Cyber Security Health Check
Don’t know where to start?
Cyber security is a broad and complex discipline, and hackers exploit this reality through understanding that you need to protect everything at once, whereas they only need to find one weak spot to achieve their nefarious objectives. As organisations become more attuned to the need for effective cyber security – either through having been the victim of ransomware or other attacks, or simply through being confronted with daily headlines about security breaches – there is sometimes confusion as to where to begin.
You may or may not have the basics in place, such as antivirus software and firewalls, but you know that’s not sufficient. So, what’s the next priority?
Counterhack’s comprehensive health check will assess your company against recognised industry frameworks to give you maturity ratings for how you protect, detect, respond and recover from a cyber security incident. This will provide you with a heat map of the areas that need to be addressed by your cyber security maturity programme, and practical guidance on the introduction of relevant security controls.
We can also help you get some of the basic framework in place, such as overarching security policies and end user acceptable use policies.
If you know you need to uplift security, but aren’t sure where you should be investing your limited resources to get the biggest bang for buck, this is the place to start.
Penetration testing is the practice of emulating the tactics and techniques of real hackers in trying to gain access to your IT assets. This means reconnaissance of your online presence, discovery of possible entry points that may not be well protected, and exploitation of vulnerabilities in order to obtain a foothold in your network. Once this has been established, the penetration tester will pivot to internal systems that may hold your crown jewels, and attempt to elevate their level of access until they have the data that they are after.
These tests serve various important purposes. For a start, they give a succinct answer to the question “Are we secure?”.
Secondly, they provide you with a prioritised list of remediation activities that allow you to focus your resources on the activities that will result in the biggest improvements to your risk profile.
Penetration tests also allow you to test your in-house or outsourced security incident detection capabilities. If you can’t detect the hacking techniques Counterhack is employing, you probably won’t be able to detect a real hacker either.
If you already have a security program in place, and are looking for assurance that it is effective in protecting your information assets, then a penetration test from Counterhack is the place to start.
The Australian Cyber Security Centre (ACSC) recommends that organisations implement eight essential mitigation strategies which will prevent 80% of breaches. Two out of the top four controls relate to vulnerability management: patching operating systems and patching applications.
Most organisations will use tools such as SCCM or WSUS to push patches out to Windows endpoints, based on Microsoft security advisories. The problem with using this approach exclusively is that it misses some of the most egregious application vulnerabilities on most networks. Applications such as Adobe Acrobat, Java Runtime and Oracle for example, will usually fall through the cracks of most patching regimes.
Counterhack provides vulnerability management software from leading vendors such as Qualys and Rapid7, as well as managed service offerings that provide a detailed monthly report on missing patches and misconfigurations in your network, as well as detailed instructions on how to remediate them. We help you prioritise your patching activities by using threat intelligence to determine which vulnerabilities present a clear and present danger to your organisation.
We can also help you harden your workstation and server builds so that they present the smallest possible attack surface to hackers, protecting you from both current and future threats.
Counterhack offer a tailored service for small business incorporating full vulnerability management traditionally only available to large organisations. If your business is less than 100 users, take a look at the Counterhack Service to see how we can provide a comprehensive turnkey solution to protect your business.
Cyber-Savvy Employee Program
It is an undisputed fact that your employees are the first and most effective form of defence against social engineering attacks. Hackers often target humans, or ‘wetware’ because they know that it is the easiest way into your network. The types of attack used in social engineering include phishing, fake invoices, phone calls impersonating service providers, or simply tailgating someone into an otherwise secure floor.
Counterhack can test your organisation’s ability to detect and defend against these types of attack by actively carrying out these types of activities in a safe and controlled manner, giving you valuable insight into weaknesses in your cyber defences. This can be in the form of fake phishing campaigns, USB key drops, and physical penetration testing of your work environment.
We also provide relevant educational material to help you lift your game if you need to. This includes regular security newsletters, information on how to detect social engineering attempts, and live webinars where security experts share insider tips with your staff and advise them on issues such as password management, social media safety, and some of the newer attacks that are being used by hackers.
If your staff are cyber-savvy, that’s half the battle won already.