Viewing entries in
cyber security news

We are now part of the Falanx Group

Comment

We are now part of the Falanx Group

Falanx Group.png

ACQUISITION OF SECURESTORM LIMITED

Falanx Group Ltd (“Falanx”, AIM:FLX), the global cyber security and intelligence provider, in line with its strategy of increasing value in the high growth Cyber Security market, is pleased to announce the acquisition of Securestorm Limited.

Mike Read, Chairman and Chief Executive Officer of Falanx, commented:

“The acquisition of Securestorm provides Falanx with a number of exciting opportunities, to both support our growing UK Govt business and expand our footprint in these marquee organisations.  The unique relationship with Amazon Web Services and the introduction of our MidGARD service to a global market place is also very promising. We also welcome Tony Richards to the team, a highly respected and recognised cyber security thought leader who will head our consultancy arm and take up the position of Falanx Group Chief Information Security Officer”

Tony Richards, Founder of Securestorm Ltd, commented:

“The combination of Securestorm with Falanx is a perfect match, enabling the integration of Falanx’s MidGARD and security testing services with Securestorm’s managed security and consultancy services to deliver a stronger portfolio to our customers. I look forward to working with Mike Read and the rest of the team, to expand Falanx’s market share and increase overall growth, utilizing our partnership with AWS, relationships across the public  and tech sectors, and placement on various government procurement frameworks. ”

Read the full report here.

THE SAME BUT BETTER

Securestorm team are pleased to annouce that this announcement means our clients and potential customers get to enjoy the same great level of expertise and services but with added benefit of new portfolio and top range of solutions that arises out of this acquisition. We are now in a position to offer strategic intelligence to penetration testing, red teaming and more as our practice grows.  

 

Comment

LIVE ON G-CLOUD 10

Comment

LIVE ON G-CLOUD 10


Securestorm go live on 'g-cloud 10' 


Securestorm has been officially been awarded G-Cloud 10 status following the success of the previous G-Cloud versions. You can find us on Digital Marketplace here.

In this iteration, Securestorm are committed to bring to market even more innovative as well as pragmatic solutions and services that are designed to help Government organisations be secured from cyber-threats, enhance their cloud capabilities as well as be UK Data Protection 2018 compliant. 

 

Securestorm Director, Tony Richards, added "It is once again great to be live on the new version of G-Cloud. Keeping in-line with the launch of previous G-cloud iterations and considering the Data Protection changes, Securestorm is further committed to delivering more, offering integrated services and exclusive solutions such as our Total Security Packages & Training, Risk & Vulnerability Management and Data Protection ServicesThis combined with our industry experience, delivery capabilities and subject matter expertise on Security & Data Protection domains will no doubt once again see us successfully solving security challenges for our clients across the Government." 

The following services by Securestorm can be found on the Digital Marketplace:

CYBER SECURITY CONSULTANCY

Securestorm, an NCSC certified Cyber Security Consultancy, assists customers in defining their security needs and designing and assuring security of public, private or hybrid cloud services.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • Certified Cyber Security Professionials
  • AWS Certified Cloud Professionals
  • (ISC)2 Certified Cloud Security Professionals (CCSP)
  • Leaders in secure OFFICIAL environments architecture design and review
  • Review security options chosen and those available against best practices
  • Security Architects

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Cyber Essentials certified company
  • Utilising the inherent security of cloud services for reduced complexity
  • Understanding of security options for current or future deployments
  • Recommendations for user role and privileges to meet business requirements
  • Improved audit and incident response capability
  • Expertise in delivering secure cloud services to existing G-Cloud customers
  • Ensures compliant and secure cloud services for your organisational needs
 

Cloud Security Consultancy

Cloud services such as Amazon Web Services or Salesforce are increasingly being used but often do not utilise all of the security options available. Securestorm, an NCSC certified Cyber Security Consultancy, assists customers in defining their security needs and designing and assuring security of public, private or hybrid cloud services.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • AWS Consultancy Partner
  • Certified Cyber Security Professionials (NCSC CCP)
  • AWS Certified Cloud Professionals
  • (ISC)2 Certified Cloud Security Professionals (CCSP)
  • Salesforce Security Partner
  • Leaders in secure OFFICIAL environments architecture design and review
  • Review of AWS or Salesforce Identity & Access Management permissions
  • Review security options chosen and those available against best practices
  • Threat Modeling, Information Risk Assessment and Management conducted

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Cyber Essentials certified company
  • Conducts annual Security Assurance and Audit of AWS services
  • Conducts annual Security Assurance and Audit of Salesforce
  • Utilising the inherent security of cloud services for reduced complexity
  • Understanding of security options for current or future deployments
  • Recommendations for user role and privileges to meet business requirements
  • Improved audit and incident response capability
  • Expertise in delivering secure cloud services to existing G-Cloud customers
  • Ensures compliant and secure cloud services for your organisational needs

Securestorm are actively working to champion Cloud Security best practices that enable Government and businesses to run more efficiently and cost effectively. Read about our contribution and best practices in a recently published research papers:

 

Total Organisation Cyber Security Package

The Securestorm Total Organisation Security Package is designed to help organisations get the best cyber security services and solutions bundled in a single, encompassing, annual package. 
The security package provides organisations with Information Risk Management, Vulnerability & Security Testing, Unified Cyber Security & GDPR Training and Cyber Essentials Certification.

Features

  • Intutive Continuous Information & Risk Management Dashboard
  • A Full-stack Security Testing & Vulnerability Management Solution
  • Unified Cyber Security and GDPR Training and Awareness Platform
  • Simplified Cyber Essentials Consultation & Certification
  • Dedicated Consultation, Support & Communication with client
  • Optional: Data Protection Officer as a Service package
  • Optional use of: Data Protection Impact Assessment Tool

Benefits

  • Expert consulting by NCSC accredited Cyber Security Consultants
  • Single, encompassing, annual service to simplify security budgeting
  • In-house security authority to mandate compliance, training & oversee governance
  • Improve organisational efficiency and external reputation
  • Boost security culture, maturity and endurance compliance
  • Expert resource support for organisation with knowledgable professionals
 

Privacy and Data Protection Services - DPOaaS

The Securestorm Data Protection Officer Service (DPOaaS) assists clients on all matters relating to privacy and data protection as mandated under the GDPR. The DPO will serve as an independent expert both internally as well as with regards to customers, staff or the Supervisory Authorities.

Features

  • Certified under the NCSC Cyber Security Consultancy scheme
  • Certified Information Privacy Professionals (CIPP/E)
  • Certified Cyber Security Professionials (NCSC CCP)
  • Range of DPOaaS service levels to match organisation need
  • Experienced Data Protection and Privacy Experts
  • Experienced in GDPR compliance Gap-Analysis and Audit
  • Experienced in GDPR compliance implementation and Data Mapping
  • Use of: Data Protection Impact Assessment Tool
  • (ISC)2 Certified Cloud Security Professionals (CCSP)

Benefits

  • Company certified under the NCSC Cyber Security Consultancy scheme
  • Cyber Essentials certified company
  • Fullfill mandated DPO role without FTE
  • Understanding of security options for current or future deployments
  • Improved audit and incident response capability
  • Ensures compliant and secure cloud services for your organisational needs
 

Managed Security and Information Assurance Services

Securestorm, an NCSC Certified Cyber Security Consultancy, provides Managed Security Services, incorporating: multi-disciplinary teams of experts, qualified and experienced in: Risk Management, Operational Security, Security Testing, Security Architecture and Data Protection.

Features

  • NCSC Certified Cyber Security Consultancy
  • Full Managed Security Service team
  • Continuous Information Risk Management Dashboard - Nol-ij
  • Core Service includes: Chief Information Security Officer (CISO)
  • Core Service includes: Information Risk Manager (IRM)
  • Core Service includes: Operational Security Manager (OSM)
  • On demand security functions: Security Architecture
  • On demand security functions: IA Audit and Review
  • On demand security functions: Security Testing Services
  • Optional: Data Protection Officer as a Service package

Benefits

  • Fixed Cost service, invoiced in monthly increments
  • Sick leave and holidays are covered
  • Dedicated Service Manager
  • Experienced in Justice, Policing, Defence and Ceneral Government.
  • Clients include: MoJ, YJB, The Supreme Court, Civica, GDS
 

CybSafe - Cyber Security Awareness, Behaviour and Culture Analysis, Training and Risk Mitigation

CybSafe is a British cyber security technology company. The next-generation, award-winning, AI-driven security awareness training platform uses GCHQ accredited content, advanced analytics, psychology and behavioural science to measure, understand and report on cyber security culture, increase employee engagement and demonstrably reduce human-cyber and data protection risk.

Features

  • GCHQ & IISP accredited training developed by former Government specialists
  • Content and platform features grounded in psychology/behavioural science
  • Machine learning technology customises content, putting security into context
  • Advanced proprietary analytics measure user awareness, behaviour and culture
  • All content is updated and improved throughout license period
  • Ongoing adaptive user testing ensures retention of learned knowledge
  • Sharing and communication features encourage user interaction, adoption and engagement
  • Supply chain assurance tool allows oversight of supply chain risks
  • Fully customisable content to reflect organisational policy and procedure
  • Integrated simulated attack tools include phishing, smishing and USB drops

Benefits

  • Human-centric design empowers users to contribute and engage with security
  • Demonstrably reduces human-cyber risk including phishing click rates
  • Demonstrably increases user engagement, communication and improves attitude
  • Plug-and-play design requires no input from admins after initial setup
  • Allows complete oversight of organisational cyber awareness, behaviour and culture
  • Administrator dashboard allows comprehensive reporting for easy demonstration of compliance
  • See genuine change in organisational security culture
  • Learning content accessible remotely, at any time, reducing user downtime
  • Completion will comprehensively support compliance with GDPR and NISDirective
 

Edgescan - Continuous Technical Security Vulnerability Assessment

Edgescan is a managed, Continuous Technical Security Vulnerability Assessment service with continuous, security testing and system visibility that delivers a unique service combining full-stack vulnerability management, asset profiling, alerting and risk metrics. As official partners, Securestorm, an NCSC certified company, will assist customers with on-boarding the service and portal configuration.

Features

  • Continuous security technical vulnerability testing
  • "Full-stack coverage" - Web applications/sites & hosting /cloud environments
  • False positive-free results, managed service with vulnerability analysis
  • Variable testing frequency: fortnightly, monthly, quarterly or on demand
  • Incredibliy detailed vulnerability reporting, including code injection & responce
  • Continuous system visibility via secure online portal
  • Super Rich API for painless integration with JIRA and ServiceNow
  • Customisable Alerting, via email, SMS or other channels
  • Highly Customisable reporting, in PDF, CSV and EXCEL formats
  • 24/7 Governance Risk and Compliance Metrics

Benefits

  • Provides continuous visibility on premise and cloud environments
  • Helps free up security staff to focus on other issues
  • Helps comply with auditing and compliance standards
  • Suitable for OFFICIAL (including OFFICIAL-Sensitive) classified services
  • Enables to react quickly to security threats, by identifying issues
  • Value for money over traditional security for start-ups to corporates
  • Helps manage critical assets freeing up resources & time
  • Expert analysts ensure risk reported accurately and rated appropriately
  • High flexibility with systems accessibility as and when required
  • Monitor security rating to help track performance and improvements
 

CLOUD SUPPORT

CLOUD SOFTWARE

Knack - "Low Code" Application and Database Pilot Development platform

Knack is an easy to use "Low-Code" development platform that Securestorm can provide as a pilot development service that lets you quickly build online applications and data databases as a proof of concepts. With Knack you can structure data, connect by linking related records together and extend data integrations.

Knack Low Code Development Platform Consultancy

Securestorm provides expert consultancy on how to use Knack, the "Low-Code" development platform, including: setup, configuration, management and development. Knack is an easy to use "Low-Code development platform", suitable for OFFICIAL information, that transforms data into powerful online databases, with clean interfaces, and requires no coding.

 
 

CLOUD SOFTWARE

CLOUD SUPPORT

Nol-ij, the Continuous Information Risk Management Dashboard

Nol-ij is a cost effective, Continuous Information Risk Management Dashboard, that supports and streamlines governance, information risk management and security assurance through identification, evaluation, treatment and management of strategic, operational and project security risks, ensuring decision makers have the necessary information at their fingertips to confidently manage their risk portfolio.

Nol-ij Configuration, CUSTOMIZATION and Support Consultancy

Nol-ij, the Continuous Information Risk Assessment Dashboard can help organisations identify, track and minimize the information risks inherent in their systems and services. Securestorm provides expert consultancy to assist and enable organisations to setup, configure or even adapt and customize the Dashboard to their needs.

 

Getting in touch: 

To request for a for additional information on any services tailored to your organisation's infrastructure, budget and considerations please get in touch via enquiries@securestorm.com or call 0203 8655890 for advice and consultation. Additionally visit our technology services directory Informd.Online to view assurance reports of Cloud Services

Comment

Malicious software used to illegally mine cryptocurrency

Comment

Malicious software used to illegally mine cryptocurrency


compromise of the third-party JavaScript library ‘Browsealoud’


*Image for illustration only

During the compromise, anyone who visited a website with the Browsealoud library embedded inadvertently ran mining code on their computer, helping to generate money for the attackers. No money was taken from users themselves, but the mining code performed computationally intensive operations that were used to earn the cryptocurrency. These operations may have affected the performance and battery life of the devices visiting the site.

Browsealoud was taken offline shortly after the compromise, mitigating the issue. However, website administrators, and other JavaScript library developers may wish to take further steps to prevent future compromise by following the guidance by National Cyber Security Centre (NCSC) below:

 
Advice for members of the public
  • The cryptojacking harnessed people’s computers to help ‘mine’ for cryptocurrency. This involves using your device to perform computations and does not take any money from you or your accounts.
  • The only impact on affected users’ computers was that they temporarily had minor performance loss and reduced battery power.
  • If you have experienced unusually slow performance from your computer, reduced battery life, or visited the affected websites we recommend:
    • Closing the browser you visited the webpage on is likely enough to stop the mining;
    • Clearing the browser cache will remove all traces of the code. Guidance on how to do this is available here: http://www.refreshyourcache.com/en/home/
Advice for website administrators
  • Make a risk-based decision on including third-party JavaScript in your site. This will vary depending on the size of the website you manage and who is supplying the code. Consider whether the code you are including could compromise your users, and balance this against the risk of this happening for your site.
  • If practical to do, consider hosting the JavaScript locally on your own server rather than linking to code hosted elsewhere. This means changes to the libraries require access to your server, although this will mean you will need to install security patches yourself.
In certain cases, some technical measures can also help prevent inclusion of compromised third-party resources:
  • SRI (Sub-Resource Integrity) allows the browser to check a cryptographic hash of the script to ensure that your users are running the unaltered version. However, SRI will only work if the script is relatively static. If it changes regularly, the signature will no longer be valid and the script will not be loaded by users. Also, browser support for SRI is not universal.
  • CSP (Content Security Policy) allows you to whitelist locations where scripts can be loaded from. Several independent researchers have written that having a well-defined CSP in place would have blocked this attack.
We recommend putting the above mitigating measures in place where practical, and while we recognise these will not necessarily protect end users in all cases they will reduce the chances of your website being compromised.
Advice for third-party JavaScript developers
  • Implement robust change control for your code, including monitoring your codebase for unauthorised modifications, reviewing code contributions, and having a rapid takedown process in place for if a compromise is detected.
  • Where you offer hosted versions of your library, ensure that you have robust access control and logging in place for making changes to the library.
  • Consider supporting customers who wish to use Subresource Integrity (SRI). For example, providing numbered versions of libraries which remain static, and so have a static cryptographic hashes will enable customers to validate their integrity.
 
 

we can help...


SecureStorm_Logo_MSW-02.jpg
Certified Service - 56902444 Risk Management Mini Mark copy.png

Securestorm Director & Advisor to Public Sector, Tony Richards said "This is likely a result of improper security controls put in the place. That is why we insist the organisations that we work with to know exactly what is running on their systems, especially using when procuring third-party services or features. In addition to NCSC guidance on the matter, organisations need to consider the overall security maturity of the third-party service provider at that initial phase which helps to assess the level of risk that they may be exposed to at the outset".

If your organisation needs help risk assessing third-party services, give Securestorm a call. As NCSC Certified Cyber Security Consultants, we focus on advising our clients with a pragmatic lists of actionable solutions that allow organisations to make big changes, fast and most importantly remain Cyber Secure.

 

 

Comment

UK industries:"Boost Security or Face Fines!"

Comment

UK industries:"Boost Security or Face Fines!"


new Government ANNOUNCEMENT to protect essential services from cyber attack


The UK Government issued a press release that warned British industries to boost cyber security or face hefty fines for leaving themselves vulnerable to attack. Here are the key-points from the press article.

  • Organisations risk fines of up to £17 million if they do not have effective cyber security measures
  • Sector-specific regulators will be appointed so essential services are protected
  • National Cyber Security Centre publishes new guidance for industry

Link to the full article here.

GETTING STARTED

1. GET YOUR GUIDANCE FROM THE NCSC:

The National Cyber Security Centre (NCSC), the UK’s centre of cyber excellence established in 2017, has published detailed guidance on the security measures to help organisations comply. These are based around 14 key principles set out in the NCSC consultation and government response, and are aligned with existing cyber security standards.

2. FOLLOW A CYBER-SECURITY LED APPROACH

Cybersecurity is everyone's problem, not just the responsibility of IT departments.
Companies have to accept the fact that security has to be planned and implemented in to all business processes. Most organisations that deal with numerous consumer data may need to appoint, outsource or train key responsible personnel like CISOs, Information Security Officers and Data Protection Officers (DPOs).

3. TALK TO AN EXPERT!

By now most companies have build up a 'cyber-awareness', that they must protect and invest in information security and IT assets to reduce the risk of breach, loss or exposure of data, theft of resources, and overall brand reputation with addition to the hefty penalties that they might incur. The recent breach reports and news articles like the popular TALK-TALK incident are examples of why.  However, the challenge is how, particularly when most businesses lack the key skills to do so.

Looking for the right security partner can be a daunting task especially in a crowded marketplace. But there are some key factors to consider while looking for consultants that fit your purpose:

  • Trust: Find out if they have relevant industry accreditations. For example, being an NCSC certified Cyber Consultancy would be good start. It is not always about certifications over experience, but your selected security partner should hold relevant qualifications that suit your industry type.
     
  • Pragmatic:  It is essential that your security partner provides practical advice and solutions that are carefully analyzed and chosen to reflect the right balance of benefit and costs. That is why going for a 'one-size-fits-all' solution does not work. Depending on your organisation, a degree of flexibility is required due to factors such as firm’s size & strength, matrix, cyber-security culture and maturity.
     
  • Experience: It is important to know that you are getting the skill-set you paid for. Many large and reputed IT security vendors most often have the best online-presence but when it comes to experienced talents to actually fulfil clients responsibilities, they fall short. Our advice would be to get to know the team and look into their experience and client-delivery records.
     
  • Industry Exposure: Each industry has its own information security protocol to follow. Furthermore, there are also different security group of guidelines such as NIST, ISO:27001, etc that apply to different organisations. This is why choosing a partner with relevant industry exposure makes a difference in your security goals.
    - Are you a Government Body or SME/Large Private organisation ?
    - Or are you a regulated industry like Banking, Finance or Telecommunications ? 

why securestorm ?


SecureStorm_Logo_MSW-02.jpg

Securestorm® are leading security experts who deliver pragmatic advice, practical solutions and solve security challenges across the Digital, Cloud, Cyber and Data Protection (GDPR) domains. With a combination of experience, expertise and strategic awareness, Securestorm offers technical and strategic consultancy, managed security services and solutions to clients across both Public and Private sectors.

Securestorm are a NCSC Certified Cyber Security Consultancy with demonstrable experience and proven delivery capabilities. Advanced security solutions and services include: Nol-ij® - Continuous Risk Management, Edgescan® - Full Stack Vulnerability Management, CybSafe® - Unified Cyber Awareness Platform, and Falanx MidGARD™ - Advanced Monitoring Platform.

 
bar.png

Comment