if an attacker has gained access to a certificate issued to privileged accounts. The updated guidance now says that “several user authentication mechanisms are supported but not enabled by default.”Otherwise, key points of the original document appear to be unchanged. It looks at hardening within the context of typical Kubernetes cluster designs that include the control plane, worker nodes (for running containerized apps for the cluster), and pods for containers that are hosted upon these nodes. These clusters are often hosted in the cloud and often across multiple clouds in AWS, Azure, Google and elsewhere.   The agencies maintain that Kubernetes is commonly targeted for data theft, computational power theft, or denial of service. Historically, flaws in Kubernetes and various dependencies as well as misconfigurations have been used to deploy cryptominers on victim’s infrastructure.    It also maintains that Kubernetes is exposed to significant supply chain risks because clusters often have software and hardware dependences built by third-party developers. For example, security analysts last year warned of attacks against Kubernetes clusters via misconfigured Argo Workflows container workflow engine for K8s clusters.  Besides supply chain risks, other key actors in the agencies’ threat model include malicious outsiders and insider threats. These help define its hardening recommendations.For example, there is a common cloud case where workloads that aren’t managed by a given Kubernetes cluster share the same physical network. In that instance, a workload may have access to the kubelet and to control plane components, such as the API server. So, the agencies recommend network level isolation.   The agencies provide advice on how to ensure strict workload isolation between pods running on in same node in a cluster, given that Kubernetes doesn’t by default guarantee this separation.  Announcing the updated guidance, the NSA says: “Primary actions include the scanning of containers and pods for vulnerabilities or misconfigurations, running containers and pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing.”The agencies also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are account for and security patches are applied. But patching is not easy in the context of Kubernetes. CISA regularly publishes alerts about new Kubernetes related vulnerabilities. In February for example it warned of a critical (severity score 8.8 out of 10) privilege escalation flaw, CVE-2022-23652, which affected the capsule-proxy reverse proxy for Capsule Operator. But as NCCGroup points out: “patching everything is hard”, partly because of the pressure to avoid downtime but also because relevant vulnerabilities span Kubernetes, Containerd, runc, the Linux kernel and more.”This is something that Kubernetes can help with, as the whole concept of orchestration is intended to keep services running even as nodes go on and offline. Despite this, we still regularly see customers running nodes that haven’t had patches applied in several months, or even years. (As a tip, server uptime isn’t a badge of honour as much as it used to be; it’s more likely indicative that you’re running an outdated kernel),” NCCGroup noted.  More

There’s been a steep rise in phishing attacks which hijack legitimate, ongoing conversations between users to steal passwords, steal money, deliver malware and more. Phishing attacks have been a cybersecurity issue for a long time, with criminals sending out vast waves of emails in an attempt to dupe victims into clicking on malicious links, downloading malware or handing over their passwords via fake login portals.  They range from basic, generic attacks claiming that the victim has won a prize and they just need to click a link to retrieve it, to more targeted campaigns which send corporate emails designed to look legitimate for the intended target. For example, it’s common for cyber criminals to send emails posing as company’s CEO to that company’s employees in an attempt to trick the user into following orders from their ‘boss’. But increasingly, cyber criminals are looking to exploit the actual email accounts of real users by hacking into accounts and hijacking ongoing conversations in order to send phishing emails.  These conversation hijacking attacks have the potential to be more effective because the source of the email is someone the victim trusts and the message comes as part of an ongoing thread, so doesn’t look as suspicious as an unexpected email coming out of the blue and asking for a file to be downloaded or a link to be clicked. According to cybersecurity researchers at Barracuda Networks, conversation hijacking attacks grew by almost 270% in 2021 alone. These attacks begin by hackers taking over the email account of a victim which the attackers can then use to lure other victims into responding to messages. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)  Once in control of an account, the attackers take the time to read their emails and monitor their ongoing communications to understand more the day-to-day activities of the user, how they communicate with internal and external contacts, along with gaining information about business operations, payment procedures and potential deals in progress. Cyber criminals use this information to craft authentic-looking and convincing messages which appear in ongoing conversations, asking users to click a malicious link or download a malicious attachment – all in the correct context of the situation. Conversation hijacking attacks take more time and effort than regular phishing attacks – but for the cyber criminals, patience can be extremely rewarding. “Although there is a lot of upfront work, when conversation hijacking is done “right,” it can have a huge payout for cyber criminals. The number is growing because it’s very difficult to detect, success rates can be high and payouts are big,” Mike Flouton, VP Product Management at Barracuda Networks told ZDNet.  While conversation hijacking only makes up a small number of social engineering attacks – researchers say they account for 0.3% – the high success rate of the attacks means that it’s likely that more cyber criminals will turn to them. “I expect that the number of these instances will continue to grow in the coming years,” said Flouton. But like with other phishing attacks, it’s possible to protect users from conversation hijacking attacks.Strong passwords should be applied to accounts so hackers can’t easily crack them. Users should also use multi-factor authentication to add an extra barrier to cyber criminals simply being able to login to accounts with stolen passwords. And if a password is suspected of being stolen, it should be changed. For organisations, it’s recommended that account-takeover protection is applied and that inboxes and networks are monitored to register suspicious activity, particularly if logs show that the user has seemingly accessed their account from a new location or a different time zone. Staff should also be trained to recognise and report suspected phishing attacks. Ultimately, the reason conversation hijacking attacks are being deployed is because they’re successful. Therefore, organisations and their information security teams should have plans in place about how to deal with a successful attack.   “Make sure you are prepared for a cyber attack – have a well thought out response plan in place that will help you recover quickly,” said Flouton. MORE ON CYBERSECURITY More

iPhone and Android users are falling prey to new and even more extortionate tactics by romance and cryptocurrency scam artists. 

Romance scams are nothing new, but their potential impact has expanded due to mobile technology and the connectivity of our smartphones to core financial services, banking, and investment opportunities. The US Federal Trade Commission (FTC) says that 2021 was a “goldmine” for scammers, and $770 million was lost due to social media scams alone during the year. Investment, cryptocurrency, and romance scams were the most common ways fraudsters cashed in.  In 2021, Sophos revealed “CryptoRom,” an international criminal ring conducting romance scams across Asia, the US, and Europe. At the time, Sophos said that CryptoRom primarily targeted Bumble and Tinder users, luring them into downloading fake cryptocurrency trading apps by abusing Apple’s Enterprise Signature platform.  The researchers have now provided an update on the scammers’ activities. On Wednesday, ESET said that victims have been contacting the company, providing their own stories and allowing the team to collect more threat information.  “Most also reported that they had lost thousands of dollars in personal savings to the crooks behind the scams, though some saw our previous reports and recognized the scam before being drawn into it too deeply,” ESET said. “In some cases, victims have lost their entire savings and even taken out loans with the hope that they will get their money back.” Also: Microsoft warns of emerging ‘ice phishing’ threat on blockchain, DeFi networksIt now appears that CryptoRom fraudsters are also soliciting victims through cold-call WhatsApp messages, offering them investment opportunities and trading tips — and, of course, “huge” financial returns are promised.  Victims are then redirected to fraudulent websites and third-party app repositories, where they are induced to download and install fake cryptocurrency and trading apps. However, this is when a change in tactics has been noticed.  Normally, scam artists will lure their targets into either submitting their sensitive financial information into an app or purchasing cryptocurrency through other services, which end up in the wallets of attackers.  In this case, however, CryptoRom scammers will allow victims to initially make withdrawals of their initial deposits from the fake apps — designed to mimic popular, legitimate services — after a ‘win’ on the market.  This may seem counter-productive, but the scam artist then will urge their target to invest even more, as it appears that the investment ‘opportunity’ has already resulted in profit — and there is more money to be made.  Keep in mind that the scam artist is masquerading as a friend or a romantic interest. Having laid the groundwork of a personal bond and a seemingly real investment opportunity, the crooks will try to squeeze more cash out of their victim. “To sweeten the pot, they even offer to ‘lend’ the target a huge sum to increase the investment; since they control the back-end of the app, they can inject fake deposits on accounts and create imaginary profits at will,” the researchers noted.  When ‘profit’ appears, and the user tries to make a withdrawal, the attackers’ strike. Profits have been artificially created to any sum they wish — and now, the victim having paid in further, the scam artist demands a “tax” of 20% on the imaginary figure via the app’s “customer service” team.  Some victims reported threats that tax authorities would take everything if they did not pay up. Naturally, they aren’t allowed to pay using the funds held in the app.  An individual reached out to ESET and said that all of their retirement money, and loans, had been deposited and was ‘frozen’ in the app, with over one million dollars held. The fraudsters demanded a ‘tax’ payment of $625,000.  This kind of double-dipping appears to be a successful tactic in romance & investment scams and one that we need to be more aware of. Fund recovery services targeting CryptoRom victims have also appeared on social media to make matters worse. It’s likely these fake services want to capitalize on those already taken in once by online criminals.  “Because of the nature of cryptocurrency and the fact that cross-border foreign transactions are involved, it is difficult at best to recover funds through law enforcement or other legal channels,” ESET says. “The vast majority of these services are fake, and it is highly unlikely that any service would be able to get victims’ money back.”See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) and exploit a Windows 10 printer spooler flaw to compromise networks and high-value domain accounts. The goal? Accessing the victim’s cloud and email.  The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about Russian state-sponsored activity that pre-dates recent warnings over cyber activity related to Russia’s military invasion of Ukraine. 

ZDNet Recommends

As early as May 2021, the hackers combined a default configuration issue in a Duo MFA setup at a non-government organization (NGO) with the critical Windows 10 PrintNightmare flaw CVE-2021-34481 to compromise it. SEE: There’s a critical shortage of women in cybersecurity, and we need to do something about itMicrosoft patched that elevation of privilege issue in August. Once inside a network, the flaw allowed an attacker to create new accounts on Windows 10 machines. In the NGO’s case, the use of a weak password allowed the attackers to use a password-guessing attack to gain the credentials for initial access. The attackers also used the fact that Duo’s default configuration setting allows the enrollment of a new device for dormant accounts.  “Russian state-sponsored cyber actors gained initial access to the victim organization via compromised credentials and enrolling a new device in the organization’s Duo MFA. The actors gained the credentials via brute-force password guessing attack, allowing them access to a victim account with a simple, predictable password,” CISA said in an alert.   After compromising the account, PrintNightmare came into play, with the attackers using it to escalate privileges to a more powerful admin level and then “effectively” disabled MFA for the compromised account.”This change prevented the MFA service from contacting its server to validate MFA login – this effectively disabled MFA for active domain accounts because the default policy of Duo for Windows is to “Fail open” if the MFA server is unreachable,” CISA explains. It notes that the “fail open” issue is not specific to Duo. From there, the operation was repeated but applied to higher-value domain accounts. After disabling MFA, the attackers authenticated to the victim’s VPN as non-administrator users and made RDP connections to the Windows domain controllers. They nabbed credentials for additional domain accounts and went on to change the MFA configuration file, allowing them to bypass MFA for these newly compromised accounts. “Using these compromised accounts without MFA enforced, Russian state-sponsored cyber actors were able to move laterally to the victim’s cloud storage and email accounts and access desired content,” CISA explains.  CISA outlines several mitigations related to and beyond MFA implementations. The MFA-specific mitigations include: Before implementing, organizations should review configuration policies to protect against “fail open” and re-enrollment scenarios.Implement time-out and lock-out features in response to repeated failed login attempts.Ensure inactive accounts are disabled uniformly across the Active Directory and MFA systems.Updating software and prioritizing patching of known exploited vulnerabilities, especially critical and high-level vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment.Require service accounts, admin accounts, and domain admin accounts to have strong, unique passwords.  More

The chief security officers of Australia’s big four banks have likened combating cybersecurity attacks to playing a team sport. “I think I’m not alone in saying that we see cyber as very much a team sport,” Commonwealth Bank of Australia CISO Keith Howard said during the virtual Cyber Live event on Wednesday.”The competitors, from my perspective, is not [the other banks], it’s the attackers … at the end of the day, we’re stronger when we work across industry, across education, and also work across government as well.”This joint security effort between the big four occurs regularly, according to National Australia Bank CSO Sandro Bucchianeri.”What we typically do is we would talk about indicators of compromise and share our threat intelligence so that we can better defend ourselves because something I see at NAB, Richard may not have seen it at Westpac, or Lynwen [at ANZ] may have also seen it, so we try to compare notes essentially — and that helps us protect the wider Australian community as a whole,” he said.

Special feature

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

Bucchianeri also emphasised the importance of having diverse skill sets to make up a strong cybersecurity team. “Just like soccer, where you have strikers, defenders, midfielders, goalkeepers, doctors, coaches, nutritionists, and the list goes on, we are looking for new diverse talent that will help us better defend the organisation. Something that I’m personally very excited about is training visually impaired students to become cybersecurity professionals,” he said.From ANZ CISO Lynwen Connick’s perspective, diversifying the cybersecurity sector is not only just about gender, but also bringing in people from other fields like psychology, media, and fashion. “People come from all different walks of life, and that’s really important from a diversity point of view as well because you get that diversity of thought,” she said. “People have had different training, different experiences coming into cybersecurity because cybersecurity is really part of everything we do, so we need all sorts of different people.”  The need to boost Australia’s cybersecurity skills comes at a time where cyber attacks are no longer synonymous with a specific sector or enterprise — rather it’s hurting all sectors. A prime example was when global meatpacker JBS last year paid $11 million in Bitcoin to cyber attackers that encrypted its files and disrupted operations in the US and Australia with ransomware.As BT Australasia cybersecurity head Luke Barker puts it, compared to a decade ago, there was nowhere near as many targeted activities towards organisations that run operational networks, such as manufacturing, mining, energy, and water, as there are today. “Ten years ago, I don’t think the adversaries were targeting those types of industries as much,” he said. “Whereas I look now and most of the organisations we work with, we’re seeing a significant rise in cybercrime against organisations that run those types of environments because the impact is so big.”If you’re having to take down an organisation’s manufacturing facility, that is the number one source of revenue, so the impact of their business and the likelihood of them potentially paying a ransom is going to be more so than say their website goes down, when their core business is manufacturing.”We’re seeing that shift towards what’s going to create the biggest impact and where are the crown jewels for that organisation.” Related Coverage More