Cyber Security The Business ChallengeWith the ever changing threat landscape and the rapid developments and advancement in technology, maintaining a strong cyber security strategy is critical for every business. Achieving a balance between dynamic, responsive, accessible systems and a secure, locked down and managed environment is a continual challenge.

While the shift from server to service-based infrastructure is transforming how we deliver business operations, it has also generated new security concerns which must be mitigated. Organisations must protect an increasingly mobile and often global workforce, cloud-based applications, distributed data and a plethora of managed and unmanaged devices.

Organisations rarely stand still. Instead they continually evolve, often establishing new territories as they expand. Whether it be the increasing number of network entry points requiring protection, or the servers and infrastructure that host vital workloads and critical data, signature-based threat prevention tools need to be constantly updated to remain secure.

Unfortunately there isn’t a solution that meets all of these challenges. Instead IT must engage stakeholders from all parts of the business and combine people, process and policy with technology controls to deliver effective security.

Policy and Best Practice

Ensuring that security policies are aligned to corporate

governance and complicit with government legislation is a constant challenge that all

organisations must consider. It is a requirement of every business to apply security policies against the huge

amount of data that is being created, sent, stored and

archived on a daily basis. A lack of understanding of the

businesses risks or line of business operations can often result in misaligned security

policies.

Threat Management

As cyber criminals develop ever more sophisticated

threats and tactics, organisations have an

obligation to secure their critical data and protect their

employees wherever they reside. This involves deploying threat prevention technology

both within data centre, private or public cloud platforms and on mobile devices. Signature

based technology that can only prevent against known threats

is not enough and will not protect against modern "Zero

Day" malware threats.

Vulnerability Management

With the growth and complexity of business applications,

systems and infrastructure, identifying and remediating

against vulnerabilities can be challenging. This is usually met

through a combination of manual processes, outdated

methods and an array of products - often from various

vendors - that do not necessarily provide the information needed

to maintain a secure environment. Without a

comprehensive approach to vulnerability management,

systems will remain insecure and vulnerable.

Centralised Visibility

Without the ability to have an instant snapshot of your

company’s security position, organisations are blind to the

risks that they are facing from outside threats. Only when

these have been identified, can remedial action be undertaken to address issues and improve the security posture of your

business. Alongside non-compliance, the lack of

visibility and understanding of the bigger picture, causes

existing security to be exposed to cyber attack.

An Average Day in anEnterprise Organisation

Every 81 SecondsKnown malwareis downloaded

Every 4 SecondsUnknown malware

is downloaded

Every 52 SecondsA bot communicates with its command and control centre

Every 4 MinutesA high-risk

application is used

Every 30 SecondsA zero day malware

event occurs

Every 5 SecondsA host accesses amalicious website

Every 32 MinutesSensitive data is sent

outside the organisation

Source:

Check Point Software

Technologies

The GDPR regulation comes into force on May 25th 2018 but what exactly is it and how will it affect you and your business?As the world is becoming increasingly data driven the regulations bought into place in 1995 are becoming outdated and no longer serve to protect the data of EU Citizens. The EU also wants to give its citizens more control over how their personal data is being used. The introduction of GDPR will allow business’ to have a clearer understanding of the legal environment that they have to operate, thus making the law of data protection identical across the EU.

GDPR

But Britain is leaving the EU so I don’t need to worry about this?Wrong, GDPR applies to all EU based companies and all those that collect data of EU Citizens.The UK government has already announced that even after Brexit, the UK will have an identical law put in place which all UK based businesses will need to adhere to.What are the consequences of not adhering to GDPR?

Any company found in breach of GDPR can be fined up to 4% of global annual turnover or €20 Million (whichever is greater). With penalties like that, businesses can not afford to skirt around the issue.

So what does my business need to do?

There are many questions that you need to sit down and answer to get an understanding of

where you are currently against the regulations and where you need to be to avoid being fined.

1. What personal data (PII) do you hold and how does the business process it? You need to look across the whole business from HR, to security to Marketing as this also includes employee data as well as customers and those you market to.

2. Would you be able to identify a breach and have evaluated the impact if one occurred?

3. Have you taken the necessary steps to avoid a breach?

4. Are you able to provide an individual the right to be forgotten and the proof that they need to show that this has happened?

5. Have you factored in data protection to any new technology you are developing or any new third party systems you may use?

6. Are you in a position to prove that an individual has given consent? Do you have the audit trail to show their content?

GDPR put the responsibility and accountability for data protection firmly in businesses hands and should not beignored.

Cyber Security AssessmentAltiatech’s Cyber Security Assessment offers an independent security review that will identify gaps and provide recommendations around areas in which your organisation may be vulnerable to cyber security threats. The engagement looks at all aspects of your security infrastructure and policy, providing advice against industry best practice and accreditations. Our on-site analysis tool provides insight into threats that exist within your organisation, and highlight risks where it is found that current security controls are not enforcing policies that may impact or present significant risk to regulatory compliance. The results will be documented and presented back in a report that delivers a management summary, alongside a deep dive into the risks and issues found, with guidance and recommendations around your security environment.

Threat Analysis Assessment

Our threat analysis tool will give instant visibility of risks to

your network including zero day malware infections, botnet

traffic, unauthorised applications and sensitive data

leakages. The findings are presented back alongside

recommendations on how to plug any gaps found in your

current security infrastructure.

Vulnerability Assessment

This CREST accredited vulnerability assessment will

provide a penetration test against the external facing

components of your network infrastructure Simulating an attack on your applications, systems, people or facilities,

we will work with you to identify weak points in your defences and streamline the

remediation process.

Infrastructure Review

We will work with your team to baseline your infrastructure

and document our findings against industry best practice such as Government 10 Steps to Security, SANS and Cyber Essentials. We will give you a

gap analysis of your infrastructure to obtain Cyber

Essentials certification (Certification is an additional

option)

Key Outcomes

Cyber Essentials CertificationWe will work with your organisation to obtain Cyber Essentials certification if desired, in order to demonstrate a level of security control

Security VisibilityGain insight into what’s actually happening in your network and identify and understand the threats your organisation is exposed to

Policy and Best PracticeWe will work with your organisation to obtain Cyber Essentials certification if desired, in order to demonstrate a level of security control

Vulnerability AwarenessTest the security of your perimeter networks and understand the risk of threats that are coming from outside your organisation

CONTACT USAddress : 152-160 Kemp House, City Road, LondonPhone : +44 (0)33 033 25842Email : innovate@altia.techWebsite : www.altia.tech

About AltiatechAltiatech has a proven record of accomplishment in the supply of enterprise security solutions throughout many diverse and highly complex corporate environments. Focused across two main areas, our Assurance and Compliance business helps identify the threats to your organisation and prioritise your risk treatment, as well as comply with standards such as ISO 27001, General Data Protection Regulation (GDPR) and PCI DSS. Our technology team is able to help you with the design, implementation and support of networking technologies and security controls.

• Strategic risk-based advice aligned to business objectives• End-to-end capability embracing all aspects of people,

process and technology• Extensive industry experience with skill-sets across

multiple vendor technologies

• Full design, support and managed services• Top accreditations with leading technology vendors• Identify how attackers can exploit weaknesses that may exist

in your operating systems, applications or services with our penetration test.

Certified Experts

Delivered by qualified consultants from our Assurance and Security practice, specialising in delivering cyber security engagements.

Vision and Leadership

Our architects and consultants are able to support strategic business imperatives and become a trusted technology advisor.

Hybrid Experience

Altiatech are experts in designing, developing, implementing and managing multi-vendor network and security solutions

Connected Services

Gain access to the Altiatech ecosystem, linking in associated strategic and tactical engagements including network, security and beyond.

About Cyber EssentialsThe Cyber Essentials scheme is a government backed cyber security standard, which organisations can be assessed and certified against. It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.

Whilst providing a basic but essential level of protection, the scheme enables organisations that believe they are practicing robust cyber security, to benefit by making this a unique selling point thereby enabling business. Upon certification, they can then demonstrate to their customers that their data is adequately protected and that they take cyber security seriously. The Scheme focuses on Internet-originated attacks against an organisation’s IT system. Many organisations will have particular additional services, e.g. web applications that will require additional and specific controls beyond those provided by Cyber Essentials. Cyber Essentials requires your organisation to have five technical controls in place:

Boundary Firewalls - to prevent unauthorised access

Secure Configuration - setting up systems securely

User Access Control - restricting access to users

Malware Protection - i.e. using anti-virus software

Patch Management - i.e. updating software

Assurance and ComplianceConsultancy, Audits, Training,Certifications, Risk Assessmentsand eLearning

Strategy & PlanningStrategic Advisory Services,Tactical Packaged Services,Architectural Services

Supply & LogisticsProduct Selection & Fulfilment,Logistics, Configuration, IMAC,Maintenance & EOL Services

Implement and OptimiseModern Workspace andModern Data Centre

Managed Services24x7 Monitoring & Management,Service Desks and Remote Telephone Support

CONTACT USAddress : 152-160 Kemp House, City Road, LondonPhone : +44 (0)33 033 25842Email : innovate@altiatech.com

Website : www.altiatech.com