Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
  • Insights

    Security Advisory Notice – BadRabbit Ransomware


    A series of ransomware attacks starting on October 24th have been recently disclosed. With the continued trend of global Ransomware outbreaks this year, it is ever more clear that decisive and responsive action is needed to protect organisations. This particular ransomware outbreak is being referred to as ‘BadRabbit.’
    At the time of this advisory, the ransomware has mainly affected Russia, with similar attacks seen in Ukraine, Turkey, and Germany.  No attacks have been identified in Ireland as yet however, this could change quickly, with organisations in other regions expected to be identified as victims in the coming days.
    How Does ‘BadRabbit’ Work?
    The initial infection is via a ‘Dropper’ used during a ‘drive-by attack’. A victim visits an infected website and the ransomware is dropped (that is downloaded without the user’s request) onto their system as they browse. Websites that have been observed as vehicles in this attack are generally legitimate; unconfirmed reports indicate that news media sites have been specifically targeted.
    The malicious file which is downloaded onto the victim’s system is named install_flash_player.exe and requires the user to manually launch it. The ransomware virus requests elevated administrative permissions to run via the Windows User Account Control (UAC) prompt. Once the ransomware runs with the elevated permissions it saves malicious .dlls as C:\Windows\infpub.dat or C:\Windows\cscc.dat. These will then be called and run by run32.dll. Both malicious .dlls search for and encrypt files on the machine using 2048-RSA encryption.
    Infpub.dat and cscc.dat will also install and run a malicious executable C:\Windows\dispci.exe.
    dispci.exe is used to install a modified bootloader and interrupt the normal boot-up process of the victim machine.
    It should be noted that BadRabbit will attempt to spread across the network using a list of usernames and password embedded in its code – for this reason, it is vital that secure passwords are in use across your organisation’s network.
    Infected users are asked to pay 0.05 bitcoin (approx. $280) to recover the encrypted files.
    How Do I Protect My Organisation?

    • Keep your antivirus active and up to date, and always update your AV software from valid sources.
    • Ensure you have a reliable and well configured backup solution, keeping at least one of those backups offline
    • Ensure the minimum appropriate level of administrative privilege is allocated. This can assist in prohibiting propagation should your organisation be attacked
    • To stop the spread from the WMIC, administrators should block the files C:\Windows\dispci.exe, C:\Windows\cscc.dat and C:\Windows\infpub.dat from running.
    • McAfee has confirmed that the BadRabbit signature will be added to the production DAT 8695. In the meantime, Ward Solutions highly recommends creating a new custom Access Protection rule in VSE to stop the creation and execution of the 3 mentioned file names above.

    My Organisation is Infected, What Now?
    Firstly, Ward Solutions would advise organisations impacted to not attempt to pay the ransom as there is no guarantee that the attackers will decrypt the data. Also, refusal to pay the ransom can aid in the discouragement of future attacks.
    Secondly, isolate any infected machine from the network until it can be ‘cleaned’ and confirmed free of the ransomware. Currently, there is no known way to decrypt the data, however, in the past, ransomware tools have been released to decrypt files. Ward will provide further updates on any toolsets as they are released.
    How Can Ward Solutions Help?
    For SOC Managed Service customers, Ward has been receiving IBM Threat Intel feeds, which have been updated with BadRabbit IOCs (below). The SOC will take any appropriate action required for each customer.
    For Managed Service customers, the Ward Support team will be reviewing individual environments to ensure all recommendations are implemented.
    For all other customers, if you would like additional information or would like support in implementing preventative measures in your environment, please contact support@ward.ie or your account manager, as appropriate.
    Further reading:
    http://www.bbc.com/news/technology-41740768
    https://nakedsecurity.sophos.com/2017/10/24/bad-rabbit-ransomware-outbreak/
    https://blog.qualys.com/news/2017/10/24/bad-rabbit-ransomware
    Indicators of Compromise (IOCs):

    • The ransomware dropper is distributed from hxxp://1dnscontrol[.]com/flash_install.php
    • install_flash_player.exe [SHA256]: 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
    • C:\Windows\dispci.exe [SHA256]: 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93
    • C:\windows\infpub.dat [SHA256]: 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648
    • C:\windows\cscc.dat [SHA256]: 8d63e37aa74ca33a926bec7c7aa8fda0f764ffbb20e8f64bb9c3999b5975f9a6

    Known infect websites (Non exhaustive):

    • hxxp://argumentiru[.]com
    • hxxp://www.fontanka[.]ru
    • hxxp://grupovo[.]bg
    • hxxp://www.sinematurk[.]com
    • hxxp://www.aica.co[.]jp
    • hxxp://spbvoditel[.]ru
    • hxxp://argumenti[.]ru
    • hxxp://www.mediaport[.]ua
    • hxxp://blog.fontanka[.]ru
    • hxxp://an-crimea[.]ru
    • hxxp://www.t.ks[.]ua
    • hxxp://most-dnepr[.]info
    • hxxp://osvitaportal.com[.]ua
    • hxxp://www.otbrana[.]com
    • hxxp://calendar.fontanka[.]ru
    • hxxp://www.grupovo[.]bg
    • hxxp://www.pensionhotel[.]cz
    • hxxp://www.online812[.]ru
    • hxxp://www.imer[.]ro
    • hxxp://novayagazeta.spb[.]ru
    • hxxp://i24.com[.]ua
    • hxxp://bg.pensionhotel[.]com
    • hxxp://ankerch-crimea[.]ru

     

    Insights

    Security Advisory Notice – WPA2 Protocol Vulnerability

    A major vulnerability to the Wifi Protected Access II (WPA2) protocol was announced on Monday October 16th, 2017. Discovered by Mathy Vanhoef, this critical flaw in the widely used wifi protocol can be exploited to expose sensitive data which would previously have been believed to be safely encrypted. The exploit is not tied to any specific vendor or hardware but rather affects any device using the WPA2 protocol.

    Attacks crafted to exploit this vulnerability have been dubbed Key Reinstallation Attacks (KRACKs) and a proof of concept attack has been successfully executed by Vanhoef which allowed the attacker to decrypt all data transmitted by the targeted user.

     

    How Do KRACKs Work?

    Most modern wifi networks use the WPA2 protocol to encrypt traffic; this protocol has been around since 2003 and thus far has been believed to be secure. The specific vulnerability in this cases lies in the four-way handshake used as part of the protocol to generate new session keys. In order to guarantee security, keys should be only ever used once.

    Essentially a KRACK allows the attacker to perform a Man in the Middle attack which tricks targeted users into re-installing an already in-use key through the manipulation of and replaying of cryptographic handshake messages­­1.­ Once this re-used key is in place, the attacker can then decrypt packets potentially exposing sensitive information such as passwords, credit card details, cookies etc. It is currently believed however, that this attack can only be conducted if the attacker is in wifi range; no evidence as yet indicates that attacks can be carried out remotely. We would still urge all customers to take immediate action to mitigate vulnerability as this may change as more details come to light.

    On the website where Vanhoef disclosed the vulnerability, he notes that this ability to decrypt packets can also be utilised to hijack TCP connections and as a result allow the attacker to inject malicious data such as malware to unencrypted HTTP connections. 1

    Further Reading on the Attack Vector: https://www.krackattacks.com/

    See bottom of advisory for full listing of CVE IDs associated with this vulnerability

     

    Break-Down of Vulnerable Devices

    Various vendors have started to release patches to mitigate against vulnerability to this attack vector. While all wifi devices are to some degree vulnerable, initial reports indicate that Linux and Android are especially vulnerable as they use a wpa_supplicant (v2.4 and above) client which allows the attacker to install an all-zero key rather than an already-used key. This means minor effort is required to intercept a targeted user’s traffic once they’re using this client.

    The recommendation is to patch all routers and all wifi devices as and when vendors release patches. It is recommended to continue using WPA2 protocol as WPA1 is similarly affected.

    The following vendors have been confirmed as affected however, the majority of vendors have yet to release a statement;

    RedHat, Android, Aruba Networks2, Cisco, Juniper Networks, Samsung Mobile

    US-Cert has compiled a list of vendors and their current status here, it is recommended that organisations check for updates over the coming hours and days.

     

    How Can Ward Help?

    For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.

    For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact support@ward.ie or your account manager, as appropriate.

     

    Further reading:

    1 https://www.krackattacks.com/

    http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

     

    CVE Listings:

    • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
    • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
    • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
    • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
    • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
    • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Re-association Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
    • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
    • CVE-2017-13086reinstallation of the Tunnelled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
    • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
    • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
    Insights

    Security Advisory Notice – WPA2 Protocol Vulnerability


    A major vulnerability to the Wifi Protected Access II (WPA2) protocol was announced on Monday October 16th, 2017. Discovered by Mathy Vanhoef, this critical flaw in the widely used wifi protocol can be exploited to expose sensitive data which would previously have been believed to be safely encrypted. The exploit is not tied to any specific vendor or hardware but rather affects any device using the WPA2 protocol.
    Attacks crafted to exploit this vulnerability have been dubbed Key Reinstallation Attacks (KRACKs) and a proof of concept attack has been successfully executed by Vanhoef which allowed the attacker to decrypt all data transmitted by the targeted user.
     

    How Do KRACKs Work?

    Most modern wifi networks use the WPA2 protocol to encrypt traffic; this protocol has been around since 2003 and thus far has been believed to be secure. The specific vulnerability in this cases lies in the four-way handshake used as part of the protocol to generate new session keys. In order to guarantee security, keys should be only ever used once.
    Essentially a KRACK allows the attacker to perform a Man in the Middle attack which tricks targeted users into re-installing an already in-use key through the manipulation of and replaying of cryptographic handshake messages­­1.­ Once this re-used key is in place, the attacker can then decrypt packets potentially exposing sensitive information such as passwords, credit card details, cookies etc. It is currently believed however, that this attack can only be conducted if the attacker is in wifi range; no evidence as yet indicates that attacks can be carried out remotely. We would still urge all customers to take immediate action to mitigate vulnerability as this may change as more details come to light.
    On the website where Vanhoef disclosed the vulnerability, he notes that this ability to decrypt packets can also be utilised to hijack TCP connections and as a result allow the attacker to inject malicious data such as malware to unencrypted HTTP connections. 1
    Further Reading on the Attack Vector: https://www.krackattacks.com/
    See bottom of advisory for full listing of CVE IDs associated with this vulnerability
     

    Break-Down of Vulnerable Devices

    Various vendors have started to release patches to mitigate against vulnerability to this attack vector. While all wifi devices are to some degree vulnerable, initial reports indicate that Linux and Android are especially vulnerable as they use a wpa_supplicant (v2.4 and above) client which allows the attacker to install an all-zero key rather than an already-used key. This means minor effort is required to intercept a targeted user’s traffic once they’re using this client.
    The recommendation is to patch all routers and all wifi devices as and when vendors release patches. It is recommended to continue using WPA2 protocol as WPA1 is similarly affected.
    The following vendors have been confirmed as affected however, the majority of vendors have yet to release a statement;
    RedHat, Android, Aruba Networks2, Cisco, Juniper Networks, Samsung Mobile
    US-Cert has compiled a list of vendors and their current status here, it is recommended that organisations check for updates over the coming hours and days.
     

    How Can Ward Help?

    For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.
    For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact support@ward.ie or your account manager, as appropriate.
     

    Further reading:

    1 https://www.krackattacks.com/
    2 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
     

    CVE Listings:

    • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
    • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
    • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
    • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
    • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
    • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Re-association Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
    • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
    • CVE-2017-13086: reinstallation of the Tunnelled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
    • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
    • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
    Insights

    6 signs that you need to conduct a pen-test!


    Since 2013 do you know how many data has been lost or stolen?
    Source: (http://breachlevelindex.com/)
    9,053,156,308 records
    Let’s break it down by frequency-
    Per Day– 5,191,030 records
    Per Hour– 216,293 records
    Per minute– 3,605 records
    Per Second– 60 records
    Scary right?

    It’s alarming to see the number of attacks that keep increasing every year and what makes it worse is that the biggest giants in the industry getting hit. The question is, who is at fault? The security team, the board or an employee within the organisation?
    Now we don’t want to play the blame game, it’s time for all businesses, big, medium or small to start looking into the mirror and do a review of their own security infrastructure.
    Cybercriminals are only going to increase. They target the easy ones with the simple tools and then use more sophisticated networks through zero days and advanced persistent threats to attack government bodies, private international, national or local businesses across the globe.
    One of the biggest challenges an organisation faces in Information Security is determining how secure you currently are versus your risk profile, your security policy requirements and best practices. Penetration Testing is an extremely valuable tool in helping you determine your current security posture by safely identifying and trying to exploit vulnerabilities in your infrastructure or applications. Penetration testing helps eliminate any false positives as to the exploitability or impact of vulnerabilities. The following scenarios help you identify reasons why you need to conduct a penetration test for your business.

    Is there a lot of breach activity in your sector or has your competitor been hit?

    Breaches in your sector may be a good early indicator that you might be vulnerable. Firstly, it points to possible targeted activity in your sector. Cybercriminals, hackers as we know, have lots of success through targeting organisations and sectors. Patterns of a breach in your sector usually mean that they have template approaches and toolsets for successfully attacking that sector. Hackers, Cyber criminals also have specific motivations, financial return or brand damage of a particular organisation or sector. Again breach patterns in your sector may point to your sector coming into their sights for some particular reason. Success builds success and copycats. If a hacker or cybercriminal have had success in a sector, then that particular hacker or organisation may look to repeat that success on other victims in the sector or they will usually have no shortage of copycats. If you have had the luxury of seeing your competition suffer from breaches, then it might be an opportune time to quickly assess how vulnerable your organisation might be and use the time to fix before you become another breach casualty in the sector.

    You have a nagging doubt that you truly know the up to date security posture of your high and medium risk systems:

    The misconception of a lot of business is that they think they are safe or know their security posture because they did a pen-test last year. Too often people only get a penetration test to meet compliance or financial audit requirements. What they fail to realise is so much can happen in months, weeks and even days. The reality is that in a very dynamic threat landscape driven by strong motivation and success on the part of the cybercriminals and hackers, ad hoc and infrequent penetration testing means you are leaving yourself effectively blind to potentially preventable risks.  A system or application that appeared secure 12 months ago may now be at significant risk due to new vulnerabilities that have been discovered or configuration changes that may have been made on that system or in supporting security infrastructure in the intervening period. Regular Penetration Testing is required to get an up to date picture of your security posture. Best practice recommends penetration testing higher risk production systems more often and lower risk systems at a potentially lower frequency. Best practice would also recommend penetration testing systems that have gone through change before releasing that change to production.  Organisations are often reluctant to penetration test regularly because of cost or disruption. Whilst there is no one size fits all answer, it is important to build a granular approach to testing rather than a monolithic approach, i.e. penetration test specific high risk systems more frequently, penetration test changed or new systems before release, perform round-robin penetration testing on lower risk systems that might mean they are assessed at a lower frequency than the higher risk systems, penetration test the whole perimeter etc. This more granular approach ensures pragmatic, affordable testing that provides full coverage of your systems, but focuses the effort based on clearly identified risks and potential impact to the business. If you can’t say with confidence that you know the security status of your IT estate is reasonably up to date as you would like then it most likely means that you are not performing enough penetration tests.

    You think penetration testing is a pain? This shows you or your team in a bad light or you only do it because auditor or customer asks you to.

    Roll back 10 years, lots of people in the industry were questioning the value of penetration testing and whether it needed to be conducted at all. We had next-generation firewalls, heuristic anti-malware technologies, integrated security suites from the perimeter the endpoint, evolving threat intelligence security solutions that were offering bulletproof preventative security. So where did that get us? The threat landscape and rapid growth in everything from cyber criminality, data breaches, extortion in the last 10 years in Information Security has proven that preventative security infrastructure cannot make up for basic information security hygiene practices, an appropriate strategy that mixes identification, protection, detection and recovery/response capabilities coupled with a layered security. One of the key tools from the identification phase to help understand your security posture and to know where to deploy your resources is security testing with an appropriate mix of audit, penetration testing and vulnerability testing. Vulnerability testing is useful but on its own doesn’t provide the full picture of your security posture. A business identifies their security holes through a pen test which a vulnerability scan cannot pick up. For eg; leaving an admin portal with default credentials open to the general internet.  Penetration testing leaves no doubt as to whether a vulnerability is exploitable and what the potential impact might be. Penetration testing is a growth industry once more. Organisations that gain the most value from penetration testing do a number of things well:

    • They embrace penetration testing as a positive tool – they want the tests conducted regularly and comprehensively so that they can measure their posture, understand what they are doing well and where they need to improve.
    • They are very clear on their testing strategy, frequency, scope and their goals for the testing.
    • They cooperate with the penetration testing organisation, they are hungry for the outputs from the test and quickly work on prioritised remediation.
    • They continuously improve by embracing the learnings from the output so that they don’t repeat the mistakes of the past
    • They have an appropriate mix of audit and testing ranging from risk assessment, penetration testing, vulnerability scanning (and management) to social engineering tests, ensuring they have appropriate coverage.
    • They take a risk-based approach rather than a compliance-only approach.The thing about pen-test is that there is a human behind this kind of tests that goes through a detailed scan and creates an analysis report. The human factor identifies the gaps manually and exploits them creating a report on where and how exactly you need to prioritize your vulnerability.

    You are about to deploy a new service or solution or migrate to a new service.

    Implementation of a new solution, upgrade or migration to a new service are very busy and stressful times for businesses and in particular for IT teams. IT resources are focused on meeting user acceptance criteria, deadlines and go live dates. What often gets lost or left until the last minute is verification that the system is, in fact, secure, meet your policy or compliance standard or is implemented to best security practice. Organisations often go live and then schedule a penetration test during production – which is pretty reckless. Other organisation test but leave it to a point where they have no time between to conduct the penetration test and then go live without fixing any of the issues. They are then left with an unenviable dilemma of “Do we go live now and fix later or postpone?” These approaches typically point to a bigger organisational problem – the absence of any sort of controlled secure systems development lifecycle (SSDLC) or methodology. If security testing is an afterthought then it usually means that security requirements probably weren’t properly specified at requirements stage, security design wasn’t designed in at the design stage, therefore an ad hoc build that may encompass some ad hoc security is possibly what was implemented or built. This leave the enviable problem at test/verification stage – what is the penetration tester testing against? – What policy, what requirements? Quite often in our experience of this scenario, you are left testing against industry best practices and some sort of retrospective risk analysis and retrospective security requirements. All of this points to a chaotic approach to security which doesn’t bode well for the particular project or the organisation risk management and Information Security generally. Making security part of you SDLC – i.e. having an SSDLC means a much more effective, much less chaotic and costly approach to security.  You identify your security requirements up front, the project has security baked in from the start. It is crystal clear to the business stakeholder the developers, implementers and support organisations what security is required, the project does not get past each gated stage until functional and security requirements are met. The penetration tester has very clear objectives in terms of their testing. Apart from making the project and organisation more secure, it reduces costs. The IT industry is well aware of the costs of bug fixing (security issues are non-conformance to specification and thus a security “bug”) in implementation is 6 times costlier than fixing during design and 15 times costlier if found during the testing phase.

    Your infrastructure or application managed service provider had a guy who is pretty handy at penetration testing, he did your last one as part of their service to you.

    Security audit and penetration testing is a key part of your overall Information Security Governance. Letting Joe the vendor support guy who happens to have read “Penetration testing for Dummies” penetration test your systems is the equivalent of letting your office supplies delivery guy wire your data center because he has an interest in electrics. Letting providers of your service audit or test your IT services, applications or infrastructure is riddled with conflicts of interest. Are they really going to point out in their test report what a poor job they might have been doing in keeping your systems patched, the configurations of the systems they are responsible for, or properly managing your firewall rulebase and risk, breach the SLA or lose the contract? Do they really have the expertise to conduct the test to the levels required?  Will they do it to agreed penetration testing protocols? Whilst their report might be something that you can show to non-expert financial or compliance auditors who might only be interested in ticking the box that a penetration test has been completed, is their report something that you can credibly show to knowledgeable customers that would demonstrate competence, completeness, expertise, and experience or even a professional approach to Information Security? Is it even something that your organisations or the provider’s professional indemnity and crime insurances would cover? If you are serious about Information Security, then you get penetration testing conducted by non-conflicted professional penetration testing organisations. Look for the expertise, experience, and accreditation of the organisation and its testers. Look at their approach. Request sample reports, Discuss testing scope and approach with them:

    • Is it a risk-based approach?
    • Will there be specific, measurable, achievable, timely recommendations in the test report?
    • Will the provider do full knowledge transfer of the findings and recommendations to your staff or suppliers?
    • Is it grey box, white box or black box testing?
    • Are they testing infrastructure or applications or both?
    • What is the testing window and protocol?
    • Will you need a re-test after your remediation work?
    • Do you need the consent of third parties to test and if their consent isn’t given or is very restricted then what might this mean?

    The penetration testing organisation you decided to go with was half the price of all the other organisation who provided proposals.

    True penetration testing requires expertise, experience, real people, an appropriate amount of time, effort, tools and a very methodical approach. All of this does not come cheap. You know the saying “you pay peanuts you get monkeys”. Also in a lot of cases “you pay peanuts you get vulnerability scanning dressed up as a penetration testing”. Remember the objective of penetration testing is to identify vulnerabilities and to determine the exploitability of these vulnerabilities and their impact on your organisation. A vulnerability scan can be conducted in minutes using off the shelf or open source tools. Vulnerability scanning has its value to an organisation – however it is only part of penetration testing. Too many supposed penetration testing organisations ask a security analyst to cast their eyes over an automated vulnerability scan report make some recommendations and then re-label this report a penetration test. In truth this isn’t a penetration test – it’s a souped-up Vulnerability Scan and it’s the reason why that organisations “penetration test” is a fraction of the price of professional penetration testing organisation who go to the bother of spending the time ethically trying to exploit the vulnerabilities to determine the probability of exploit and the impact on your organisation. So like all consumers, if you got something that was priced at a level that was too good to be true, then most likely you didn’t get what you paid for and doesn’t provide the level of security visibility that you required. I would respectfully suggest that you take your money elsewhere and get a proper penetration test so that you know what your true posture is.
    Penetration testing is a key tool in your armoury of verification of your security posture. Use this tool often and well and your organisation will benefit in terms of better security. Use well-established penetration testing organisation with real penetration testing expertise and experience to get the best value for your organisation. Embrace the experience positively and your security can only improve continuously as a result. Beware of penetration testing provided by conflicting or non-expert parties. Be very suspicious of providers and supplier who resist penetration testing.
    Here’s our download on penetration testing, if you would like to speak to any one of our penetration experts in Ireland or Northern Ireland, contact: grainne@ward.ie and we’ll be in touch with you shortly.

    Insights

    GDPR- A Fundamental 'Right'

    [powr-countdown-timer id=5137ae2d_1491490870751]

    It’s less than eight months to go …. How are you doing?
    At this stage you may be beginning to feel saturated with GDPR – so many articles, blogs – is there a day that goes by when there isn’t some discussion relating to GDPR on your LinkedIn home page? For those of you out there who are feeling like this or disheartened at what you perceive as a mammoth task ahead of you (you might be surprised how liberating it actually feels to get rid of all those contact details you were holding on to just because) you might bear in mind that data protection is actually a fundamental right under the Charter of Fundamental Rights of the European Union– it isn’t something new that was created by GDPR. A fundamental right … take a second to think about that. Is it just because I am a lawyer or do those two words not make your heart beat just a little bit quicker? Of course fundamental rights are not absolute – they can be limited once the limitation respects the principle of proportionality and this a balance which GDPR aims to achieve throughout its various articles.
    I was musing to myself the other day at the different meanings of the word “right”. A right in this sense is obviously an entitlement of a data subject to the protection afforded under the Charter. However right in the context of doing the right thing is about being fair, moral, honest, principled. Most companies today put considerable focus on their vision and values as a company and spend considerable time in coming up with interesting and quirky ways to communicate them. I have yet to come across any company that mentions in its vision or values that it strives to be unfair, immoral, dishonest or not principled. Putting GDPR at the fore front of how your company organises its business is about upholding the rights of your customers and employees and doing the right thing.
    If you require assistance in relation to getting your organisation GDPR ready contact gdpr@ward.ie.
    To keep up to date with what you exactly need to know about GDPR, download our whitepaper here:
    [lab_subscriber_download_form download_id=2]
     
    By providing the contact information above, I agree that Ward Solutions Limited may collect, use, disclose and retain my personal data, which I have provided in this form and share it with third party organisations through which Ward carries out it’s marketing further details of which can be accessed at our website www.ward.ie, for providing marketing material, in accordance with the Data Protection Acts 1998 – 2003 and our privacy/data protection policy (available at our website www.ward.ie).
    If you do not wish to receive this information please e-mail us at 
    privacy@ward.ie.