Because businesses come in different types, sizes, models, goals and competencies, sometimes it may make better sense to seek an independent external capability to manage your cybersecurity function. We can help you:
- Rapidly deploy and establish an Information/Cyber Security Management capability if you don’t have one already.
- Enhance existing skills and knowledge by bringing in a broader experience to the existing structure.
- Reduce or optimise the cost of managing your Cyber/Information Security function.
The time commitment of the service can be optimally apportioned to meet your specific business needs. Often we find that businesses seek this approach when:
- They are going through a transitional phase of business change where a requirement has been identified to establish a CISO type function because none exist or the skills are simply not available amongst the existing team.
- Where a business is not sizeable enough or lacks adequate skills and experience to setup a full in-house capability for a CISO function. A business in this context typically finds it more operationally and economically effective to hire an independent external CISO capability to fill the gap.
Cybersecurity Pulse Check
Technical Penetration Testing:
Penetration testing is a vital proactive step an organisation can take to uncover weaknesses and holes in its technology infrastructure before the adversaries do. Penetration Testing evaluate the security of the technology infrastructure by simulating an attack from a malicious or dangerous source.
In CyberSolace we believe in a holistic approach to security penetration testing which covers testing of the technical infrastructure and applications, the physical premises, the networks, and equally importantly, the people in the organisation through their levels of awareness.
We can provide CREST and/or CHECK accredited security testing services that would help management focus its resources on what matters and prioritise improvement actions in accordance with the qualified risk.
Cybersecurity Risk Assessment:
Risk assessments help you understand the scale and nature of the cyber threat that you face and the valuable business assets that stand to be compromised. It will ultimately help you focus your priorities and channel your investment to what really matters in order to mitigate the risks proportionately.
Cybersecurity Gap / Maturity Assessments:
We adopt a holistic approach to security and typically our assessments cover multiple facets, comprising People, Process, Technology and Organisation. Yet we mindfully maintain a close attention to external influencing factors such as regulations, standards and emerging business technology and operating models.
We can utilise a number of known industry standards and frameworks to measure, audit or gap-assess your security posture and give you an objective view of how well your security practices measure up or if there are any urgent concerns that need to be addressed. Examples of some of the standards and governance frameworks we can utilise are: ISO 27001, GDPR, UK Government Cyber Essentials Framework and NIST Cyber Security Framework.
Because you cannot protect or improve what you do not know
But we also recognise that not all companies are the same or operate under identical regulations. Thus we can easily tailor an assessment framework that is specific to your business context and is more aligned to your company culture in order to ensure the final outcome is as meaningful as possible to your management.
Planning & Rehearsals
In our current times and the foreseeable future cyber incidents and breaches are an everyday potentiality for all businesses across all industry sectors. No company is immune to cyber incidents or the havoc they can cause when they occur. Be it ransomware, unauthorised remote access, extortion, cyber fraud, or denial of service – a cyber incident can be detrimental for a business if it is not prepared for it. This is why CyberSolace offers its cyber-incident-response rehearsing service to help organisations prepare for incidents in advance in order to lessen their impact on the business when they hit. Rehearsals are tailored to the unique business context of the client as well as aligned with current cyber-threats.
CyberSolace has also developed an innovative approach to help clients select the best response candidates at their disposal. We do not automatically revert to IT teams but instead we apply Occupational Psychology methods to identify the right individuals in an organisation that would be best suited to operate as incident-responders.
We always involve a multidisciplinary segment of staff from across the business covering senior leadership, IT, legal, corporate communications and business operations to represent a realistic backdrop of stakeholders who would typically be required in a real-life situation.
Cyber incident response rehearsals are a very effective method in helping organisations appraise and bolster their preparedness as well as build their confidence and efficacy when managing real life responses to serious incidents.
However, threat actors are constantly evolving, and technology is invariably susceptible to a stream of newly discovered vulnerabilities. That, coupled with the scale of the targeting and difficulty of monitoring all possible attack methods, means some attacks will get through. If the worst happens, you can call upon us to investigate an incident and help you with the containment, eradication and return to normal business operation. We apply industry best practices in our response strategies and also customise it the context of the client’s business and priorities.
In last resort situations we also help our clients conduct ransom negotiations with perpetrators in a way which minimises the unpredictability, loss and confusion which ensues in such scenarios.
Crypto-Currency Crime Investigations
CyberSolace is able to help organisations with investigations that link real-world entities to crypto-currency activity. Using a state of the art proprietary platform we can trace crypto-currency addresses, transactions, or service names to understand who controls funds, and create graphs showing activity covering numerous mainstream crypto-currencies.
Over the last few years adoption of crypto-currencies has shown a steady increase across the globe with no sign of the trend waning on the horizon. Large corporates as well as retailers have begun adopting crypto-currencies as an alternative means for payment for goods and services. By example PwC Luxembourg, Starbucks, Microsoft, Expedia and the Swiss city of Zug, amongst many others, have all begun on that journey.
Nonetheless, crypto-currency’s decentralised, semi-anonymous nature makes it a uniquely appealing option for criminals, and their embrace of the technology has somewhat helped shape part of its reputation. But contrary to popular belief, unlike cash and other traditional forms of value transfer, most crypto-currencies are inherently transparent. Especially in the case of currencies that are based on a public-ledger model, such as bitcoin, every transaction is recorded and publicly visible.
Identify Criminal Activity Through Blockchain Tracing
With the right tools, we can see how much of all crypto-currency activity is associated with crime, ransomware and extortion activity, and share insights with law enforcement and the industry to stop bad actors from abusing the system and, in many cases, taking advantage of vulnerable people.
In the specific cases of ransomware attacks, CyberSolace can provide the necessary analysis to support specialised law firms issue injunctions on crypto-exchanges that are inadvertently or otherwise involved in the transfer of ransom payments for criminal groups. Ultimately offering a chance for the victims to block or even retrieve the ransom payments instigated by cyber-criminals.