Tackling the known unknowns of cyber threats - Jason Kalwa, Salus Cyber
Whatever the size of your company, it is almost certainly placing an increased importance on its cyber system.
Salus Cyber can help you ensure your business is aware of the risks and how to block them.
Cyber risk management is a discipline which continuously shifts based on your evolving strategies and the threat landscape.
From initial dialogue to completed project reporting, remediation and correction, Salus Cyber goes the extra mile to strengthen your security position and give you confidence in us.
In our last article, we looked at the first line of defence we use to protect security systems and here we examine how we improve your readiness to tackle a second wave of threats - the known unknowns.
Second Line of Defence - Known Unknowns
You know the threats, but what risks do they pose?
Our second line of defence services are designed to challenge the efficiency of a cyber security strategy such as control frameworks and how corporate key performance indicators are affected, as well reviewing the conformity of the first line of defence to mitigate cyber risks.
By mapping and defining policies, we use frameworks, tools and techniques to protect your most valuable assets to minimise your risk profile.
- Cyber Aware
Attacks that exploit human error, rather than technical hacking, can only be avoided through education.
Threat actors rely on the uninformed to expose data by sharing malware or unwittingly providing access - often targeting individuals outside of their work environment.
We work to increase cyber awareness beyond information security teams, ensuring everyone understands the value of their personal data and corporate access.
Salus Cyber has a custom, internally developed phishing management and deployment platform for bespoke phishing tests.
An organisation's people are often the weakest link in the security chain - we improve employee awareness to help them identify possible malicious activity and push culture change.
As part of educating your employees - and helping to identify gaps in defences - we target your organisation through common and unique social engineering attacks which were experienced by 62 per cent of businesses in 2019 according to Cabinet Solutions.
- Active directory & Identity Access Management
Active directory configurations are often a weak spot in the network defence while identity access management provides the backbone to most IT infrastructures - making them an attractive target.
To assess how resilient yours is to unauthorised access, we put ourselves in the shoes of a real-world attacker targeting passwords, credentials and your corporate configurations.
This can form part of a wider Red Team assessment or play a part in your regular testing, security reviews securing your core network by hunting down the risks and revealing the potential impact.
We can find out if your IAM is in line with best practise and if it uses available functionality to best secure your organisation.
According to Verizon, 34 per cent of data breaches involved internal actors so we identify shortcomings in the privileges and hierarchies throughout your company.
- OC, ICS & SCADA
Industrial control and operational systems are at risk due to their long lifespan - they may be reliable, but a breach impact could be debilitating which makes securing your core crucial.
We provide confidence to our customers their core engines will not be compromised, avoiding any loss of production and the financial ramifications of any downtime.
We test your operation technology systems such as building management and access, weapon management and integrated security with extensive experience of testing more specialist systems such as aircraft refuelling, aircraft fuel management and power plants.
Essential for communication and at the heart of business, mobile devices are highly connected, drawing data from numerous internal applications and databases.
They are vulnerable to threats attempting to gain access to your networks.
Salus Cyber helps customers reduce the potential for attacks via mobile devices by limiting the number of entry points, highlighting any outdated application programming interfaces, reviewing frameworks and assessing any third party applications.
Threats are checked by manual penetration testing of iOS and Android mobile applications for phones, tablets, laptops and other mobile devices which are an extension to your network perimeter.
Our methodology reviews the settings enforced on devices and we go deep into application codes to discover issues.
- Lost/Stolen Devices
Devices go missing from time to time, accidentally or maliciously, and minimising the damage can get you out in front when it happens.
By identifying the risks of such a device - be it phones, laptops or even desktops - and implementing appropriate measures to bring those risks within an acceptable threshold ensures you are fully prepared and resilient against any real life incident.
Salus can help in determining the impact and assist in improving their security posture.
Next month: The Third Line of Defence - Unknown Unknowns
Copyright 2022 Moose Partnership Ltd. All rights reserved. Reproduction of any content is strictly forbidden without prior permission.