Cyber Risk Profiling
Understanding your Cyber risk profile is an essential precursor to the implementation of an effective cyber security strategy. Training should be structured, focused and relevant and our risk profile services allow an organisation to identify high risk user groups, locations and business specific vulnerabilities. With expertise and exposure to the most current cyber threat techniques, our team replicate methods used by cyber threat groups to understand ways in which your organisation is most susceptible to cyber threat.
Dark Beam Cyber Exposure Reports
Dark Beam is a multi-layer search engine (surface, deep and dark web) which enables us to ascertain existing corporate leakage across a range of pre-determined criteria. Dark Beam allows us to see your vulnerabilities as a malicious actor would. By understanding your organisation’s footprint and exposure we are able to provide an effective human risk profile across the organisation.
Dark Beam is used by a range of organisations to measure their own internal risk, yet also risk factors associated with supply chain and customers. By using Dark Beam we can see the vulnerabilities of your organisation as a hacker would.
Although there are other providers that allow for a scan of deep and dark web vulnerabilities, Dark Beam provides all of that information in an easy to digest report, suitable for IT professionals and those with no prior experience. All exposed vulnerabilities are well explained and contextualised for your sector and size of business. We will also provide you with clear advice on how to mitigate any existing risks.
What does Dark Beam do?
An organisation will submit their primary URL for a scan. At this point a passive non-intrusive assessment of cyber security posture will be conducted by searching for all information across the surface, deep and dark web. In effect, identifying everything available about your organisation that sits outside of your domain. These results are collated in under one minute. You are then about to visualise areas of risk across more than 55 elements within seven cyber posture categories and implement effective remedial action to counter cyber threat. Key information includes:
- Staff email addresses and login credentials such as passwords that are exposed to those outside of your organisation.
- Details of any spoof domains (domains developed to trick your staff into thinking emails come from within the organisation) that could be used to enable spear phishing campaigns against staff, suppliers or customers.
- Details of any mail server issues.
- Vulnerable or unpatched subdomain information.
- Any email servers that you are blacklisted from.
- SSL certification information (critical website security).
Dark Beam Monitoring
A Dark Beam cyber exposure report provides an organisation with a snap shot of their exposure at that moment in time and is an excellent start for those seeking to mitigate cyber risk. Yet, the greatest risks often come from fresh exposure and it is essential to be alert to changes in cyber exposure and any new leakage. With GDPR requirements to report data breaches within 72 hours, the Dark Beam monitoring service can ensure that you are made aware of any exposure across all of our information sources, within 24 hours, providing one of the most effective ways of monitoring changes in your organisational cyber security exposure.
Spear Phishing Assessment
The processes of social engineering and phishing are responsible for over 85% of the human error breaches that lead to subsequent data loss. Identifying the level of human risk is often a difficult task and most staff are now aware of the key features of a crude phishing email and basic social media security, yet experienced attackers are rarely crude or basic. At the Cyber Stars Initiative we use state of the art Spear Phishing software to create organisation, role or departmental specific spear phishing emails that far better represent the real criminal threat. We are able to identify your overall business risk, as well as departmental or role specific risks. Our team of cyber risk specialists will analyse your cyber risk profile based upon factors such as geographic distribution, site specific system access and mobile working threat, helping to not only identify training need, but also shape effective policy development and implementation.
It is essential to remember that phishing tests should be far more than click rate. Our testing allows us to analyse the risk profile of your business, considering device use, geospatial factors and behaviours of employees with access to critical systems.
Following the delivery of the Cyber Stars Initiative and associated training programmes we will retest the level of risk at regular intervals to demonstrate improved resilience and identify those individuals that require further training.
Read more about why internal phishing tests are so often ineffective here.
Executive Digital Footprint Profiles
Social Engineering is the fastest growing Advanced Persistent Threat (APT) technique for malicious actors seeking to exploit individuals across all regions and professional sectors. Over 85% of all successful attacks against businesses, are email based and involve exploitation of digital footprints. Our individual digital footprint grows each year and increasingly provides an opportunity for blackmail, extortion and other types of criminality. Social engineers and cyber criminals have discussed common methodology in terms of “target” identification and many demonstrate that it takes less than 5 minutes to find a range of exploitable opportunities. Malicious actors will exploit those individuals within an organisation that appear most vulnerable, often outweighing a requirement to access specific systems or data sets. This service helps to identify individual vulnerabilities and provides individual and specific remedial training to improve cyber security posture.
Our Digital Footprint Analysis is conducted by investigative experts with detailed knowledge of criminal methodology. By taking just a business card our investigative team will replicate social engineer methodology and help an individual to both realise and respond to the cyber threat they present for your organisation.