KCS Group Europe develops Cyber Audit Assessment to mitigate internal threats

Strategic intelligence and risk-focused business KCS Group Europe has now announced the addition of a Cyber Audit Assessment to its existing intelligence and corporate security service suite. With the aim of educating organisations around the internal risks, threats and vulnerabilities they face, including the growing threat posed by employees, the Cyber Audit Assessment fuses human and cyber intelligence tools to mitigate cyber risk.

Despite the increasing sophistication of the security tools and procedures implemented by Information Security teams to counter the cyber threat, these are by default designed to address the generic attack. However, the criminal fraternity is ‘getting personal’.

Moreover, when two thirds of FTSE companies admit to having been hit bit by a cyber breach in the past year alone, questions must be asked as to just how well the C-Suite understands the level of risk to which they’re now exposed.

KCS Group Europe’s Cyber Audit Assessment addresses these issues by delivering solutions in the following four areas: Social Media Vulnerability, Phishing Risk and Threat Audit, Social Engineering and False Flag Assessment and Ethical Hack.

Social Media Vulnerability Assessment

The Social Media Vulnerability Assessment is carried out discreetly to ascertain as much information as possible on the subjects with no prior information required except for authorisation and ID purposes. By harnessing the power of social media, digital media and reputational analytics, the assessment brings value to an individual by providing intelligence that’s “timely, relevant and actionable” in relation to defamatory and derogatory comments, and also in particular cases of identity theft.

Phishing Risk and Threat Audit

This assessment will be provided by KCS Group Europe to a select number of employees or departments within the organisation involved. Typically lasting over a four-to-six week period, the test can take many forms, including testing the users’ reactions with simple phishing e-mails to spoofed e-mail addresses appearing as internal requests for information.

Social Engineering and False Flag Assessment

Fake social media profiles are on the increase. Many businesses are losing money and essential data due to that data being giving out unwittingly by employees to hackers and organised criminal gangs. For this assessment, false LinkedIn and Facebook profiles will be used to ascertain as much personal information as possible from the specific key employees.

Ethical Hack

A form of penetration testing, an ethical hack is the best way to understand the cyber risks, threats, weaknesses and vulnerabilities that may be hidden within the IT infrastructure of any commercial organisation with a relatively small budget. Organisations can either take part in a ‘black box’ or a ‘white box’ test. The former will require no information on the infrastructure and be performed just as a bad actor would do, while the latter will pre-arm the penetration tester with knowledge of the network and server environment.

Tony Sweeney

Tony Sweeney

On the launch of the Cyber Audit Assessment service, Tony Sweeney (cyber security director at KCS Group Europe) commented: “Cyber threats are evolving, and at a fast pace. From social engineering to exploring the Dark Web for company-specific information, and even placing rogue individuals into an organisation as employees, criminal gangs are embarking upon increasingly targeted attacks. The implication for organisations on the receiving end is serious. While the tools employed by IT teams to secure the business are increasingly sophisticated, they’re also generic and simply cannot counteract the specific and increasingly intelligence-led attacks now in force.”

Sweeney added: “It’s because of these increased threats that this service is so vital. These four steps are successful in not only protecting organisations, but also in helping them to understand the risks, threats and vulnerabilities presented by their employees and their systems, and supporting them to put effective security measures in place.”

The four assessments can be deployed either as a complete organisational assessment or as individual investigations. The results of the assessment(s) will be collated for each team, department or group of users detailing the activity and providing recommendations as to where targeted improvements should be made.

In conclusion, Sweeney commented: “Employees are a key area of vulnerability for every business. There are a number of steps that need to be embedded within core processes to minimise the cyber risk. In addition, employees need to be made far more aware of social engineering and the associated business risk. The insight delivered by our penetration tests provides the host business with a chance to specifically target employees or teams with social media training and education, in turn raising awareness of the sensitivity of information shared and the need to be discerning about accepting connections.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts