Details of an incident involving Pervade Software have recently been published and we would like to take this opportunity to clarify some misunderstandings related to the articles.
Before confirming what actually happened, we would first like to confirm that, despite what has been said, the Pervade OpAudit™ system has NOT been breached.
The IASME Consortium is a customer and partner of Pervade and they run a very efficient online service that allows companies to carry out self-assessments including the Cyber Essentials Scheme. The platform itself is hosted in a commercial data centre, branded as being “ultra-secure” and on a stand-alone server. Pervade are responsible for the management, performance and security of that server as well as supporting the instance of the OpAudit™ software that is running on it.
A server configuration change was made by a Pervade employee in the normal course of his duties (diagnosing an email notification issue). This employee published email notification logs in order to help trace the issue but after completing the de-bug he failed to revert this configuration change to its correct setting, which meant that certain logs continued to be published. These logs included the email addresses that some email notifications were sent to (but not the email content itself) as well as the display name and in some cases the IP address information of the assessor triggering the notification.
Someone found a way to access this log file on the server and so identified this error. We are grateful that this oversight, which revealed some email address information, was brought to our attention because revealing email addresses in a specific context like this increases the risk of spear-phishing attacks to those email accounts (please see below for more information about spear-phishing).
As a company, we take all security incidents very seriously and we have taken swift action to correct this error and of course the email address information is no longer accessible. Human errors like this one are very disappointing and we have taken steps to make all of our staff aware of this and to increase vigilance in the future. We have also conducted a full review of our change management processes to prevent this from ever happening again.
As a cyber security company we are more sensitive than most to potential threats and go to great lengths to ensure that our software is secure by-default and by-design. Indeed, this platform has been in place and running very successfully for 3 years and despite constant threats and attacks it has never been hacked .
All the necessary authorities and parties have been notified in line with GDPR and NCSC guidelines.
Again, to be clear, the system itself was not “breached”, account information like usernames or passwords are not accessible, the assessment content such as answers given to questions is not accessible, the content of reports is not accessible and actually neither is the content of the email itself - only the email address related to the person it was sent to.
The Pervade OpAudit™ system is as secure now as it has always been and we want to assure users that any information they enter into the system is very secure, completely confidential and handled in the most sensitive way and you can rest assured, your information is safe and we are all continuing to work very hard to keep it that way.
For more information please feel free to contact us.
What is a "Phishing Attack"?
These attacks involve a perpetrator sending an email in to your company attempting to obtain sensitive information such as usernames, passwords or credit card details by disguising the email to make it look official or innocuous. Often these emails contain an attachment or a link that will inevitably launch some malware. I’m sure you will have seen emails such as these before.
If the perpetrator is able to use very specific information to make it look like it came from someone you do normally deal with or it references an activity you will recognise, it is referred to as a “spear phishing attack" and it is much more dangerous because there is a higher risk that you will open it without realising that it is a fake.
6 Cathedral Road
Send us a message
PROUDLY SUPPORTING THOSE WHO SERVE
Pervade Software have signed the Armed Forces Covenant
Security IT Summit London, 4th July
Pervade Software will be presenting and will be available for one-to-one meetings at this year's Summit.
Come and ask us questions in a relaxed environment.
The Security IT Summit is an excellent platform for collaboration between those working in the IT industry, and those who provide the latest solutions and services in this sector.
A highly focused event that brings together delegates and suppliers, the Summit consists of one-to-one business meetings, interactive seminars and valuable networking opportunities; all to enable you to create lasting business relationships.
Welsh Business Show Llanelli, 26th July
The Welsh Business shows are presenting its 8th year of shows in 2017, and has gained the reputation as Wales’ leading quality provider of business exhibitions.
As a business with strong roots in Wales, Pervade Software are proud to be exhibiting our innovative Welsh software products at these unique events.
Each show attracts over 700 delegates who take time out of their busy schedules see the shows vast exhibitors, learn from the informative seminars, and take part in the shows networking.
The Welsh Business shows comprise of three national exhibitions held annually in our Capital Cardiff, The City of Swansea, and the county of Carmarthenshire.
Cyber Threat Summit Dublin, 24th October
Now in its seventh year, this year's Cyber Threat Summit will have a very European focus. The largest event of its kind, it will attract cyber security experts from all over Europe to discuss all aspects of cyber security including issues such as GDPR and the NIS Directive.
There are three distinct streams running concurrently; "Strategic", "Operational" and "Technical". 2017 will also see the introduction of a Cyber Startup Zone giving innovators a chance to shine and network with potential investors.
John Davies will be speaking at the event as a Country Representative, representing Wales, and Pervade will also be in the Expo Hall showcasing how to bring technical monitoring and documentary compliance together into a single configurable system to tackle complex regulations like GDPR and NIS.
Latest News (click here for News Archive...)
Wales Coast to Coast Cycling Challenge - 27th April, 2017
Having already cycled across Wales, from West to East, in aid of charity avid cyclists from Pervade jumped at the chance to join North Wales Business Partner, Rob Boyns from Safonda and others in a gruelling 200-mile North to South coast to coast cycle ride.
The intrepid quest began at the Marina Quay in Rhyl, North Wales and took the team past Ruthin Castle and the beautiful Bala Reservoir before attacking the highest mountain pass in the country, Bwlch-y-Groes just under 2000 feet above sea level.
Dropping down to skirt Dyfi Forest the team rested overnight in the historic town of Rhayadr, nestled under the Cambrian Mountains having completed 104 miles.
Setting off early the next morning, the team headed past Llandrindod Wells and Llanwrtyd Wells before hugging the western edge of the Brecon Beacons National Park to emerge in Ammanford for a spot of lunch.
The last leg of the journey took the group through Gowerton, where John's family originate, before finishing their endeavours at the tip of the scenic Gower Peninsula having done another 102 miles.
Launch of the GDPR Alliance - 25th May, 2017
Pervade Software have joined forces with leading specialist organisations including law firms, compliance consultants, penetration testers, data protection and IT information security experts.
12 Months ahead of the introduction of the General Data Protection Regulation 2016 (GDPR) into UK law, leading advisors on data management and compliance have formed an Alliance to provide advice and support for what has been described by the UK’s Information Commissioner as a “game changer for everyone”.
The changes that most organisations will need to make to become GDPR compliant range from improving cyber security measures, to re-writing supplier contracts and updating privacy notices & website cookies. No single supplier can provide all of the advice, products and/or services needed but an alliance of GDPR experts, each with complimentary offerings, can combine forces to provide a single port of call and Pervade are delighted to be involved in this unique coalition.
Infosecurity Europe, London 2017 - June 6th-8th, 2017
Pervade Software had a great time exhibiting at InfoSec again this year, which took place at Olympia in London.
It is Europe’s number one information security event, featuring the largest and most comprehensive education programme, with over 360 exhibitors showcasing the most diverse range of products and services to more than 13,500 visitors.
This year, the team were sharing a stand with strategic partner Wolfberry recognised as being one of the top cyber security consulting firms in the country who use the Pervade OpAudit platform to deliver their certification services.
The stand also backed onto the stand of The IASME Consortium, the leading Accreditation body in the UK for Cyber Essentials, IASME and GDPR assessments.
The team were showcasing OpIndex™, a new feature set that is being developed for Police Forces to fulfil the new offensive cyber responsibilities that were delegated to them in January as part of the National Cyber Security Strategy.
Although the offensive features can only be used by the police, other capabilities such as indexing and searching Dark Nets like the Tor Network generated a lot of interest.
Pervade team members ride across Wales for charity
Jonathan Davies - Director of Engineering
Jonathan is the founder of Pervade Software and is responsible for product development as well as support and installation services services.
Before joining Pervade Jonathan served as the head of Europe, Middle East & Africa for eIQnetworks, a Gartner ranked SIEM company based in the US. Before that Jonathan worked in various technical roles in the security industry including penetration tester, head of security, security analyst and project architect.
Lewis Collins - Director of Operations
Lewis joined Pervade Software in 2010 and is responsible for all company operations including accounts, corporate compliance and managing company partnerships.
Lewis' extensive experience in the independent software marketplace began as an independent programmer migrating legacy applications to run on web server environments. Moving steadily from development teams into pre-sales roles and then into commercial management and Lewis has served in a number of senior management positions.
Josi Kaal - Director of Marketing
Josi joined Pervade in 2012 and is responsible for overseeing all marketing activities from direct marketing, telesales, collateral and event management.
Josi's incredible organisation and planning capabilities were formed in a teaching career during which she rose to the top of the pay scale and senior management positions in leading schools. After taking a "gap year" when her daughter finished university to travel the world with her, Josi began a very successful career change working in operational roles in huge global corporations such as Cummins and then specialising in marketing for IT companies such as PCG International and EssentialNET.
John Davies - Managing Director
John co-founded Pervade Software and is responsible for all commercial activity including the management of all channel partners globally.
John is the co-founder and Chair of the South Wales Cyber Security Cluster, the largest cluster of its kind in the UK, pro-actively supporting the UK National Cyber Security Strategy to make the UK the safest place to do business in cyberspace.
He is also a member of the executive committee of Airbus EndeavR Wales, a joint venture between Welsh government, leading universities and Airbus, in the role of small business champion.
John is committed to helping to close the skills gap in cyber security by participating on the Curriculum Advisory Boards of both Cardiff University and the University of South Wales and regularly runs sessions for the National Cyber Security Academy in Newport.
He is a certified GDPR Practitioner has recently been invited onto the Steering Committee of the GDPR Alliance committed to ensuring that businesses are aware of and compliant with the new EU data protection laws.
Leveraging his military background, John plays an active role in helping military personnel and their families as the Chairman of the Regional Employer Engagement Board for the Armed Forces in Wales as well as raising money for armed forces charities through his passion for cycling.
Joanne Stevens - Company Secretary
Joanne became Company Secretary for Pervade Software in October 2011 and is responsible for overseeing all bookkeeping, accounting, tax matters and company returns.
Joanne has extensive experience in proactively supporting small and large companies from start-ups to established businesses. This unparalleled knowledge and expertise has proved to be invaluable in helping Pervade grow organically as an international software vendor supporting clients and channel partners in many legal and regulatory jurisdictions.
Pervade Software on a Help for Heroes charity ride
Pervade CTO, Jonathan Davies, in a studio interview for The Telegraph explaining why using multiple monitoring systems for security simply doesn't work.
This video is a keynote speech given by John Davies of Pervade at the Nuclear Industry Cyber Security Conference in Cardiff
Pervade CTO Jonathan Davies explores attack types that do not generate logs and would be hidden from today's Security Operations Center.