The last decade has seen a dramatic shift in the cyber threat landscape. No longer is the primary threat a teenage ‘script kiddie’ looking for bragging rights. Today’s attackers are more often State Sponsored Groups (SSG’s) or Organised Criminal Gangs (OCG’s). With this shift, there has been a dramatic increase in well written and effective ‘Hacker Toolkits’ that can be run with minimal expertise.
The speed of this change has left many still believing the old mindset that their company is not worth the trouble to hack. This may have been true when a quick website defacement was all that was desired, however in today’s world SSG’s and OCG’s have a longer strategic view.
They know that every company has something worth taking whether it be your customer database to use for identity theft, abuse of your partner relationships to make you the weak link in their security or even just turning your infrastructure into a network to target others, eg, Botnets.
Old school defences are no longer effective and too many companies still cling to the old received wisdom of ‘build your walls high and hope for the best’. With attackers rapidly evolving their tools and techniques you can no longer ‘set and forget’ your security.
To protect your infrastructure, assets, and the reputation of your company to combat these emerging threats and continue to trade successfully in the 21st century digital arena, your security needs to evolve in parallel.
KCS can bring a unique perspective to cyber security due to its decades of experience in providing strategic intelligence and risk analysis on a global scale. Combining this with KCS expertise in Cyber Security and Cyber risk, as well as our ability to maintain a presence within the Dark Web, enables us to provide the client with unparalleled threat intelligence, analysis and contingency plans and implementation.
This will give the client a firm footing from which to build your security and protect your business.
KCS can perform full penetration tests/ethical hacks against many different systems. These can either be ‘White Box testing’, when the Penetration Tester (Pen Tester) has full knowledge of all systems and can rigorously test the internal structure and workings of applications and systems, or, ‘Black Box testing’ where the Pen Tester tests the functionality of an application or system with no internal knowledge of systems, i.e. looking through the eyes of a hacker.
Infrastructure Pen Testing
This attempts to breach the company’s critical infrastructure.
Industrial Control System (ICS) Pen Test.
For companies running large industrial machinery such as Supervisory control and data acquisition (SCADA) controlled manufacturing plants
Social Engineering and Phishing Audits
It is often said that humans are the biggest security weakness in any company. Employees of most companies have little or no training in how to spot fraudulent emails and many act on requests apparently coming from senior company officials without question. KCS can carry out realistic Phishing and Social Engineering attacks and provide training on how to spot suspicious activity helping raise security awareness to your staff.
Wireless Network Assessment
Wireless networks present an invisible and often overlooked attack route into the core of an organisation with attackers able to breach your systems without ever setting foot in your offices. KCS can carry out an assessment of the security of this vital component.
Web Application Pen Test (OWASP Top 10)
Many companies maintain a large web presence that is not just their official web site. Other internal applications and client portals can provide a backdoor for determined attackers. KCS can test your application against the Open Web Application Security Project (OWASP) top 10 vulnerabilities to give you some assurance that vulnerable applications are not sitting on your perimeter [is there a better way to say perimeter].
Vulnerability assessments are carried out with no attempt made to exploit the vulnerabilities detected.
External Non-Intrusive Vulnerability Assessment
KCS can probe the exterior of you network in a non-intrusive manor and advise of any issues.
Internal Vulnerability Assessment
Many people make the mistake of only strengthening their perimeter allowing an attacker to compromise machines with ease once they are inside. KCS can provide a more comprehensive assessment that runs from inside your network allowing you to verify that your internal servers are patched and secured.
Social Media Vulnerability Assessment
KCS can consider the amount of data leakage onto social media, both from your official company sources and your employees. This helps you verify that your employees are adhering to your company’s social media policy.
Open Source Intelligence Report
Most companies don’t realise how much information regarding their business is freely available on sites. Attackers use this information to target organisations and craft social engineering campaigns. This report can help you spot potential attack routes and close them off before they are exploited.
Egeria Dark Web monitoring
The Dark Web is an unknown quantity to most companies and accessing private forums that hackers frequent is beyond their means. KCS have an extensive network in the Dark Web and can provide strategic intelligence on threats to your company.
Cyber Security Audits
Infrastructure Cyber Security Risk Audit
KCS can assess your current security layout and procedures against industry standards. Once completed we can help advise you on actions to mitigate any issues found.
Active Directory Security Health Check
Active Directory is a core component of many businesses critical infrastructure, but it is rarely strictly controlled, as this has generally grown organically with the company. Based on our years of experience KCS can perform a security health check and identify common misconfigurations and problems that could provide a breach point for attackers.
Cyber Security Policy Writing
Many companies lack experienced security professionals to aid them in creating the security policies that are required as part of their due diligence. KCS can assist clients in writing your core security policies, taking your decision makers through the critical decision points, and documenting the results in the appropriate format.