As we move forward in 2017 our experts are anticipating a further rise in targeted attacks against businesses. Ransomware attacks will continue to rise and seems to be one of the main ‘buzz words’ in the industry currently. Ransomware is a piece of malicious malware that can encrypt your organisations’ data and is dangerous especially if senior executives’ files get encrypted. Learn more by reading our experts blog on ransomware.
SureCloud will officially launch its Simulated Ransomware Service in January 2017
Our Simulated Ransomware Service mimics real threats to organisations, enabling IT Professionals to detect and protect their organisation from real threats. The purpose is to test the organisations’ responsiveness to an attack and to see if users can be exploited.
Benefits
- Receive a detailed Report of the findings from our experts – this report is delivered via the SureCloud Platform, making it easier for you to swiftly act on that information
- Identify where current controls are ineffective at preventing and/or detecting an attack, whether those be procedural or technical
- See what could be encrypted should a real attack occur and deploy more restrictive permissions to stop the spread in a real attack
- Test, identify and ensure that the incident response processes are effective and where areas of improvement are required
- Overall, your organisation will be far better prepared to detect, stop and react to ransomware attacks – without waiting to be held to ransom
Organisations must start to mimic real attacks and move away for reactive procedures. Reduce risks now and protect your business. Speak to our Security Practice Director, Luke Potter or contact us here.
Simulated Phishing Attacks
Phishing and other targeted attacks will also increase in 2017. Phishing is key target attack vector through which organisation are regularly compromised. Our Cybersecurity experts has reported a large take-up of SureCloud Simulated Phishing Attack Services. This is a carefully planned and executed attack, designed to achieve the maximum ‘hit’ rate and simulate a real targeted attack against the organisation and its employees.
Why should organisations mimic real attacks?
The purpose of simulated attacks is to help raise awareness throughout the organisation and to help its staff spot a genuine attack. Risk Practitioners, Security Managers and IT Professionals will then be able to understand if its security controls are robust and have visibility of how likely it is for their organisation to become compromised via a targeted attack. Organisations will also be able to identify where current controls are ineffective at preventing and/or detecting an attack and have more visibility on what could be encrypted from various access points should a real attack occur. Conducting simulated attacks will also enable the organisation to deploy more restrictive permissions, raise user awareness and then provide training to help early detection and stop the spread in the event of a real attack.
Prevention is more effective than remediation
There a number of measures businesses can take to reduce the likelihood of attacks such as ransomware making its way onto the corporate network.
Security Controls – this is a critical part of an organisations defences. These should include email filtering, web filtering and a corporate anti-virus solution that includes ransomware detection capabilities.
Have robust back-up in place – regularly back up files and data to an offline location (such as tape) that can’t be touched by for example ransomware. This will allow organisations to be better positioned to mitigate the impact of a ransomware attack.
Staff education and training – this is absolutely critical within organisations of all sizes to ensure that knowledge of attacks are shared. Employees can be educated to watch out for the tell-tale signs and flags of a potential ransomware infection, whatever the delivery mechanism. This can be aided massively by a simulated and targeted attack against your organisation.
Never pay the ransom – under absolutely no circumstances should the ransom be paid. If you pay the ransom you will open up yourself and the organisation to becoming a key target for wider attacks, and there is absolutely no guarantee that your files will actually be decrypted. After all, would you rely on a criminal’s promise?
Desktop applications – these are often overlooked by organisations and represent a major and key attack vector. This will only continue into 2017. Listen to our Chris Cooper (Security Team Leader) on demand who discussed this risk in greater detail. Click here to access the webcast.
Cybersecurity Services
We have an CESG CHECK and CREST accredited test team who are industry experts in all areas of security testing. A few of our services are listed below:
- CESG CHECK approved IT Health Checks (ITHCs)
- Cyber Essentials and Cyber Essentials PLUS
- Web Application Testing (including code reviews)
- Application Programming Interface (API) and Mobile Application Penetration Testing
- Perimeter Network Penetration Testing
- Internal Network Penetration Testing
- Wireless Network Testing
- Workstation and Server Build Testing
- VoIP Testing
- Radio Frequency (RF) Testing
- Social Engineering (in person, by phone, or via email
- Physical Security Assessments
- Ransomware Attack Simulation
- Staff Training
About Surecloud
SureCloud is a provider of Gartner recognised GRC software and CREST accredited Cyber Security & Risk Advisory services. Whether buying products or services your organisation would benefit from automated workflows and insight from the award-winning SureCloud platform. All of SureCloud’s service offerings are fully compatible with the GRC suite of products enabling seamless integration of information, taking your risk programmes to the next level.