Cyber-attacks seem to be on the rise year after year, with a far greater degree of sophistication evident amongst hackers. There are also an increasing amount of malware varieties to watch out for. We are in an age of digital transformation, with technology developing at a rapid rate. Nowadays it isn’t enough to be merely cyber aware. Organisations both large and small need to be constantly seeking to detect potential data breaches. Our experts can help with services such as CRIBB Cyber Security Detection.
A higher level of security
In the past, most companies relied upon their own IT teams to safeguard the business against cyber security threats. As hackers grew in confidence and ability, however, it became very clear that more robust measures would be required. More and more organisations then turned to outsourcing. This was an effective way of either replacing existing resources or reinforcing them. Our own detection services have helped numerous clients achieve a higher level of security.
At CRIBB Cyber Security, part of theICEway ecosystem of companies, we adopt a ‘security by design’ approach. This allows us to tackle potential threats from the ground upwards. Our experts are adept with both Vulnerability Scanning and Penetration Testing. Both can be used to uncover system flaws and weaknesses and then provide solutions that will strengthen your defences.
Vulnerability Scanning
We can offer mid-level, on-premise scanning to identify internal, external and website-related weak points. We review all networks and servers. Then we compile a detailed management and technical report that contains corrective solutions. These are to be carried out either internally or by a trusted third-party. In total, there are five verifications made:
Internal Vulnerabilities
A detailed, in-house scan is completed on all infrastructure relating to your company. Possible threats requiring action are then addressed in order of importance (low, medium and critical threat statuses are applied).
External Vulnerabilities
In-depth scans of all web-facing devices relating to your company are carried out. We then provide advice on how to deal with any potential threats (low, medium and critical).
Web Application Vulnerabilities
Detailed scans of all company websites are conducted in a similar manner. This then leaves you with an order of importance in which to approach threats (low, medium, critical).
PCI DSS
Service providers and merchants must successfully carry out quarterly vulnerability tests. These should consist of either 4 scans per annum or a scan every 90 days. This is to achieve compliance with requirement 11.2 of the PCI DSS. The experts at CRIBB Cyber Security can assist you with the PCI scan certification.
Personal Identifiable Information Vulnerabilities (PII)
We will carry out a deep dive of your infrastructure to search for customer PII requiring anonymisation. Any controls to be implemented to restrict unauthorised access will also then be addressed.
CRIBB Cyber Security Detection services include: Penetration Testing
A ‘pen test’ is an authorised, simulated attack on a system that is designed to identify security weaknesses. Typically, the test gains access to features and data. The target system(s) and a specific objective are flagged before then evaluating the information available.
This greatly helps to assess whether or not a system is open to attack. It also identifies which defences are sufficient and which need attention. Pen tests have a variety of different formats depending upon your individual requirements:
Black Box Testing
This format involves our cyber security experts acting as external attackers. They are given no prior information given to them on what exactly they are testing. Black Box tests offer accurate simulations of how an internet hacker might present a very real risk to your business.
White Box Testing
This format sees us given detailed information about the client’s infrastructure and web applications. It often also involves the provision of access to architecture documents and source code. Access to credentials within the environment to be tested may also be provided. This test offers a robust simulation of how an attacker armed with information could present a risk.
Grey Box Testing
Blending black box and white box techniques, a grey box test sees clients providing us with pieces of information to help with the testing process. It is a more focused test than the black box format and offers a shorter timeline for engagement, ultimately providing an ideal approach for evaluating web applications that allow users access to data specific to their role.
Red Team Testing
A highly targeted testing process, the objective here is not to uncover as many vulnerabilities as possible, but to instead detect only those vulnerabilities that are crucial to an objective being achieved, ultimately testing the client’s detection and response capabilities. The red team aims to access sensitive information quietly and in any way possible, acting as a hacker carrying out attacks whilst attempting to remain under the radar.
A Red Team Assessment deploys a variety of different methods including Social Engineering, wireless and external, and it is important to note that they are not for clients who do not have high-level security requirements.
Contact us for pricing and to set up vulnerability or penetration tests with our cyber security experts.
CRIBB Cyber Security Detection Glossary
Malware – Software that is designed intentionally to cause damage to IT infrastructure, such as a computer virus
theICEway ecosystem of companies – A collection of specialist IT companies that join together to provide a complete digital solution (CRIBB Cyber Security, ICE Technology Services, eTestware)
Security by design – An approach that seeks to reduce vulnerabilities in computer systems at the development stage through adherence to best programming practices
PCI DSS – The Payment Card Industry Data Security Standard, an information security standard for companies taking credit card payments
Requirement 11.2 of the PCI DSS – A requirement that stipulates companies run internal and external network vulnerability scans on a minimal quarterly basis (they must be performed by qualified personnel)
Top Tip
What could be better than a top tip? FIVE top tips, of course, all designed to help you detect a cyber-attack:
1. Ensure you have a robust password policy, taking care to note unusual password activity
2. Be wary of mysterious emails, it could be an example of phishing
3. Be wary of suspicious pop-ups
4. Keep all software up to date
5. Inform the IT department of an unusually slow network