In order to carry out a successful spear phishing campaign, hackers will gather as much information on their intended target as possible prior to launching the attack. This allows them to craft individual, realistic and plausible emails in order to trick victims in to clicking links or downloading malicious attachments.
Our Individual Footprint service replicates many of the techniques used by hackers to discover what information you expose online about yourself. This service provides you with a detailed report on each individual and suggestions to either be aware of the information that is leaked publicly or to take action to minimise details that you do not want exposed.
This report may reveal sensitive information on the target such as work history, past addresses, family members and friends and associates.
A corporate footprint will determine how much data an attacker can enumerate for a targeted attack against your company. This would constitute part of the reconnaissance phase of an attack and could be used to map your network or corporate structure. This assessment searches for public facing business data, employee data and external facing computer systems such as email servers or websites. This data is useful for spear-phishing, further exploitation and gaining internal network access. A corporate footprint allows you to evaluate the risks associated with public facing information and will provides suitable recommendations on reducing possible attack vectors.
This phase replicates an attempt by an attacker to gain access to your network and systems from a remote location. Without accessing your premises our consultants will build on the information discovered during the Corporate Footprint to attempt to see what vulnerabilities could be exploited by an attacker. This exercise highlights an organisations ability to defend against attacks on their internet facing systems, which can be silently exploited by an off-site attacker.
A full report highlighting weaknesses found and suggestions for improved security is supplied.
An internal security assessment consists of recreating an intrusion attempt both as an external attacker, after having breached the external security perimeter, or as a malicious intruder, such as a rogue cleaner or visitor. This includes vulnerability scanning and other on-site services such as port access control and testing for insecure WiFi.
This assessment illustrates a company’s resilience towards an internal attack from within their computer network whilst identifying and offering solutions to existing configuration and system deployment issues.
Web Application Testing
Similar to an External Test, this services will examine data processed through your online portal is dealt with securely. This service will check for known vulnerabilities and weaknesses that may put company or customer data at risk and offer suggestions for improvement to help protect your and your customers’ data.
Table Top Exercises
How well would your organisation deal with an ongoing attack? This scenario based exercise will walk your technical and business teams to test your response to an ongoing attack. Who would you contact first? Which members of the team would deal with press statements? Are the actions you plan to take the best way forward?
Our team of hackers are available to help raise awareness with all staff from Directors to new Employees on the threats that they face on a daily basis. The sessions will include live demonstrations of the techniques used by hackers to steal information and install malware on systems.
These sessions have proved popular in the past thanks to the simple and straight forward advice given to help protect users and your business systems.
Security Policy Review
Are your organisations security policies up to date and robust? This service will review your current security polices and offer the latest advice on best practice to help protect your network and users from attack. The service can look at all aspects of your current policies, from acceptable use of social media to password policies and offer suggestions to improve what is currently in place.
Users can supply us with a list of keywords and an email address and the software will constantly monitor various places on the internet to see where and when these words appear. The service will then email users on a daily basis to highlight links that their keywords have appeared and also let them know if it looks like their account has been compromised. If it has an email alert will be sent to let the user know that they should change their password as soon as possible.
This will help give users an early warning that an attacker may have access to one or more of their online accounts and allow preventative measures to put in place, hopefully before any data is compromised.
This low cost service gives users peace of mind that their accounts are being actively monitored to help them protect their accounts online.