cyber security · 2019-05-22 · network and security solutions connected services gain access to...
TRANSCRIPT
Cyber Security The Business ChallengeWith the ever changing threat landscape and the rapid developments and advancement in technology, maintaining a strong cyber security strategy is critical for every business. Achieving a balance between dynamic, responsive, accessible systems and a secure, locked down and managed environment is a continual challenge.
While the shift from server to service-based infrastructure is transforming how we deliver business operations, it has also generated new security concerns which must be mitigated. Organisations must protect an increasingly mobile and often global workforce, cloud-based applications, distributed data and a plethora of managed and unmanaged devices.
Organisations rarely stand still. Instead they continually evolve, often establishing new territories as they expand. Whether it be the increasing number of network entry points requiring protection, or the servers and infrastructure that host vital workloads and critical data, signature-based threat prevention tools need to be constantly updated to remain secure.
Unfortunately there isn’t a solution that meets all of these challenges. Instead IT must engage stakeholders from all parts of the business and combine people, process and policy with technology controls to deliver effective security.
Policy and Best Practice
Ensuring that security policies are aligned to corporate
governance and complicit with government legislation is a constant challenge that all
organisations must consider. It is a requirement of every business to apply security policies against the huge
amount of data that is being created, sent, stored and
archived on a daily basis. A lack of understanding of the
businesses risks or line of business operations can often result in misaligned security
policies.
Threat Management
As cyber criminals develop ever more sophisticated
threats and tactics, organisations have an
obligation to secure their critical data and protect their
employees wherever they reside. This involves deploying threat prevention technology
both within data centre, private or public cloud platforms and on mobile devices. Signature
based technology that can only prevent against known threats
is not enough and will not protect against modern "Zero
Day" malware threats.
Vulnerability Management
With the growth and complexity of business applications,
systems and infrastructure, identifying and remediating
against vulnerabilities can be challenging. This is usually met
through a combination of manual processes, outdated
methods and an array of products - often from various
vendors - that do not necessarily provide the information needed
to maintain a secure environment. Without a
comprehensive approach to vulnerability management,
systems will remain insecure and vulnerable.
Centralised Visibility
Without the ability to have an instant snapshot of your
company’s security position, organisations are blind to the
risks that they are facing from outside threats. Only when
these have been identified, can remedial action be undertaken to address issues and improve the security posture of your
business. Alongside non-compliance, the lack of
visibility and understanding of the bigger picture, causes
existing security to be exposed to cyber attack.
An Average Day in anEnterprise Organisation
Every 81 SecondsKnown malwareis downloaded
Every 4 SecondsUnknown malware
is downloaded
Every 52 SecondsA bot communicates with its command and control centre
Every 4 MinutesA high-risk
application is used
Every 30 SecondsA zero day malware
event occurs
Every 5 SecondsA host accesses amalicious website
Every 32 MinutesSensitive data is sent
outside the organisation
Source:
Check Point Software
Technologies
The GDPR regulation comes into force on May 25th 2018 but what exactly is it and how will it affect you and your business?As the world is becoming increasingly data driven the regulations bought into place in 1995 are becoming outdated and no longer serve to protect the data of EU Citizens. The EU also wants to give its citizens more control over how their personal data is being used. The introduction of GDPR will allow business’ to have a clearer understanding of the legal environment that they have to operate, thus making the law of data protection identical across the EU.
GDPR
But Britain is leaving the EU so I don’t need to worry about this?Wrong, GDPR applies to all EU based companies and all those that collect data of EU Citizens.The UK government has already announced that even after Brexit, the UK will have an identical law put in place which all UK based businesses will need to adhere to.What are the consequences of not adhering to GDPR?
Any company found in breach of GDPR can be fined up to 4% of global annual turnover or €20 Million (whichever is greater). With penalties like that, businesses can not afford to skirt around the issue.
So what does my business need to do?
There are many questions that you need to sit down and answer to get an understanding of
where you are currently against the regulations and where you need to be to avoid being fined.
1. What personal data (PII) do you hold and how does the business process it? You need to look across the whole business from HR, to security to Marketing as this also includes employee data as well as customers and those you market to.
2. Would you be able to identify a breach and have evaluated the impact if one occurred?
3. Have you taken the necessary steps to avoid a breach?
4. Are you able to provide an individual the right to be forgotten and the proof that they need to show that this has happened?
5. Have you factored in data protection to any new technology you are developing or any new third party systems you may use?
6. Are you in a position to prove that an individual has given consent? Do you have the audit trail to show their content?
GDPR put the responsibility and accountability for data protection firmly in businesses hands and should not beignored.
Cyber Security AssessmentAltiatech’s Cyber Security Assessment offers an independent security review that will identify gaps and provide recommendations around areas in which your organisation may be vulnerable to cyber security threats. The engagement looks at all aspects of your security infrastructure and policy, providing advice against industry best practice and accreditations. Our on-site analysis tool provides insight into threats that exist within your organisation, and highlight risks where it is found that current security controls are not enforcing policies that may impact or present significant risk to regulatory compliance. The results will be documented and presented back in a report that delivers a management summary, alongside a deep dive into the risks and issues found, with guidance and recommendations around your security environment.
Threat Analysis Assessment
Our threat analysis tool will give instant visibility of risks to
your network including zero day malware infections, botnet
traffic, unauthorised applications and sensitive data
leakages. The findings are presented back alongside
recommendations on how to plug any gaps found in your
current security infrastructure.
Vulnerability Assessment
This CREST accredited vulnerability assessment will
provide a penetration test against the external facing
components of your network infrastructure Simulating an attack on your applications, systems, people or facilities,
we will work with you to identify weak points in your defences and streamline the
remediation process.
Infrastructure Review
We will work with your team to baseline your infrastructure
and document our findings against industry best practice such as Government 10 Steps to Security, SANS and Cyber Essentials. We will give you a
gap analysis of your infrastructure to obtain Cyber
Essentials certification (Certification is an additional
option)
Key Outcomes
Cyber Essentials CertificationWe will work with your organisation to obtain Cyber Essentials certification if desired, in order to demonstrate a level of security control
Security VisibilityGain insight into what’s actually happening in your network and identify and understand the threats your organisation is exposed to
Policy and Best PracticeWe will work with your organisation to obtain Cyber Essentials certification if desired, in order to demonstrate a level of security control
Vulnerability AwarenessTest the security of your perimeter networks and understand the risk of threats that are coming from outside your organisation
CONTACT USAddress : 152-160 Kemp House, City Road, LondonPhone : +44 (0)33 033 25842Email : [email protected] : www.altia.tech
About AltiatechAltiatech has a proven record of accomplishment in the supply of enterprise security solutions throughout many diverse and highly complex corporate environments. Focused across two main areas, our Assurance and Compliance business helps identify the threats to your organisation and prioritise your risk treatment, as well as comply with standards such as ISO 27001, General Data Protection Regulation (GDPR) and PCI DSS. Our technology team is able to help you with the design, implementation and support of networking technologies and security controls.
• Strategic risk-based advice aligned to business objectives• End-to-end capability embracing all aspects of people,
process and technology• Extensive industry experience with skill-sets across
multiple vendor technologies
• Full design, support and managed services• Top accreditations with leading technology vendors• Identify how attackers can exploit weaknesses that may exist
in your operating systems, applications or services with our penetration test.
Certified Experts
Delivered by qualified consultants from our Assurance and Security practice, specialising in delivering cyber security engagements.
Vision and Leadership
Our architects and consultants are able to support strategic business imperatives and become a trusted technology advisor.
Hybrid Experience
Altiatech are experts in designing, developing, implementing and managing multi-vendor network and security solutions
Connected Services
Gain access to the Altiatech ecosystem, linking in associated strategic and tactical engagements including network, security and beyond.
About Cyber EssentialsThe Cyber Essentials scheme is a government backed cyber security standard, which organisations can be assessed and certified against. It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.
Whilst providing a basic but essential level of protection, the scheme enables organisations that believe they are practicing robust cyber security, to benefit by making this a unique selling point thereby enabling business. Upon certification, they can then demonstrate to their customers that their data is adequately protected and that they take cyber security seriously. The Scheme focuses on Internet-originated attacks against an organisation’s IT system. Many organisations will have particular additional services, e.g. web applications that will require additional and specific controls beyond those provided by Cyber Essentials. Cyber Essentials requires your organisation to have five technical controls in place:
Boundary Firewalls - to prevent unauthorised access
Secure Configuration - setting up systems securely
User Access Control - restricting access to users
Malware Protection - i.e. using anti-virus software
Patch Management - i.e. updating software
Assurance and ComplianceConsultancy, Audits, Training,Certifications, Risk Assessmentsand eLearning
Strategy & PlanningStrategic Advisory Services,Tactical Packaged Services,Architectural Services
Supply & LogisticsProduct Selection & Fulfilment,Logistics, Configuration, IMAC,Maintenance & EOL Services
Implement and OptimiseModern Workspace andModern Data Centre
Managed Services24x7 Monitoring & Management,Service Desks and Remote Telephone Support
CONTACT USAddress : 152-160 Kemp House, City Road, LondonPhone : +44 (0)33 033 25842Email : [email protected]
Website : www.altiatech.com