Cyber Essentials Logo

Cyber Security

As much as today’s always-connected, highly-mobile, data-intensive world is a boon for business, it is also a fertile breeding ground for cyber-criminals. Techniques such as malware attachments, drive-by downloads, distributed denial-of-service (DDoS) attacks, ransomware, keyloggers and screen grabbers, along with social engineering tactics such as phishing are increasingly commonplace.

The explosion of mobile devices, cloud apps and virtualised servers have compounded the threat by expanding the attack surfaces open to potential attackers. The fast growth of IoT (Internet of Things) devices is expanding the threat landscape as it creates networks of interconnected data collection and processing devices that often lack adequate security, and are therefore ripe for exploitation by attackers.

Cyber Attack Growth In The Past Year

 Cairn Solutions has adopted a six stage approach to dealing with Cyber Security:

  1. PREPARATION - Review existing security infrastructure
  2. IDENTIFICATION - Timely detection of security incidents
  3. CONTAINMENT - Immediate action, using documented processes and procedures
  4. ERADICATION - Evaluation of systems to ensure the security incident is fully remediated
  5. RECOVERY - Restoration of data and network availability, as well as confidentiality and ongoing integrity
  6. LESSONS LEARNED - Assessment of the events and processes that have taken place

 As you will see from stage one, reviewing your existing security infrastructure is your first step to ensuring that you are covered. This stage allows you to approach any vulnerabilities in a way that best fits your business.

 As part of your Cyber Security awareness Cairn Solutions can offer you two tiers of audit, The entry level tier one audit or the all inclusive tier two audits. The audit contents are explained below:

Tier 1 Audit

The entry level tier is an ideal starting point which finds out how secure your business is to external attack.

  • Targeted attack via the Internet
  • Written report with recommendations

Tier 2 Audit

This tier takes the Tier 1 audit to the next level and targets the major security issues most businesses will face. The most common are listed below:

  • Targeted attack via the Internet
  • Virtual access levels to data and information
  • Physical access levels to data and information
  • Current status of your software for security updates and hotfixes
  • How strong are your defences against viruses, spam, phishing and the like
  • How vulnerable are you to whaling. This one directly targets your C-level corporate executives

Tier 3 Audit

The tier 3 audit includes everything in the Tier 1 and Tier 2 audits, but takes into account your complete IT infrastructure. Some of the additional checks are listed below:

  • Ensure that you meet the Microsoft best practices in your local and group policy configuration
  • Carry out a comprehensive internal scan checking for vulnerabilities in your systems
  • Analyse the configuration of computers and user accounts
  • Check all service and event logs for suspicious activity
  • Liase with stakeholders and executives to review findings

For more information please feel free to contact us