View Post

Writing Security Policies, the Impossible Mission

In Blog post by Sam Coleman

Security policies are an essential ingredient to any successful security strategy, some might even argue that policies are the most important part of security controls, but how easy is it to write those security policies? Well, not as easy as we all want it to be. Clavister’s resident security expert, Ahmed Musaad, gives a primer on policies and what to look out for. The process of writing security policies involves three problems that face anyone who is trying to establish an effective set of policies for a company or an organization, those problems can be summarized in few lines: It’s extremely hard to achieve balance between security and productivity. Finding …

View Post

Clavister Awarded at Inaugural Intel’s Winner Circle

In Blog post by Sam Coleman

A new Intel Network Builders MDF programme premiered at the latest SDN NFV World Congress with Clavister receiving accolades in the solution partner category. Intel Network Builder events are always anticipated events in the yearly calendar for the NFV community; a chance to meet fellow builders and hear from operators and Intel experts the latest in technical developments, new standards, exciting new softwares and business opportunities. It’s a chance to develop the virtual transformation ecosystem through collaboration, partnerships and shared opportunities. But beyond that compelling raison d’être, this INB summit added another surprise: a programme called the Intel Winners Circle that, in their words, “Awards partners for driving technical innovation …

View Post

Don’t let breaches take you down

In Blog post by Clavister Blog Staff

In 2017, we saw how massive ransomware attacks resulted in billions of dollars in losses for companies worldwide. But these attacks don’t just cost money:  they can also cause companies to fail. A printing company in Colorado has recently closed after struggling to recover from a ransomware infection. The Denver firm, Colorado Timberline, displayed a statement on its website explaining that the firm had been forced to close after being “plagued” by IT events: “…unfortunately we were unable to overcome the most recent ransomware attack and as a result this unfortunate and difficult decision was made.” The firm’s statement highlighted the stark reality of the lasting and catastrophic damage that cyber-attacks can …

View Post

Cybersecurity is found wanting when defending democracy

In Blog post by Clavister Blog Staff

A major report released recently has advised that the US should replace any existing online voting processes with paper ballots by the next presidential election in 2020, citing ageing technology and security processes as a major factor in it’s recommendations. Commissioned by the non-profit Carnegie Corporation of New York and the William and Flora Hewlett Foundation, and conducted by The National Academies of Sciences, Engineering and Medicine the report, which took two years to complete, found that online voting systems were at a high risk of compromise. Citing Russian interference during the 2016 presidential elections the report concluded that a “lack of sustained funding” had hampered efforts to improve resilience. …

View Post

What fuels CIOs’ and CISOs’ nightmares?

In Blog post by Clavister Blog Staff

In a changing threat landscape, worry comes with the job for CIOs and CISOs. Keeping the organisation secure when vulnerabilities and threats are commonplace is difficult, particularly when it must also remain compliant while technologies and regulations rapidly shift. In a recent expose by The Wall Street Journal, CIOs and CISOs revealed their deepest worries. So what are their top concerns, and how can security teams help to combat them? Quantifying risk CIOs and CISOs have a wealth of data at their disposal – but the sheer volume of that data can present its own issues. Each organisation’s cyber security challenges are unique, so selecting the information that will demonstrate …

View Post

Hacking governments? It’s child’s play

In Blog post by Clavister Blog Staff

Governments’ cyber security is essential to protect their populations from the universally-acknowledged threats of cyber-attacks, and to preserve democracy and civil liberties.  Cyber-attacks are acknowledged worldwide as an existential threat to national security that is as real and pressing as the threat of terrorism, espionage and weapons of mass destruction. So why have some governments fallen behind? In the USA, there are several elements putting national security at risk. From alarming voting system vulnerabilities to devastating data breaches, the state of US government cyber security has been described as “bleak”. A recent report from the Department of Homeland Security assessing the cyber security posture of 96 federal agencies found that …

View Post

IoT security sucks: more vulnerabilities found in robot vacuum cleaners

In Blog post by Clavister Blog Staff

Researchers have recently discovered vulnerabilities in the Dongguan Diquee 360 robotic vacuum. The Chinese manufactured cleaner is designed to improve home security while it cleans your floors, using its built-in camera to take photos of users’ homes and sending them notifications if it should spot anything sinister while they are out. But the connected vacuum could be sucking up more than just your dust. Rather than improving home security, the device could leave users at risk of home invasion. Since it has WiFi, a camera with night vision capability and can be controlled with a smartphone, it could subject the user to remote surveillance. It could also be recruited into …

View Post

Protecting against the insider threat

In Blog post by Clavister Blog Staff

In the cybersecurity sector, we’re usually focused on keeping the bad guys out of our networks. But what if there’s a bad guy on the inside? Such insider threats can put companies at an even bigger risk than an external attacker. Depending on the nature of the organisation, the threat can span beyond data breaches or leaking business secrets, to compromising critical infrastructure and even national security. Yet identifying and defending against insider threats is often not given the attention it warrants. This is something that Israeli cyber espionage firm NSO Group is learning, as an ex-employee is reportedly being indicted for allegedly attempting to sell company secrets and software …

View Post

Will the U.S. Government force backdoors into software updates?

In Blog post by Clavister Blog Staff

The American Civil Liberties Union (ACLU) is warning that software companies may be forced by the US Government to embed tracking and surveillance capabilities, and even malware, into otherwise legitimate software updates, which may damage trust in software updates altogether. In its report on the issue, the ACLU has highlighted that the US government may force companies to embed snooping code into software updates that can bypass passcode lockouts, enable wiretapping, switch on functions such as microphones and cameras, or physically track people. The report comes after numerous attempts by the FBI and other government agencies to encourage companies to give the government a “backdoor” – or privileged access a …

View Post

VPNFilter botnet gets bigger and more dangerous – so what should you do?

In Blog post by Clavister Blog Staff

Originally discovered infecting hundreds of thousands of Internet routers in 2016, the VPNFilter Malware has been found to be even more prolific and dangerous than originally thought. The malware has been broadly distributed by botnets, and has had a resurgence over the last few weeks that has even made the FBI concerned about its scale and growth. VPNFilter was thought to be the work of a Kremlin-sponsored hacking group, and a recent report by researchers at Cisco stated it could have infected at least 500,000 routers, and possibly even more.  What’s more, the malware has recently discovered capabilities that could be particularly dangerous. What do we know? Initially, it was …