Strategic intelligence and risk-focused business KCS Group Europe has now announced the addition of a Cyber Audit Assessment to its existing intelligence and corporate security service suite. With the aim of educating organisations around the internal risks, threats and vulnerabilities they face, including the growing threat posed by employees, the Cyber Audit Assessment fuses human and cyber intelligence tools to mitigate cyber risk.
Despite the increasing sophistication of the security tools and procedures implemented by Information Security teams to counter the cyber threat, these are by default designed to address the generic attack. However, the criminal fraternity is ‘getting personal’.
Moreover, when two thirds of FTSE companies admit to having been hit bit by a cyber breach in the past year alone, questions must be asked as to just how well the C-Suite understands the level of risk to which they’re now exposed.
KCS Group Europe’s Cyber Audit Assessment addresses these issues by delivering solutions in the following four areas: Social Media Vulnerability, Phishing Risk and Threat Audit, Social Engineering and False Flag Assessment and Ethical Hack.
Social Media Vulnerability Assessment
The Social Media Vulnerability Assessment is carried out discreetly to ascertain as much information as possible on the subjects with no prior information required except for authorisation and ID purposes. By harnessing the power of social media, digital media and reputational analytics, the assessment brings value to an individual by providing intelligence that’s “timely, relevant and actionable” in relation to defamatory and derogatory comments, and also in particular cases of identity theft.
Phishing Risk and Threat Audit
This assessment will be provided by KCS Group Europe to a select number of employees or departments within the organisation involved. Typically lasting over a four-to-six week period, the test can take many forms, including testing the users’ reactions with simple phishing e-mails to spoofed e-mail addresses appearing as internal requests for information.
Social Engineering and False Flag Assessment
Fake social media profiles are on the increase. Many businesses are losing money and essential data due to that data being giving out unwittingly by employees to hackers and organised criminal gangs. For this assessment, false LinkedIn and Facebook profiles will be used to ascertain as much personal information as possible from the specific key employees.
A form of penetration testing, an ethical hack is the best way to understand the cyber risks, threats, weaknesses and vulnerabilities that may be hidden within the IT infrastructure of any commercial organisation with a relatively small budget. Organisations can either take part in a ‘black box’ or a ‘white box’ test. The former will require no information on the infrastructure and be performed just as a bad actor would do, while the latter will pre-arm the penetration tester with knowledge of the network and server environment.
On the launch of the Cyber Audit Assessment service, Tony Sweeney (cyber security director at KCS Group Europe) commented: “Cyber threats are evolving, and at a fast pace. From social engineering to exploring the Dark Web for company-specific information, and even placing rogue individuals into an organisation as employees, criminal gangs are embarking upon increasingly targeted attacks. The implication for organisations on the receiving end is serious. While the tools employed by IT teams to secure the business are increasingly sophisticated, they’re also generic and simply cannot counteract the specific and increasingly intelligence-led attacks now in force.”
Sweeney added: “It’s because of these increased threats that this service is so vital. These four steps are successful in not only protecting organisations, but also in helping them to understand the risks, threats and vulnerabilities presented by their employees and their systems, and supporting them to put effective security measures in place.”
The four assessments can be deployed either as a complete organisational assessment or as individual investigations. The results of the assessment(s) will be collated for each team, department or group of users detailing the activity and providing recommendations as to where targeted improvements should be made.
In conclusion, Sweeney commented: “Employees are a key area of vulnerability for every business. There are a number of steps that need to be embedded within core processes to minimise the cyber risk. In addition, employees need to be made far more aware of social engineering and the associated business risk. The insight delivered by our penetration tests provides the host business with a chance to specifically target employees or teams with social media training and education, in turn raising awareness of the sensitivity of information shared and the need to be discerning about accepting connections.”