Skip navigation

Gloucestershire Business News

Tackling the known unknowns of cyber threats - Jason Kalwa, Salus Cyber

By Jason Kalwa, managing director, Salus Cyber 

Whatever the size of your company, it is almost certainly placing an increased importance on its cyber system.

Salus Cyber can help you ensure your business is aware of the risks and how to block them.

Cyber risk management is a discipline which continuously shifts based on your evolving strategies and the threat landscape.

From initial dialogue to completed project reporting, remediation and correction, Salus Cyber goes the extra mile to strengthen your security position and give you confidence in us.

In our last article, we looked at the first line of defence we use to protect security systems and here we examine how we improve your readiness to tackle a second wave of threats - the known unknowns.

First Line of Defence - Known Knowns  

Second Line of Defence - Known Unknowns

You know the threats, but what risks do they pose?

Our second line of defence services are designed to challenge the efficiency of a cyber security strategy such as control frameworks and how corporate key performance indicators are affected, as well reviewing the conformity of the first line of defence to mitigate cyber risks.

By mapping and defining policies, we use frameworks, tools and techniques to protect your most valuable assets to minimise your risk profile.

  • Cyber Aware

Attacks that exploit human error, rather than technical hacking, can only be avoided through education.

Threat actors rely on the uninformed to expose data by sharing malware or unwittingly providing access - often targeting individuals outside of their work environment.

We work to increase cyber awareness beyond information security teams, ensuring everyone understands the value of their personal data and corporate access.

Salus Cyber has a custom, internally developed phishing management and deployment platform for bespoke phishing tests.

An organisation's people are often the weakest link in the security chain - we improve employee awareness to help them identify possible malicious activity and push culture change.

As part of educating your employees - and helping to identify gaps in defences - we target your organisation through common and unique social engineering attacks which were experienced by 62 per cent of businesses in 2019 according to Cabinet Solutions.

  • Active directory & Identity Access Management

Active directory configurations are often a weak spot in the network defence while identity access management provides the backbone to most IT infrastructures - making them an attractive target.

To assess how resilient yours is to unauthorised access, we put ourselves in the shoes of a real-world attacker targeting passwords, credentials and your corporate configurations.

This can form part of a wider Red Team assessment or play a part in your regular testing, security reviews securing your core network by hunting down the risks and revealing the potential impact.

We can find out if your IAM is in line with best practise and if it uses available functionality to best secure your organisation.

According to Verizon, 34 per cent of data breaches involved internal actors so we identify shortcomings in the privileges and hierarchies throughout your company.


Industrial control and operational systems are at risk due to their long lifespan - they may be reliable, but a breach impact could be debilitating which makes securing your core crucial.

We provide confidence to our customers their core engines will not be compromised, avoiding any loss of production and the financial ramifications of any downtime.

We test your operation technology systems such as building management and access, weapon management and integrated security with extensive experience of testing more specialist systems such as aircraft refuelling, aircraft fuel management and power plants.

  • Mobile

Essential for communication and at the heart of business, mobile devices are highly connected, drawing data from numerous internal applications and databases.

They are vulnerable to threats attempting to gain access to your networks.

Salus Cyber helps customers reduce the potential for attacks via mobile devices by limiting the number of entry points, highlighting any outdated application programming interfaces, reviewing frameworks and assessing any third party applications.

Threats are checked by manual penetration testing of iOS and Android mobile applications for phones, tablets, laptops and other mobile devices which are an extension to your network perimeter.

Our methodology reviews the settings enforced on devices and we go deep into application codes to discover issues.

  • Lost/Stolen Devices

Devices go missing from time to time, accidentally or maliciously, and minimising the damage can get you out in front when it happens.

By identifying the risks of such a device - be it phones, laptops or even desktops - and implementing appropriate measures to bring those risks within an acceptable threshold ensures you are fully prepared and resilient against any real life incident.

Salus can help in determining the impact and assist in improving their security posture.

Next month: The Third Line of Defence - Unknown Unknowns

To discuss how Salus Cyber can make your company more secure, email, call 01242 374087 or visit 

Related Articles

Shareholders' agreements: A necessity or a luxury? Helen Howes of Willans LLP Image

Shareholders' agreements: A necessity or a luxury? Helen Howes of Willans LLP

Whether you are a small company with two shareholders, or a larger business with multiple shareholders, it is hard to overstate the importance of having a properly drafted shareholders' agreement.

VIDEO Punchline Talks: Mark Blake, Mark Blake Hair Salons Image

VIDEO Punchline Talks: Mark Blake, Mark Blake Hair Salons

In the week many of us have rushed to the hairdressers, Mark Blake - one of the leading figures in hairdressing in Gloucestershire and beyond - is in the Punchline Talks hot seat discussing reopening, operating throughout the pandemic, post-lockdown styles and much more.

Do's and don'ts of varying employment contracts - Margaret Adewale, The HR Dept Gloucester Image

Do's and don'ts of varying employment contracts - Margaret Adewale, The HR Dept Gloucester

Almost 500 British Gas engineers have lost their jobs after refusing to sign new contracts which would have seen them work longer hours while cutting average pay - raising crucial issues about what actions an employer should take if they wish to vary a contract of employment.

VIDEO Punchline Talks: Friday Briefing, April 16 Image

VIDEO Punchline Talks: Friday Briefing, April 16

The royal funeral, the reopening of shops and a legal dispute over a caterpillar cake - there has been plenty of news stories for our Friday panel of business experts to discuss.

Copyright 2021 Moose Partnership Ltd. All rights reserved. Reproduction of any content is strictly forbidden without prior permission.