Oracle buys healthcare company Cerner for $28.3 billion

Zach Marzouk

21 Dec, 2021

Oracle has acquired the digital medical records business Cerner for $28.3 billion (£21.4 billion), with plans to use the company as an anchor asset into the healthcare sector.

The enterprise software company made the purchase through an all-cash tender offer for $95 per share and the transaction is expected to close in 2022. Oracle expects Cerner to be a huge additional revenue growth engine for years to come as the company expands the acquired business into many more countries throughout the world. 

Cerner is a leading provider of digital information systems used within hospitals and health systems to enable medical professionals to deliver better healthcare to individual patients and communities. Oracle said the company has over four decades of experience in modernising electronic health records, improving caregiver experience, and streamlining and automating clinical and administrative workflows.

The two companies are hoping to transform healthcare delivery by providing professionals with better information, hoping this will help them make better treatment decisions resulting in better patient outcomes. Cerner systems will run on the Oracle Gen2 Cloud, with the goal being to deliver zero unplanned downtime in the medical environment.

As Cerner systems will run on the Oracle database, only specifically authorised medical professionals will be able to access patient data. IT professionals running the systems will be unable to look at patient data too.

“With this acquisition, Oracle’s corporate mission expands to assume the responsibility to provide our overworked medical professionals with a new generation of easier-to-use digital tools that enable access to information via a hands-free voice interface to secure cloud applications,” said Larry Ellison, chairman and chief technology officer at Oracle.

“This new generation of medical information systems promises to lower the administrative workload burdening our medical professionals, improve patient privacy and outcomes, and lower overall healthcare costs.”

Cerner will be organised as a dedicated Industry Business Unit within Oracle and will be its anchor asset to expand into healthcare. Oracle also intends to maintain and grow Cerner’s community presence in the Kansas City area, while utilising Oracle’s global footprint to reach new geographies faster.

“Joining Oracle as a dedicated Industry Business Unit provides an unprecedented opportunity to accelerate our work modernizing electronic health records (EHR), improving the caregiver experience, and enabling more connected, high-quality and efficient patient care,” said David Feinberg, president and chief executive officer at Cerner

Last week there were rumours that Oracle was in talks to acquire Cerner, for around $30 billion. The deal could give Oracle massive volumes of health data for its artificial intelligence services and be Oracle’s largest acquisition ever, as well as one of the biggest takeovers of 2021.

Kyndryl launches its Cloud Innovation Center in Quebec

Praharsha Anand

17 Dec, 2021

Kyndryl, a spin-off of IBM’s managed infrastructure division, has announced the opening of its new Cloud Innovation Center in Montréal, Quebec.

The facility will create nearly 500 new IT jobs over the next five years while also providing digital transformation services to Canadian organisations.

In particular, the Cloud Innovation Centre will offer certified training in modernizing cloud applications, automating DevOps and service management, analytics and artificial intelligence (AI), and more.

Over 100 new IT positions have already been created at the center, who have been offered training in advanced cloud platforms, automation tools, cyber security, and given access to its vast partner network.

“This centre creates tremendous opportunity in several ways. Our customers and organizations across Canada can now leverage Kyndryl’s world class talent, with the top skills in cloud and technology services, to help them accelerate their digital transformation strategies and achieve their business goals,” said Xerxes Cooper, president of Kyndryl Canada.

“The next-generation workforce from local technical colleges and universities have the opportunity to deliver the technology skills needed to drive business innovation, and this centre positions Quebec as a hub for global businesses.”

Additionally, Kyndryl’s new bilingual technology services center will support industries’ digital transformation efforts and help meet the growing demand for cloud skills. Kyndryl also has expertise in security and resiliency, network and edge, and core enterprise and cloud services, among others.

Montréal International is proud to support Kyndryl in this project that will offer great career opportunities to young graduates and professionals while growing the local IT talent pool,” said Stéphane Paquet, president and CEO of Montréal International.

“This investment will also provide local businesses with specialized services in an evolving sector where the demand keeps on growing.”

Oracle to acquire health records business Cerner in $30 billion deal

Bobby Hellard

17 Dec, 2021

Enterprise software giant Oracle is reportedly in talks to acquire Cerner, a digital medical records business, for around $30 billion.

The deal could give Oracle massive volumes of health data for its artificial intelligence services, according to The Wall Street Journal, which cites sources familiar with the story.

If it does go through, it will be Oracle’s largest acquistion ever, as well as one of the biggest takeovers of 2021.

Cerner is the second largest provider of electronic health record software in the US, just behind Epic Systems Corp. The company offers full IT services, including hardware, to medical facilities across North America and has over 29,000 employees around the world, with the majority based in Kansas City, Missouri.

Its business is heavily reliant on sales of software and IT services, but it has been looking to move deeper into new technologies and cloud services. The company recently collaborated with the Vaccination Credential Initiative, launching a global digital passport to for international travel to help manage the spread of COVID-19.

The firm is also a known partner of Amazon Web Services; the cloud provider was approached in 2019 to collaborate on AI services for healthcare projects.

The proposed deal is part of a growing trend of software developers and cloud providers finding routes into healthcare. Microsoft announced a similar deal to acquire Nuance Communications for $19.7 billion earlier in the year. That takeover is currently being looked at by the UK’s Competition and Markets Authority over concerns it will give Microsoft an unfair advantage in that particular market.

Other tech giants such as Google, Apple and even Facebook have also made in-roads into healthcare, with large acquisitions and new services. The social network is reportedly investing in a new wearable health tracker.

The most significant industry moves of 2021

Jonathan Weinberg

26 Dec, 2021

As another turbulent and unprecedented 12-month period wraps up, we can look back at a busy year for the tech industry. A handful of household names pursued mergers, acquisitions, spin-offs and strategical overhauls, with many striving to become a stronger force on the world stage. Other deals, meanwhile, became mired in regulatory issues. 

From Facebook to Intel, and from Microsoft to Salesforce, 2021’s most significant industry moves will have repercussions for years to come. We look back at a handful of the loudest to examine why these moves were so important, and what each one means for the future of the industry.

Intel launches $20 billion manufacturing roadmap 

When Intel announced in March it was to invest $20 billion into two new Arizona factories, the US chipmaker’s CEO, Pat Gelsinger, described it as “setting a course for a new era of innovation and product leadership”.

The continued chip shortage has wreaked havoc on the production of everything, from laptops, smartphones and tablets to gaming consoles and even cars. Boosting manufacturing capacity and economies of scale seem a natural response to that, assuming Intel can get hold of enough of the necessary raw materials, given the global supply chain crunch. The sector, of course, has also been hit by an increase in the price of copper.

The launch of Intel Foundry Services (IFS), which aims to make the company a major provider of foundry capacity in the US and Europe, is also a key factor, given its plan to make custom chips for tech firms and national governments.

Where’s the strategic value? 

The pandemic hugely increased demand for technology that could power the massive remote working shift across the world. Chipmakers will be instrumental to that change and need to be ready and flexible to take advantage. Intel is in a tight race for supremacy with Nvidia, and also needs to compete with the likes of Taiwan Semiconductor Manufacturing Company Limited (TSMC) and Samsung. In light of geopolitical tensions, this move is, in part, a bid to ensure more is made in the US.

According to the Semiconductor Industry Association, US-based fabs account for just 12% of the world’s manufacturing, down from 37% in 1990. There are also restrictions and sanctions on China’s largest chip manufacturer, Semiconductor Manufacturing International Corporation (SMIC), put in place by the US Department of Commerce. In mid-December, Intel also announced it will invest more than $7 billion to develop a new chip-packaging and testing factory in Malaysia.

Salesforce bets big on collaboration with $27.7 billion Slack acquisition

As we entered 2021, Salesforce announced it would acquire Slack, the popular workplace collaboration platform with more than 10 million active users daily.

Marc Benioff’s software giant, whose customer relationship management (CRM) platform is used by 150,000 companies, heralded it as a “match made in heaven” while Slack CEO Stewart Butterfield hailed the “most strategic combination in the history of software”.

Where’s the strategic value? 

The world of work is changing beyond all recognition thanks to remote working and greater flexibility – and that means workplace collaboration software will be critical to productivity and growth.

Joining forces gives both Salesforce and Slack much greater capacity to compete against the likes of Microsoft Teams and Facebook Workplace, offering the sort of software and functionality that would prove complementary to each of its customer bases.

Nvidia and Arm’s $40 billion bid to own the age of AI

Combining a company with the artificial intelligence (AI) strength of Nvidia with the semiconductor prowess of Arm seems a no-brainer

When the deal was announced in September 2020, Jensen Huang, founder and CEO of Nvidia, said: “In the years ahead, trillions of computers running AI will create a new Internet of Things (IoT) that is thousands of times larger than today’s internet of people. Our combination will create a company fabulously positioned for the age of AI.”

The move hasn’t panned out as either company will have hoped, however, and has since been endangered by a thorough regulatory process in the UK.

Where’s the strategic value? 

As Huang pointed out, the value lies in the future, with technology set to become more connected than ever. In the coming years, smart devices and appliances will become the norm, while sensors will power smarter cities, using AI alongside the wealth of data they gather from the likes of shops, roads, buildings, and factories to drive both government and business decision-making and direction.

Given the size and scope of the deal, however, 2021 has seen it attract a continued amount of regulatory scrutiny. The UK has put Cambridge-based Arm under the spotlight due to fears over competition and national security. Read more about that investigation, by the Competitions and Market Authority (CMA), here. It was also announced in December 2021 how the Federal Trade Commission (FTC) is also seeking to block the takeover.

IBM officially launches Kyndryl spin-off

In November, IT services firm Kyndryl completed its spin-off from IBM. Alastair Edwards, chief analyst for channels analysis at Canalys, told Channel Pro how removing the IBM shackles would allow it to work with a broader range of technology vendors. This would allow Kyndryl to enjoy “the agility to focus on what they’re really interested in, which is obviously cloud, AI, and other technology areas that they’re doubling down on”.

Where’s the strategic value? 

The true value of the spin-off remains to be seen. Experts suggest, though, Kyndryl will face fierce competition from managed cloud service providers. By focusing on its specialisms, however, it could carve out a newer niche and premium role for itself. 

For IBM, it represents a move away from its legacy as it focuses on the three pillars of AI, hybrid cloud and quantum computing.

The $64 billion Dell-VMware question

Following the news that VMware would spin out from Dell to create a standalone company, valued at approximately $64 billion, its CEO Raghu Raghuram explained: “We will continue to bring our multi-cloud strategy to life by providing our customers the power to accelerate their business and control their destiny in this new era.”

This is, of course, only the latest chapter in a long saga of the relationship between Dell and VMware, since Dell acquired EMC (which owned VMware) in 2016.

Where’s the strategic value? 

You could describe this November 2021 separation as a “conscious uncoupling”, an amicable breakup with a positive outcome for both. VMware and Dell will continue to provide “differentiated solutions” for their customers ensuring they are still strong apart. The move has benefited Dell as it has meant it received $9.3 billion to use to pay down debt, while VMware now has far more flexibility to partner with a greater number of cloud and on-premises infrastructure companies.

Facebook goes all ‘Meta’ on us

The Facebook Company has come a long way since the social network site launched to the public in 2006. Alongside the platform we all know, the wider business now owns WhatsApp, Instagram, and Oculus. 

To distance itself from the negative word association regarding its legacy name, in light of a string of scandals, data breaches and PR disasters, the umbrella company is now called Meta. It’s a similar move to when Google changed its parent company’s name to Alphabet. 

Meta was chosen as a title because, as we head into the future, Facebook founder Mark Zuckerberg is pinning his hopes on the metaverse – an online world for people to inhabit 24/7 using Virtual Reality (VR) headsets to work and have fun. Zuckerberg said, at the time of the announcement: “Over time, I hope that we are seen as a metaverse company and I want to anchor our work and our identity on what we’re building towards.”

Where’s the strategic value? 

The names of Meta’s individual brands aren’t changing; they’re far too well-known and ingrained in the psyche to mess with. Given the size of the business now, though, a new name and logo can help to cement a fresh identity in the future, especially for existing shareholders and future investors. It allows the business, too, to report on two different sides of its operations.  

The metaverse is a big strategic gamble and looks set to revolutionise the business world in the same way Facebook has influenced the nearly two billion daily active users it retains worldwide. For many younger people in Generation Z and Generation Alpha, Facebook holds far less relevance to their lives, however, compared to those of their parents.

Differentiating the name means there’s no negative attachment to Meta from younger groups who have little or no emotional affiliation to Facebook, while also distancing the brand from a litany of high profile scandals.

AMD’s $35 billion gambit on Xilinx

Industry moves this year have definitely been highly influenced by chipmakers as well as the ongoing chip shortage. This deal will see the manufacturer circuit boards, ethernet ports and high-performance processors become part of the AMD family.

“By combining our world-class engineering teams and deep domain expertise, we will create an industry leader with the vision, talent and scale to define the future of high-performance computing,” AMD president and CEO Dr Lisa Su said in October.

Where’s the strategic value? 

As Su explains, Intel is in a close battle with Nvidia for chipmaking supremacy, meaning AMD must also stay in that race. An acquisition such as this provides far more firepower in that fight. 

The world’s chipmakers are now at the very heart of every technological change we’re set to experience over the next decade. Without them, little would be possible and it’s why the chip shortage has bitten hard across a variety of industries.

Ramping up production is now key, and everyone involved in the chipmaking process will be looking to gain a greater strategic advantage. It’s likely 2022 will see more acquisitions and consolidations across the industry to aid in that effort.

Microsoft shouts loudly with $19.7bn Nuance deal

Acquiring AI voice firm Nuance feels like a natural win for Microsoft. As more people work from home, tools that enable productivity are going to be in real demand.

Microsoft already signalled its intent to underpin itself more deeply into this workplace-related market back in 2016 with its $26.2 billion purchase of LinkedIn. Since the pandemic started, Microsoft Teams has been building itself to become indispensable in office life, enabling remote and flexible working through communication and collaboration. 

Where’s the strategic value? 

Outside of the office setting, one area Microsoft suggests will benefit from the Nuance deal is the Microsoft Cloud for Healthcare. Nuance already has a number of products in this space, helping with dictation and transcription for medical professionals, and these solutions are currently used by more than 55% of physicians and 75% of radiologists in the US, and used in 77% of US hospitals.

The future of healthcare, driven by AI and machine learning, is a huge growth area and opportunity. Across the globe, it’s a frontier being explored to improve patient outcomes and journeys, while also delivering innovative and life-saving treatments. Microsoft CEO Satya Nadella previously said healthcare is the most urgent application of AI, with this move paving the way for advanced systems to be put into the hands of professionals everywhere. 

Despite receiving regulatory approval in the US and Australia, however, the deal is being scrutinised by the UK’s CMA.

The most spectacular tech gaffes of 2021

Carly Page

30 Dec, 2021

No year passes without incident, and that’s especially true for a 12-month period equally blighted with COVID-19 as it was with tech-related mishaps and mix-ups.

From public sector IT blunders to catastrophic cyber security failings, here’s our pick of the most eye-catching and alarming incidents to grace the headlines. 

Government-funded laptops arrive in schools loaded with malware

The UK government welcomed us into 2021 with a major IT blunder that saw it issue malware-infested laptops to vulnerable children. A number of these devices were found to be infected with a “self-propagating network worm”, and also appeared to be communicating with Russian servers. 

The Windows-based laptops were, specifically, infected with Gamarue.1, a worm Microsoft first identified in 2012. At the time, the Department of Education said it was “urgently investigating” the issue that had only affected a “small number of devices.”

Slack kickstarts 2021 with a major outage 

Slack, meanwhile, also started 2021 on the wrong footing, with the now Salesforce-owned business communications platform suffering a major outage on 4 January as employees across the globe began to log back onto their systems to start their working year afresh. 

The outage saw team members unable to reliably send or receive messages, with some users also struggling to log into the service altogether.

Home Office wipes 15,000 police records

Back in February, the Home Office was forced to admit it had inadvertently deleted the records of more than 15,000 people from the Police National Computer (PNC). 

A total of 209,550 offence records that related to 112,697 individuals were wiped from the system, including crucial evidence such as fingerprint scans, DNA and arrest records. This “critical incident” was later blamed on a combination of “human error” and failures at the management level. 

SolarWinds blames intern for weak ‘solarwinds123’ password

Following the devastating supply-chain attack towards the tail end of 2020, SolarWinds admitted a former intern had leaked a weak company password that was publicly accessible on the internet for more than a year. 

The password ‘solarwinds123’ – a critical lapse in password security – was publicly accessible through a private GitHub repository from June 2018, before this was finally addressed in November 2019. 

SolarWinds failed to mention, however, whether the password played a role in the major cyber attack the company sustained. This incident saw up to 18,000 businesses compromised by a version of its Orion security platform loaded with malware. The incident, nevertheless, serves as a reminder for businesses to stay on top of information security as we transition on into a more dangerous than ever 2022.

Australia’s Channel Nine interrupted by cyber attack

In March this year, an unknown assailant took down a live broadcast by Australia’s Channel Nine TV station. This ransomware attack locked staff out of emails, internet access and print production systems.

This incident, which serves as a concise visual metaphor for the disruptive effects of cyber crime, has since been described as the largest cyber attack to hit a media company in Australia’s history. The incident itself affected several shows, including the Weekend Today programme, and forced the Sydney-based organisation to shift to its Melbourne studios.

Cause of the OVH data centre fire won’t be revealed until 2022

March played host to a series of incidents, as we also saw a fire erupt at an OVH data centre in the French city of Strasbourg. The destruction resulted in both the loss of data and service outages across Europe.  The incident was first reported on 10 March and the firefighters, although they responded almost immediately, were unable to stop a blaze inside the SBG2 building. Four rooms inside SBG1 were also destroyed, although two other data centres owned by OVH were not affected. The company, however, did have to switch off every one of its servers.  The official root of the blaze still hasn’t been revealed – and likely won’t until 2022 with OVHCloud’s chairman and founder Octave Klaba apologising for the incident, but remaining tight-lipped on the cause.

Gmail “more secure” than Parliamentary email, claims MP

In April, Conservative MP Tom Tugendhat faced a litany of questions after claiming GCHQ advised him Gmail is safer to use than the UK’s own Parliamentary email system. 

During a radio interview, he said he’d been the subject of numerous cyber attacks, adding GCHQ had informally advised him he would be better off using Gmail rather than the Parliamentary system as it was “more secure”. 

“Frankly, that tells you the level of security and the priority we’re giving to democracy in the United Kingdom,” he said at the time. The incident echoed the poor security hygiene practices of the now digital secretary Nadine Dorries, when she admitted only a few years ago that she routinely shared her passwords with office staff.

Train firm slammed over ‘bonus’ phishing test 

West Midlands Railway found itself in hot water in May after it dangled the prospect of a company-wide bonus for workers as part of a lure in a phishing simulation test.

Julian Edwards, the train operator’s managing director, emailed the company’s 2,500 employees with a message saying the firm wanted to thank them for their hard work during the COVID-19 pandemic, promising a one-off payment. Those who clicked the link for the bonus, however, received a message telling them this was merely a “phishing simulation test” designed by the firm’s IT team to entice employees.

The email was described as “crass and reprehensible” by the leader of the Transport Salaried Staffs Association, Manuel Cortes. Others in the cyber security community, meanwhile, struck a more diplomatic tone, suggesting this was exactly the type of lure cyber criminals would deploy.

Researchers leak Windows zero-day exploit in fatal misunderstanding

The PrintNightmare fiasco that raged through the summer perhaps became most widely-known for Microsoft’s failure to quash the bug – with a handful of faulty patches released for several flaws. The origins of the first exploit’s initial disclosure, however, will go down in cyber security infamy.

The comedy of errors began when Microsoft upgraded the status of an already-patched PrintSpooler component vulnerability, rated 8.8 on the CVSS threat severity scale, from privilege escalation to remote code execution. This prompted the firm Sangfor, which was conducting its own research into PrintSpooler flaws at the time, to publish research into an RCE PrintSpooler flaw, including a fully usable exploit.

The company believed the two bugs – the recently-upgraded flaw and that it had just published research on – to be the same, but they had in fact just published a working exploit for an entirely different, undiscovered, flaw.

Kaspersky generates passwords that can be ‘cracked in seconds’

In July we learned that Kaspersky Password Manager (KPM) was embedded with several problems that meant the passwords it generated could be cracked using brute force techniques “in seconds”. 

The password generator created passwords from a given policy, with users able to set parameters to change password length and include uppercase letters, lowercase letters, digits and special characters. By default, KPM generated 12-character passwords with an extended chart set. 

The generation process is a complex method but effectively meant letters such as q, z and x were more likely to appear than in the average password manager. Once any given letter was generated, it skewed the probability of other letters appearing in the same string.

‘Fault configuration change’ takes Facebook, and others, offline

In October, Facebook suffered one of the worst outages in its nearly 20-year history. The outage, which the social network has since been blamed on a “faulty configuration change” took Facebook, Instagram and WhatsApp offline for more than six hours. 

The outage cut off all internal communications, and even prevented employees from accessing critical data on third-party services such as Google Docs. Worse yet, it was reported at the time that Facebook sent engineers to one of its main data centres in California to remedy the issue, but the outage prevented staff from physically accessing company buildings and conference rooms with their badges.  

Mark Zuckerberg’s personal wealth falling by $6 billion, by way of consequence, might seem a harsh result. This paled in comparison, however, to the impact the outage had on users in the developing world who are dependent on Facebook’s Free Basics programme for essential communication, business and humanitarian activities.

Meta expands bug bounty programme to cover data scraping

Connor Jones

16 Dec, 2021

Meta has expanded its bug bounty programme to include flaws that lead to data scraping in a move it’s describing as an industry-first.

The programme will now cover database scraping and also offer rewards for researchers who can simply show novel methods of scraping on its products – the latter of which is a first-of-its-kind programme, according to the newly rebranded parent company of Facebook.

It will begin as a private programme only available to Meta’s Gold+ HackerPlus security researchers – a title for researchers who have reported at least five valid bugs to the company – and will offer rewards to those who show how data scraping can be achieved, regardless of the degree of impact on the product.

Researchers can submit methods even if the data is public and Meta said it’s particularly looking for reports regarding logic bypass issues – flaws that permit access to data via unintended mechanisms.

Data scraping can be achieved using specially crafted scripts, often using the Python programming language, which are designed to lift the data from any given web page. These scripts can be designed to grab specific information, depending on the target and the purpose of the activity.

“We know that automated activity designed to scrape people’s public and private data targets every website or service,” said Meta in an announcement.

“We also know that it is a highly adversarial space where scrapers – be it malicious apps, websites or scripts – constantly adapt their tactics to evade detection in response to the defences we build and improve. As part of our larger security strategy to make scraping harder and more costly for the attackers, today we are beginning to reward valid reports of scraping bugs in our platform.”

The move comes more than two years after the company formerly known as Facebook first identified an issue that allowed users to scrape data of 533 million of its users. The data was leaked online, in full, by a hacker earlier this year after they ran an underground business that saw people pay small sums to access and retrieve information such as users’ phone numbers.

Meta has said it will also reward researchers who can demonstrate they can scrape datasets containing at least 100,000 Facebook user records, starting today.

To be eligible for a reward, the dataset must be unique and unknown to Meta, and contain personally identifiable information (PII) such as email addresses, phone numbers, physical addresses, or religious or political affiliations.

“If we confirm that user PII was scraped and is now available online on a non-Meta site, we will work to take appropriate measures, which may include working with the relevant entity to remove the dataset or seeking legal means to help ensure the issue is addressed,” the company said.

The maximum reward for the programme is not disclosed by Meta, but it said each successful, eligible disclosure will be rewarded with the bare minimum of $500 (£376).

Database scraping is often confused with a data breach and it represents an interesting differentiation of the two terms, despite the outcome largely being the same – user data falling into the hands of those with whom the user did not explicitly share.

Unlike data breaches, which fall under the Computer Misuse Act, there is no specific law against data scraping in the UK. However, sites can take action against individuals if the data scraping results in an infringement of intellectual property or breaches the site’s terms of service.

Home Office spent over £37 million on devices for remote work

Sabina Weston

16 Dec, 2021

The Home Office has spent an estimated £37.7 million on over 53,000 new laptops, tablets, and phones in the last three years.

Nearly half of these devices (24,253) were purchased in the last 12 months, in order to aid remote working during the COVID-19 pandemic.

This data, retrieved using a Freedom of Information (FOI) act by the Parliament Street think tank, revealed that the number of purchased devices increased by 148% from September 2019 to September 2020, with an additional 18% increase between September 2020 and September 2021.

Laptops were the most common purchase, having risen from 6,940 in 2019, to 16,889 in 2020 and 16,586 in 2021.

However, mobile phone purchases had the biggest increase over the past three years, up from 1,361 in 2019, to 7,638 in 2021 – marking a 461% increase since the introduction of remote working.

The data also showed that Zoom has remained the video conferencing platform of choice for the UK government since the start of the pandemic, allowing the House of Commons to resume work during lockdown restrictions. This was in spite of the widespread security concerns that prompted the Ministry of Defence (MoD), US Senate, and Germany’s Foreign Office to ban its staff from using Zoom. The Home Office is said to have spent £6,716 on Zoom licenses alone, across 142 unique users.

By contrast, the number of new Office 365 accounts acquired by the Home Office had fallen from 3,804 in 2019 to 513 by 2020, before rising again to 2,415 in 2021. The most recent purchases could have been made in order to avoid the Office 365 price increases that are set to come into effect in March 2022.

The data comes weeks after a similar FOI revealed that HM Revenue and Customs (HMRC) had invested in almost 40,000 new devices for its employees since October 2020 in a bid to facilitate hybrid and remote working. This hardware investment was a 366% increase year-on-year, with HMRC purchasing 37,624 laptops, tablets and phones in the last 12 months. However, the cost of this investment wasn’t revealed.

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

Sabina Weston

16 Dec, 2021

Australia has signed an agreement with the United States that will make it easier for the two countries to access and exchange data for investigations of serious crime, such as terrorism, child sexual abuse, and ransomware attacks.

Known as the Clarifying Lawful Overseas Use of Data (CLOUD) Act, the legislation was passed in 2018 and allows law enforcement agencies to simplify the process of obtaining electronic data from communications service providers operating in another country.

This allows for authorities to reduce the time of gathering evidence in ongoing investigations, especially in time-critical scenarios such as terrorist attacks.

However, the CLOUD Act also promotes international collaboration in order to crack down on electronic data-driven crimes, including ransomware attacks and activities involving child sexual abuse material (CSAM).

Commenting on the announcement, US Attorney General Merrick B. Garland said that the agreement will allow US and Australian governments to “more effectively counter serious crime, including terrorism, while adhering to the privacy and civil liberties values that we both share”.

Australian minister for Home Affairs, Karen Andrews, praised the work of US and Australian authorities, which in June arrested hundreds of suspected criminals that were tricked into using an encrypted messaging app created by the FBI.

“As we saw in Operation Ironside – known in the United States as Operation Trojan Shield – the Australian Federal Police and the FBI are already capable of smashing serious, organised crime networks using sophisticated digital techniques,” said Andrews.

“By strengthening both nations’ ability to fight crime, and giving our law enforcement agencies more efficient access to evidence, we’re ensuring the safety, security and prosperity of our citizens,” she added.

Prior to being implemented, the CLOUD Act agreement between the US and Australia will now undergo Parliamentary and Congressional review processes in both countries.

The news of the agreement comes after the Australian government passed legislation in September granting extensive new surveillance powers to law enforcement agencies in the country. This includes allowing police to disrupt data by modifying, copying, adding, or deleting it and allow the AFP and Australian Criminal Intelligence Commission (ACIC) to collect intelligence from devices and networks.

The Australian Federal Police (AFP) has also suggested it may introduce a “more aggressive” cyber division in order to disrupt terrorism, drug importations, and CSAM distribution.

The biggest tech stories of 2021

Bobby Hellard

24 Dec, 2021

This was supposed to be the year we discovered what the ‘new normal’ would look like. On reflection, however, 2021 appears to be a near-replica of 2020, with conversations around hybrid working and further mutations of COVID-19 equally rife.  

That being said, we saw a number of significant stories that might yet go on to define the tech world this year. From corporate leadership changes to global security incidents, the industry was as eventful as ever over the last 12 months. 

Microsoft Exchange Server terrorised

The Microsoft Exchange Server exploit has arguably been the longest-running story of 2021. The tech giant was first notified of four zero-day bugs in January, but these weaknesses were still being exploited as late as November. 

Exchange Server is a software suite used by small and large enterprises around the world and includes email, calendar and collaboration services. It quickly became apparent just how many companies use the service when reports began emerging of mass-scale data breaches. By exploiting the four vulnerabilities, hackers were able to launch remote code execution (RCE) attacks to hijack servers, embed backdoors, insert malware and steal data. 

Despite Microsoft releasing patches in March, the exploit was abused throughout the year, with hackers mainly targeting unpatched servers. The US, and other allied countries, have since pointed the finger at a Chinese group known as Hafnium. 

Mixed messaging on remote work 

The UK is ending 2021 as it started; with COVID-19 restrictions in place, this time to fight the spread of the Omicon variant. Specifically, the government has recommended those who can work from home should do, which was the same guidance in place up until July. 

Over the summer, however, the government appeared to be divided on the subject of returning to the workplace. There were concerns, for instance, that shops and restaurants, particularly in town centres, would close down without footfall traffic. In July, Boris Johnson told the House of Commons that remote working would not be the ‘new normal’ because people wanted to get back to in-person meetings and office collaboration. Just a week later, though, Liz Truss, the minister for women and equalities, called for bosses to make flexible working a standard option for all new employees. This mixed messaging on remote work from policymakers stands in stark contrast to tech giants as they strive to define what hybrid work means.

Is the UK government gutting GDPR?

It’s only a matter of time before the UK’s current data protection regime comes to an end. In June, a special taskforce commissioned by the prime minister put forward recommendations to scrap the existing rules. Its report said that the General Data Protection Regulation (GDPR) “overwhelms people” with too much complexity and also “unnecessarily” restricts the use of data for worthwhile processes. The taskforce, instead, put forth proposals that included implementing a new data protection framework that, vaguely, wouldn’t stifle growth and innovation. 

On that basis, the government opened a consultation on the data protection landscape, with some ministers suggesting a full divergence from GDPR was required. The proposals eventually put forward weren’t as extreme as first billed, though. The plan included removing existing requirements for organisations to designate data protection officers, while also scrapping data protection impact assessments (DPIAs). Plans are also underway to change the remit of the Information Commissioner’s Office (ICO).

The death of John McAfee 

For most of the last decade, the life of John McAfee seemed to be an endless source of crazy headlines and scarcely believable tales. It all came to a tragic end in June, however, when the creator of one of the world’s most famous antivirus softwares was found dead in a Spanish prison at the age of 75

At the time of his death, McAfee was wanted by US authorities for alleged tax evasion; he was arrested at Barcelona International airport in October 2020 and held at the Brains 2 penitentiary while awaiting extradition to America. Just hours after Spain’s highest court had approved said extradition, the infamous John McAfee was found dead. 

Judicial staff were dispatched to the prison to investigate and their statement said that “everything points to death by suicide”. Inevitably, a number of conspiracy theories have since disputed this account, claiming, for instance, McAfee was murdered. It’s almost a fitting end for a man who lived such a mythologised life in tech. While his relevance to the industry has waned in recent years, his legacy, nonetheless, will live on.  ​​

Windows 11 launches to great fanfare

Microsoft unveiled a new version of its flagship desktop operating system (OS) in 2021, with the highly anticipated Windows 11 making its debut this Autumn. The tech giant once famously suggested Windows 10 would be the last OS we’d need, which might still hold true given reviews suggest it’s more of a visual refresh on Windows 10 than a wholesale change.

This OS did, however, come with a host of shiny new features, including a central start menu, a dedicated Microsoft Teams buttons and native Android apps. The upgrade also included a new store with significant policy changes for developers. What’s more, it appears the rather annoying virtual assistant Cortana has been demoted, so users aren’t forced to listen to it waffling on during the startup process. 

OS upgrades are a slow process, both for users and providers, and it can take a while for the best features to emerge, and bugs to be fully ironed out. This appears to be the case here, with Windows 11 enduring mixed messaging over compatibility, alongside a number of early patches.

A new era at Amazon

Jeff Bezos stepped down as Amazon CEO at the start of the third quarter of 2021. The announcement was made back in February, with Bezos transitioning to the role of executive chair to free up more time to work on other ventures, such as his commercial space flight startup, Blue Origin. 

Bezos left the company in an extremely healthy financial condition, but there have been growing concerns about the way Amazon treats its workers, as well as its minimal tax contributions. These issues, however, are now at the door of Andy Jassy.

Jassy is the logical successor to Bezos, having been in charge of its cloud computing arm, Amazon Web Services (AWS), for the last 15 years. The appointment highlights the growing importance of cloud computing, particularly in the post-pandemic world, where online services are dominant, while signalling the priorities for one of the biggest companies in the world as we move into 2022.

Facebook enters the Meta-verse

A lot of political pressure came Mark Zuckerberg’s way in 2021; the Facebook chief is fighting regulators, MPs and even whistleblowers.Still, though, the biggest Facebook story of the year was its change of name to Meta, to reflect its newfound focus on the metaverse. 

This is a concept that blends collaboration software with virtual reality (VR), essentially turning work into Fortnight with avatars and so on for meetings. Facebook has invested heavily in mixed reality over the last few years, so there’s a logical reason for the move, although the tech giant stresses the metaverse should be open source and not “owned” by a singular entity. 

The metaverse bandwagon is already picking up traction, with companies like Nike and Microsoft also announcing plans to build their own versions. Zuckerberg has stated Meta’s vision could take several years to come to fruition, which leaves him plenty of time to deal with the litany of regulatory concerns on his doorstep, not to mention policymaker resistance over the proposed merger between Facebook, Instagram and WhatsApp

Kronos services knocked offline by ransomware attack

Connor Jones

14 Dec, 2021

Kronos, a provider of human resources (HR) products, has confirmed its Kronos Private Cloud has been hit with ransomware that has knocked some of its services offline.

The global supplier of business software for tasks such as timekeeping said Kronos UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services – products relating to employee management, emergency services scheduling, and staff scheduling for banks and credit unions respectively – are all said to be affected.

Communicating to customers through the company’s online community and help centre platform, Kronos officials said on-premise environments are unaffected and there is no impact to UKG Pro, UKG Dimensions, or UKG Ready.

Bob Hughes, executive vice president at Kronos addressed customers on Monday confirming the incident was indeed ransomware-related.

Hughes also said “it may take up to several weeks to restore system availability” and that customers should take additional measures to ensure the smooth running of their business while the outage persists.

“We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities,” said Hughes. “The investigation remains ongoing, as we work to determine the nature and scope of the incident.

“We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation. We recognise the seriousness of this issue and will provide another update within the next 24 hours.”

IT Pro contacted Kronos for further details, including if the company still has access to emails, but it did not reply at the time of publication. It’s also unclear at this time if the ransomware attack was launched via the recently discovered and widely feared Log4Shell Java vulnerability.

According to a Kronos customer success manager replying to a customer in the company’s online help centre, there is currently no indication that any customer data has been compromised in the attack and it has “all available resources deployed to mitigate any loss or access to companies personal data”.

Kronos customers have been contacting the company in droves seeking help on business continuity issues. Common issues involve customers not being able to export employee timesheet data, manually pulling employee timekeeping information, and seeking help to get set up on-premises.

Experts have said the incident should serve as a reminder to all business owners and decision-makers that ransomware attacks such as the one sustained by Kronos must be accounted for when devising a business continuity strategy.

“Whether your workforce management solution is hosted in-house, or externally delivered from the cloud, if you have determined that solution is mission-critical for your day-to-day operations, you need to include scenarios just like this ransomware attack as part of your broader business continuity planning,” said Ben Smith, field CTO at NetWitness, to IT Pro.

“What’s your backup plan if that platform is suddenly unavailable? Do you have alternate processes in place you can spin up temporarily while your vendor gets back on its feet? Even if this means some possibly painful manual work for you and your team, it’s better to have those processes and procedures ready to go, versus not having that backup plan at all.”