Technology

English
Clearswift Endpoint Data Loss Prevention

Clearswift Endpoint Data Loss Prevention

There are multiple places within your IT infrastructure where critical information is stored. These include email Inboxes, file servers, collaboration servers (some of which might be ‘in the cloud’) and endpoint devices.  All Clearswift solutions are designed to protect critical information from falling into unauthorized hands across all these different locations and channels.  Clearswift’s Endpoint Data Loss Prevention (DLP) solution is specifically designed to address the loss of critical information at the endpoint.

There are three key components of Clearswift Endpoint DLP.  The first is the ability to regulate what devices can be connected to a company network.  The second is the ability to control the copying of data (or files) to removable media, e.g. a personal device or USB stick and encrypt it if necessary. The third is to gain visibility of what critical information is stored on a company’s various endpoints that could create an issue should it fall into unauthorized hands and move it to a more secure location. 

Device Control

Clearswift has embedded its Deep Content Inspection (DCI) into a leading endpoint protection solution, enabling organizations to enhance security and data protection processes. Removable media, including personal devices and USB sticks, has become a key risk to organizations as it is so easy to transport large quantities of information onto a very small form. Furthermore, some devices can carry malware risks with them. Clearswift Endpoint DLP has enhanced device control functionality enabling an organization to define exactly what devices are allowed to be used and/or connected to the company network. The granularity can be used to regain control, so devices can be limited by device type, device manufacturer or all the way through to specific devices. Within the defense industry, this is becoming common practice with a very restricted number of devices allowed to be used within the department or organization.

Content Transfer Control & Encryption

So, while Clearswift Endpoint DLP enables devices to be restricted, so too can the files that are allowed to be copied to them. This is where the Clearswift DCI engine comes in play.  The DCI can ensure that no company files are copied to devices which would break company policy. By using the same DCI engine on the endpoint as is used in the other Clearswift solutions, it ensures consistency across the information it finds and acts upon.

Even when the content is approved to be copied or transferred, there is still one more step which is carried out. Encryption. Encrypting the removable media ensures that if the device is lost or stolen, then the data can’t be accessed and the organization remains compliant. When GDPR came into enforcement in May 2018, several organizations locked out all USB key access to the company network. While this is practical from a compliance perspective, it is not helpful day-to-day, where information frequently does need to be transferred via USB. With its triple layer of protection: device control, content control and encryption, Clearswift Endpoint DLP is there to keep you and your organization safe.

Discovering critical information ‘at rest’

The final piece that Clearswift Endpoint DLP enables is the ability to understand what information is on the device which could be a future issue. This could be made up of tens or hundreds of thousands of files stretching back over time. Some of these files may contain sensitive information and so need additional protection. Furthermore, Clearswift Endpoint DLP is not just for laptops.  It can be deployed to trawl through on-premise file servers or cloud-based file storage to check the content (data-at-rest) stored there, and move files with critical information to more secure locations if necessary.  It will leave behind a ‘breadcrumb’, to say the file was there – but has now moved, so as to reduce the IT support call “Help, my files have disappeared”.  This 'data discovery' piece provides information security managers with visibility of information security risks within their organization, so action can be taken to prevent data breaches occuring.

In today’s world of digital collaboration, the need to understand where information is located as well as enhancing data protection processes is more critical than ever. Clearswift Endpoint DLP has been designed to reduce the challenges of today’s IT environment and improve working practices to protect critical information wherever it is stored and however it is used.

Read more about the Clearswift Endpoint DLP and how it can benefit your organization here.

Clearswift Innovation

Clearswift – we’re continuously developing our Technology Portfolio

July 17th sees the 2nd major Clearswift SECURE Gateways release in 2018. With another release planned in November, Clearswift continues to demonstrate our commitment to deliver innovation to our customers.

The latest Clearswift Version 4.8 release contains features to improve data loss prevention (DLP), Email Encryption and boost Web browsing performance. We are also launching a new on-premise encryption portal with our technology partner CipherMail.

Enhancing our DLP capabilities is increasingly important for all our customers. The introduction of GDPR earlier this year, as well as other data protection regulations across the globe, all require content to be monitored more closely than ever before. Examples include the State of California and Brazil who have both recently introduced ‘GDPR like’ legislation to ensure sufficient care of personal data.  Australia has also followed suit updating its Data Privacy Regulations (Notifiable Data Breach Scheme).

The Clearswift Version 4.8 release introduces support for Optical Character Recognition (OCR) scanning of email messages coming in, going out, as well as within the organization.  The system scans message attachments, including documents and compressed files, and extracts text from images to pass to our DLP policy engine. It then enables DLP policy actions based on the discovered content, in the same way it does for normal text in documents.

The other major DLP feature in this release is the upgraded Lexical Expressions Qualifiers, which were originally created to reduce the chance of false positives. The new Version 4.8 enhancements increase the accuracy of searching and makes it simpler to use.  For example, say you want to detect personal identifiable information (PII) about employee data leaking from the organization.  It would be difficult to perform keyword searching of every employee especially for a large company, so we have a developed method where we can take a database export of employees’ data (or even just an Excel spreadsheet) and import that data into the Gateways in a secure hashed format, adding indexes to help find data more efficiently.  Using this new method, if we can find a Social Security Number AND the Forename AND the Surname in a chunk of data matching to the record from the database, we can be 100% confident we’ve found a positive match.

Email encryption is becoming more and more commonplace, especially for regulatory reasons such as the German Edi@Energy regulation as well as for better corporate information governance.  Clearswift Version 4.8 introduces support for S/MIME 3.2, extensive Certificate validation, searching and customizable TLS ciphers to ensure that data in transit is sent with a high level of security. Furthermore, the Clearswift cloud-based encryption portal has been upgraded and we are also introducing a new on-premise portal based encryption solution.

Portal-based encryption, whether in the cloud or on-premise, is becoming standard as a way for companies to collaborate securely with their customers. Our solution makes it transparent for the sender, and simple to use for the recipient.

Internet access and performance needs have increased for customers, in order to keep pace with the demand for faster access the Clearswift SECURE Web Gateway includes some significant performance enhancements, yielding about 20% faster access. Coupled with the similar performance boost we achieved in Version 4.7, browsing experience is noticeably better.

For those customers who use the Clearswift SECURE ICAP Gateway, additional headers are added to enable support of more Internet proxies, which now includes those from IBM.

Putting out a new release is always an exciting time for the Clearswift team. It’s good to go to our customers and say, “You know when you asked if we could do…, well in this release you can!”

Of course, with the release of Clearswift Version 4.8, there is no pause button. We are now working on the next release, with both customer requests and some real innovation, which we know is what is expected from us and keeps us at the top of the top of the global security vendor leaderboard.

Additional information:

Learn why OCR should become part of your DLP solution.

GDPR readiness: Education sector rivals technology industry in race towards General Data Protection Regulation compliance

Theale (UK) 19th October, 2017. New research from leading information security company Clearswift has shown that the education sector is rivaling technology for the top spot when it comes to GDPR preparedness. When asked whether firms currently have all of the necessary processes in place to be compliant, the top five performing sectors included technology and telecommunications (32%), education (31%), IT (29%), business services (29%) and finance (29%).
English

Cyber Security New Year’s Resolutions for 2017

In our previous blog post, “Cyber Security Predictions for 2017,” we performed a retrospective review of 2016 and provided nine cyber security predictions for 2017. The cyber-threat landscape became increasingly hostile as hacking and data breaches dominated the political, social, and economic headlines, and cybercriminals turned to ransomware and DDoS (Distributed Denial of Service) attacks to target organizations of all sizes. The latter included an increased focus on industries with mission-critical infrastructures like utilities and hospitals

Cyber security isn’t going to become any easier in 2017. Organizations of all shapes and sizes must ensure they have the right technologies and processes in place to protect their infrastructures and information. With that in mind, we put together a list of 8 New Year’s cyber security resolutions for 2017.

1. Ransomware Readiness. Organizations are being held hostage by cybercriminals who demand a ransom in exchange for allowing them to regain access to their computer systems and data. This cyber activity spans myriad industry segments (with financial services and healthcare topping the list) and impacts organizations of all sizes – from consumers and small businesses to global enterprises. Cost of ransomware was projected to reach $1 billion in 2016 in the U.S., with the number of cases quadrupling from the year before.

As ransomware attacks become more advanced, cyber security teams desperately need to significantly ratchet-up their defenses to go way beyond signature-matching content to a list of the usual suspects or trying to analyze them in a virtual playground. Morphing attacks have proven to socially evade these hurdles. Ransomware neutralization requires an unprecedented level of inspection that completely dissembles digital activity to its most granular constitutes parts to remove weaponized scripts and payloads – all without delay and disruption to the business.

How Top Cyber Security Teams Neutralize Ransomware Attacks 

2. Prepare for New Regulations - GDPR. Any organization handling Personally Identifiable Information (PII) for EU citizens anywhere in the world will be impacted by the General Data Protection Regulation (GDPR), which goes into effect in May 2018. To prepare for GDPR, organizations must institute systems and processes that enable them to discover where PII data is stored, detect when it is shared and govern its use through prescribed security measures. The latter includes intelligent policies applied across all channels and based on GDPR geography, data type, purpose conditions and required security treatment.

GDPR Compliance – Discover, Secure and Govern

3. Revisit Email Security. Ninety-one percent of cyber security attacks begin with a single email. In addition to protecting against malware attacks, including zero-day attacks, organizations must guard against social-engineering attacks that aim to steal valuable information or demand a ransom. But traditional email security approaches fail to block newer more evasive threats bypassing detection. Organizations need to revisit their email security defenses to focus on real-time sanitization by completely remove malicious content and redacting confidential information (e.g. user login names and passwords) leaving as a response to a phishing campaign. An enhanced layer of email security that can be performed without the impacting quarantines and delays to communications.

2017 must enhancements to email security should at minimum include:

Target prevention that minimizes information harvesting of personal details and metadata through social engineering attempts

Enhanced hygiene involving advanced phishing, SPAM detection, real-time cloud updates and multiple antivirus engines

Advanced threat protection for deep inspection and structural sanitization of hidden malicious macros and scripts

Advanced Threat Protection for Email

4. Migrate to the Cloud with Confidence. Twenty-two percent of critical information is stored in the cloud today, and this is expected to increase to 25 percent by the end of 2017. One of the areas of most rapid growth are office applications like Office 365, Google Gmail, and collaboration tools like Slack, Jive Software, among others. Last year, office system capabilities in the cloud comprised approximately 15 percent of applications used by users. But these are going to expand dramatically, with projections they will hit 60 percent – or 700 million users – by 2022.

Lack of security had organizations hesitate in their migrations previously because of the basic native security capabilities that cloud applications offered or lack of policy integration with their enterprise systems. But those looking to move more of their IT operations from on-premise to the cloud in 2017 can overcome these challenges by wrapping a layer of real-time inspection and sanitization of data flows destined for the cloud (i.e. Office 365 or Cloud Storage) to detect confidential information shared, malware attacks entering or unapproved apps accessed without permission.

Adaptive Security for the Web – Prevent Evasive Ransomware, Phishing and Cloud Leaks

5. Enact Cyber Readiness. Though the threat landscape continues to evolve and become more complex, organizations need to step up their cyber readiness with training and simulations based on the specific requirements of their company and business processes. In order to identify realistic worst-case scenarios from next generation cyber threats.

Cyber Training and Attack Simulation

6. Get Back to the Basics for Document Security. Commercially sensitive information frequently needs to be removed from content before files are sent or shared, organizations can now add a safety net of document redaction and sanitization to their existing security gateways to automatically remove confidential information or often overlooked revision history, comment, and hidden metadata.

Document Sanitization and Redaction Safety Net for the Forgetful User

7. Prevent Accidental Web Leaks. Accidental data leaks can expose valuable information.

Repercussions range from brand degradation, to wasted marketing efforts, to noncompliance with privacy laws. The following are a few of the ways organizations can help prevent accidental web leaks …

Enhance existing internet web technology through reverse proxy to automatically inspect content being served at a granular level

Employ adaptive security policies for identifying and preventing accidental leaks without disrupting communications due to false positives

Empower department stakeholders to classify confidential information that enable the crowdsourcing of information detection policies

Put in place the same protection around web based (personal) email as you have for corporate email, as the threats are the same and the consequences of a breach the same

7 Website Leaks that Shocked the World of Tech, Sports, and Entertainment

8. Address Shadow IT. Seventy-four percent of employees assume cloud applications and file sharing tools are approved for use by their companies. However, 70 percent of executives and IT managers have no idea how many unauthorized cloud apps and services are being consumed in their organizations – this is Shadow IT. These present various security and data risks. An important starting point is for organizations to configure their web security gateway to track and trace data flows out through cloud collaboration tools to determine Shadow IT usage, and ultimately put a program in place to convert Shadow IT to authorized IT. In the meantime, data flows to Shadow IT sites can be redacted and sanitized, preventing the leak of confidential information or inadvertent malicious downloads.

Shadow IT Alerts – Detect WebTools and Cloud Services Accessed without Permission

Related Articles

Cyber Security Predictions for 2017

Cloud Storage, File Sharing Apps and GDPR: It Could Get Ugly Fast

Stop Cyber Attacks before they start: Data Harvesting and Targeting

Cyber Security Predictions for 2017

Cyber attacks dominated the headlines in 2016. The tentacles of cyber threats span the globe and every industry; cyberwarfare involving critical infrastructure services, massive data breaches where troves of emails and data were stolen, and blackmarket ransomware attacks that have taken over control of critical IT systems - only to be released after the ransom sums were paid.

Over two billion records were stolen in 2016. The hacking of records and emails from the Hillary Clinton campaign and the US Democratic National Committee were just a handful of high-profile hacks that roiled businesses and individuals in 2016. Data breaches to businesses such as Yahoo, LinkedIn, and numerous others comprised millions upon millions of Personally Identifiable Information (PII). PPIs consist of personal data used to distinguish or trace a person’s identity. It includes not only things such as their name, social security number, biometric records, etc., but it also other data like an individual’s photographic image, fingerprints, handwriting, facial geometry, passport information and credit card numbers.

The cyber-threat landscape is much larger than hacking and data breaches. Concerns of cyber espionage between nations were ratcheted up even further with attacks across borders and involving myriad governmental agencies. It’s not simply data and hacking. It also involves critical infrastructure services such as the attack on the Ukrainian power grid by Russian hacker with attacks extending beyond data centers and traditional endpoints to Internet of Things (IoT) devices and SCADA networks.

Cybercriminals also ramped up their use of ransomware and DDoS (Distributed Denial of Service) attacks in 2016 to threaten and extort money from victims in exchange for stopping the attacks or allowing them to rescue locked files. These attacks became huge issues for infrastructures like utilities and hospitals.

The Threat Landscape in 2017

So, with all of this in the background, there should be much trepidation across industry segments and for organizations of all sizes as we move into 2017. Much of what we saw in 2016 will evolve in complexity and scope in 2017. Cybercriminals continue following the money trail, with ransomware and DDoS attacks becoming more widespread and increasing in scope and severity. The following are areas where organizations should pay special heed in 2017:

1. Advanced Threats Targeting the Cloud.
There has been a significant shift in advanced threats bypassing perimeter defenses and extracting or holding sensitive data hostage using malware and ransomware. These attacks became highly personalized this past year, improving their ability to evade detection by corporate networks and the basic security controls included in cloud applications. As the adoption of cloud apps and services accelerate in 2017 and push vital services and data outside organizational control, so will the risk of information-borne leaks and malicious attacks entering.

2. Evolution of Ransomware: Changing Data and Destroying Backups.
Ransomware has evolved from simple malware to more persistent attacks. One way organizations thwart ransomware attacks are to have a solid backup plan in place. Specifically, the ability to replace encrypted data negates the extortion attempt. However, cybercriminals are getting smarter and going after backups prior to encryption. Most attempts focus their efforts on local backups, but there is evidence these will spread to cloud backups and even include the manipulation or deletion of data. The threat is agnostic; the same techniques that work on-premise also work in the cloud. We will also see continued growth in cyber criminals not compling with the release or re-encrypting the critical data at some point later in time - even after they were paid. You can’t trust a cyber-criminal!

3. GDPR Compliance Impact on Business.
Though the EU’s General Data Protection Regulation (GDPR) will not take effect until May 2018, it will most certainly impact cybersecurity in 2017. Those affected by GDPR: any organization anywhere in the world which handles PII for EU citizens. To prepare for GDPR, organizations must conduct a thorough audit of their current and future processing of personal data and begin implementing solutions, to protect it, today. With Data Protection Impact Assessments (DPIA) mandated by GDPR for high-risk processing, organizations that qualify must begin those processes in 2017 to meet the deadline in 2018.

4. Increased Demand for Data Privacy and Data Breach Accountability (Cyber Insurance).
Interest in data privacy is not relegated to just the EU. Government entities are paying increased attention to data privacy, with organizations such as the Federal Trade Commission in the U.S. becoming increasingly active in pursuing companies for violation of security failures and failing to adhere to privacy laws – existing and new. Recognizing they are accountable for data breaches, businesses are turning to cyber insurance in large numbers. The cyber insurance market doubled in size from 2012 to 2015, topping $2 billion. Industry analysts believe that number could hit $6 billion by 2020; recognizing the risk of data breaches and their financial implications, executives are seeking insurance policies to ensure their businesses are protected in the event one occurs.

5. Shadow IT: No Longer Laissez-faire.
Organizations have taken a fairly laissez-faire approach to shadow IT, unofficially (or unknowingly) permitting employees to leverage cloud apps and services such as Dropbox, Box, Microsoft OneDrive, Slack, JIRA and Google Drive. But if you cannot see cloud services being consumed or confidential data leaving through them, then you cannot see the risk. How big of a problem are we talking about? On average, organizations have up to 20 times more cloud apps and services running within their environment than what has been authorized by the IT department. Seventy percent of executives and IT managers say they don’t know how many cloud apps and services are running in their environments. Cloud storage and file sharing applications are highly problematic, with nearly one-quarter being shared and 12 percent of those containing compliance-related data or confidential data.

6. Cyber Espionage and Warfare.
The U.S. Defense Department participated in a Cyber Guard drill in 2016 that was intended to prepare troops and cybersecurity officials throughout the government for the possibility of infrastructure attacks by an enemy or non-state actor. One of the outcomes included pinpointing areas where remediation was needed, and it plans to continue the program in 2017. Cyber espionage and warfare are global issues. Attacks are increasingly being reported from North Korea, China and Russia not only involve the stealing of intellectual capital but infiltrate and manipulate critical infrastructure services such as the case with the Ukrainian power grid.

7. Hacktivism and Content Censoring.
2016 was the year when hacktivism came to the forefront. The U.S. presidential election was one instance of many. Fake news such as “Pizzagate” – spread virally on social media – in the political and social arenas rose to new heights in 2016, and signals point that it will continue to grow in 2017. This is also giving rise to content censoring by social networks and foreign governments along with a vigorous debate on whether they should do so.

8. Proliferating Web & Mobile App Leaks.
Mobile security remains a serious problem. A new report shows that more than 200 mobile apps and websites leaked PII in 2016. Consumers and business professionals are putting more and more of their PII into their mobile apps, including financial information, and cybercriminals are paying heed.

9. Email Security Threats.
Ninety-one percent of cybersecurity attacks begin with a single email. Traditional antivirus solutions cannot detect or prevent phishing attacks. Cybercriminals employ phishing attacks such as the one that targeted the U.S. Democratic National Party and Podesta to gain access to other users or systems. At the same time, they can deliver malware via email and gain a foothold and operate without any knowledge for weeks, months or even years. This is not just corporate email, but also personal (web-based) email which is opened on the corporate networks.

Getting Ready for 2017

Organizations wishing to get ahead of the cyber security challenges in 2017 must ratchet up their cyber defense with an unprecedented level of inspection. A level that not only adapts to new threats, but also is trusted by leading government agencies and defense departments around world to detect, dissemble and thoroughly sanitize digital activity in real-time flowing in and outside the organization.

Related Articles:

Cyber Security New Year’s Resolutions for 2017

Stop Cyber Attacks before they start: Data Harvesting and Targeting

How Top Cyber Security Teams Neutralize Ransomware Attacks 

Clearswift Named a Cyber Security Leader of 2016 by Cyber Defense Magazine

Clearswift Announces Sponsorship of local ISSA Chapters

ready for next wave of cyber-attacks

Clearswift and the local Information Systems Security Association (ISSA) Baltimore, Raleigh and Tampa Bay Chapters have announced a new sponsorship relationship to help their members prepare for the next wave of cyber-attacks and information borne threats.

As one of the most prominent communities of international cybersecurity professionals, ISSA seeks solution-oriented, proactive, and innovative sponsors to help educate and support their members. Clearswift, a game-changer in the cybersecurity industry, has recently grabbed a number of headlines with its rapid new entrance in the Gartner Magic Quadrant for Enterprise Data Loss Prevention (DLP), winner of SC Magazine Europe “Best Email Security” award and nominated as a finalist for the “Best DLP,” “New Product Announcement” and “Companies with Tomorrow’s Technology Today” in the upcoming cybersecurity award season. Together, ISSA and Clearswift will share an aligned focus around managing technology risk and critical information protection.

Cybersecurity Engagement

Clearswift has appointed Jerry Leclair, Eastern and Federal Regional Director, as the key liaison to support the local ISSA Chapter members and coordinate cyber-threat briefings, technology demonstrations and proof of concepts. Jerry will be frequently attending local Chapter meetings and events to provide members direct access to industry leading cybersecurity resources and to discuss topics ranging from:

Learn More:

ISSA Journal – April 2016 Volume 14 Issue 4 
Protecting against Tomorrow's Malware Attacks Today
By Guy Bunker - ISSA member, UK Chapter and Clearswift, SVP of Products

ISSA 2016 International Conference – November 2-3, 2016 Dallas, TX  United States
Transform from Surviving to Thriving by Preparing for the Next Wave of Cyber-Attacks and Information Borne Threats 
Thursday 11/3/2016 from 11:30 am - 12:15 pm in room Cumberland L.

T'was the Season...

cyber crime at Xmas

Is this post a little late, ‘the season’ was last month..? Well, that’s true, but it’s this month that the credit card bills and bank statements arrive, so now is the time to check that there hasn’t been any fraudulent activity.

The rise of contactless payments has not only acted as a benefit for speedier payment of small amounts, but has also exposed another threat vector for both fraud and for mispayment. The latter is getting sorted out, although caution as to which card is used for payment is still an issue unless you remove the actual card and present it. The ‘big benefit’ of not removing the card from the wallet has been removed as most people have multiple cards contained in their wallets (and purses) so swiping the container creates a problem. A quick check that you haven’t been charged more than once on different cards for the same transaction is all that is needed.

From a fraud perspective, the devices needed to read and process contactless payments are becoming easier to buy and use. They are only effective over very short distances so the opportunity only really arises if you are in a crowd. Shopping during the holiday season provides the opportunity for that 'crowd' and the fraudsters. This is where extra vigilance is required, the maximum amounts are not big so there is a tendency to skip the spend when looking at statements – but do keep a close eye on the line items to watch for any dodgy transactions.

Outside of shopping crowds, the other major opportunity for people to get close enough to run a contactless payment is when commuting – especially if you are on the London Underground or the Tokyo Subway systems. Of course there are other places like concerts and sporting fixtures, particularly when going into or leaving the venues. I wrote a while ago about RFID shields for contactless payment cards, these are very thin sleeves which you put your card in to prevent them from being accidentally or maliciously swiped without you knowing. Since most people now get their cards out of their wallets to use them, it is worth getting a shield (or you can buy an RFID resistant wallet / purse) to keep you safe.

In business as well as in your personal life, critical information needs to be protected at all times – and with new ways of doing business, you need to look at new ways to protect the information from the cyber-criminals who will always be looking at new ways to exploit new technology.

Dr. Guy Bunker

Large data protection fines now a reality!

By Debbie Evans, Legal & Commercial Director

Dutch Data Protection Act

The European reforms to the data protection rules still to be agreed may result in large fines being imposed from data protection breaches of the greater of 5% of companies annual worldwide turnover of €100million.

However the Dutch are leading the way following their recent adoption in May 2015 of changes to their Data Protection law. The Dutch Senate adopted a Data Breach Notifications bill, which amends the Dutch Data Protection Act and the Telecommunications Act. The impact of the changes are the authorities right to impose fines of up to €810,000 or 10% of its annual turnover per violation.

The Dutch changes should be in force from January 2016 and will put additional pressure on Dutch connected companies to review their data protection notification and compliance measures. The key requirement of the change is the need for companies to immediately notify the Dutch Data Protection Authority where a security breach has or is likely to have a serious adverse effect on personal data protection.

The severity of fines imposed are to be assessed against:

  • Nature and scope of data breaches;
  • Nature of breached personal data;
  • The extent of existing technical measures; and
  • Consequence to affected individual’s privacy.

Time is ticking for the other European countries too - are you ready?

Lenovo and Superfish adware... does it really matter?

By Dr. Guy Bunker @guybunker

Stethoscope on a laptop

There was a big story earlier this month about the installation by Lenovo of adware on its consumer laptops. The adware, or ‘Superfish’ as it quickly become known, was one of a number of pre-installed packages which consumers could fully install if they wanted – the idea behind it is to help consumers find the cheapest version of what they are looking for. Which, on the face of it seems like a good idea. I’m sure that the folks at Lenovo thought it would be a good selling point as well.

Most manufacturers pre-install third party pieces of software for consumers to try and if they like them, buy, and this isn’t the first time that a manufacturer has been caught out by installing software which turns out to be less than good. The Sony DRM ‘rootkit’, back in 2005, was probably the first piece of software which was installed ‘for good’ but turned out to be ‘bad’ and it got so bad at one point that there were articles written on removing all the bloatware that came with a new PC. Today, when there is 1TB of space on a laptop, a few hundred MB of rubbish doesn’t make the headlines.

Perhaps, like the Sony scandal, the real challenge that Lenovo has is that the application they installed has far-reaching effects on every web page, including all those which are through secure HTTP/S. So, even if you are going to your bank, the software can intercept the traffic, decrypt it and insert adverts. However that process opens the user up to a whole heap of privacy violations – which is why there has been such an outcry, and rightly so. I doubt the developers of the adware thought about the privacy angle, they probably came up with a ‘smart’ idea which would allow them to serve ads even in encrypted traffic – which seemed like a good idea at the time. I suspect they are re-thinking that now... as are Lenovo and all the other manufacturers who ship pre-installed trialware.

So, what now?

Well, in this case Lenovo (and most of the anti-virus manufacturers) have issued a ‘fix’ to remove the adware and in Lenovo’s case to stop it being part of the standard image that they ship with their laptops, however this doesn’t mean it won’t happen again – and who knows whether the next time, it might be real malware which goes unnoticed for many months. It will be interesting over the next 6, 12, 18 months if the reputational damage that Lenovo has suffered will effect sales – I suspect it will, but they will recover.

As for the impact on businesses?

In most cases, the problem probably doesn’t exist as a new machine will arrive and the IT department will re-image it, removing all the things that were shipped on the disc and replacing it with a corporate version of the OS and the applications that are required. For the consumer it is different, for a start they potentially don’t know ‘good’ from ‘bad’ when it comes to applications and if so, wouldn’t understand the consequences of installing this particular application.

If you do get a new home PC, even if it seems to have a lot of space on it, take a look at what has come pre-installed and if you don’t want it, or need it, then remove it. If you are not sure (either that you want it, or understand what it does) – then the chances are you won’t want it later on, so remove it anyway. Most of the pre-installed trial versions can be downloaded and installed at a later date if required. If you are technically savvy and want to be really sure... then format the hard disk and reinstall the OS from scratch, then you can be sure there is nothing trying to get at your information and invade your privacy.

Why it’s make or break: The UK’s Digital Future

By Debbie Evans, Legal & Commercial Director

Picture of Union Jack with CPU overlay

On Tuesday 17 February 2015, the House of Lords, Select Committee on Digital Skills (appointed to “consider and report on information and communications technology, competitiveness and skills in the UK”) reported that any newly elected Government should give priority and “establish a single and cohesive Digital Agenda” that whilst creates a level of risk it allows the UK to thrive economically. The Digital Agenda should focus on the following:

  • Access to digital technologies should be viewed as a utility and available throughout the UK;
  • Education and skills in the digital space need to improve for all, including children right through to SMEs and board members; 
  • Risk Management and cyber security needs to be considered “an intrinsic part of our critical national infrastructure”.

The Report highlights that there is still a lack of awareness of the cyber security risks and the simple steps that can be taken to adequately protect. To enable the UK to culturally shift to a digitally mature and sophisticated environment, it is emphasised that the requirement for additional support, education and training in security is paramount. Increased trust and confidence needs to be placed in the technology that offers security protection; legislation and education is not enough to protect us from threats, a robust IT backbone is essential.

Whilst improving the UK’s cyber security has been a top Government priority, it is apparent from the National Audit Office report in September 2014 “Update on the National Cyber Security Programme”, that there is a major skill gap in the public sector to help meet the UK’s cybersecurity objectives. Any UK citizen should be concerned about the current skills shortage and companies like Clearswift aim to empower companies to be more in control. Clearswift’s technology allows companies to help them help themselves, by implementing infrastructure such as adaptive redaction that automatically protects us all.

As individuals, whether we are directors, lawyers, accountants, teachers or anyone for that matter, we need to start taking more of an interest and responsibility for improving our understanding of cybersecurity. Preventing data loss is the responsibility of us all but it can’t be done in isolation. Professional advisors and educators have a duty to spread the cybersecurity message; to help ensure collectively we implement and recognise the value of appropriate protection.

This is what may “make or break” the UK economy in the long run!