Information and cyber security assessments are services that entails risk-based approaches against systems, to determine if there are any exploitable vulnerabilities which can be used to harm the organisation, its information assets, or its reputation. These assessments help identify threats and vulnerabilities that could affect the confidentiality, availability, and integrity of information assets registered to the organisation.
The outcome of these assessments gives the organisation a holistic view of its current information security posture, and the overall resilience of defence mechanism employed to protect the organisation and its information assets.
A penetration test is an authorised, simulated attack on a computer system, performed to evaluate the security of the system.
The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal. A penetration test target may be a white box (about which background and system information are provided in advance to the tester) or a black box (about which only basic information—if any—other than the company name is provided). A grey box penetration test is a combination of the two (where limited knowledge of the target is shared with the auditor). A penetration test can help identify a system's vulnerabilities to attack (and estimate how vulnerable it is).
This refers to the process of identifying risks and vulnerabilities in computer networks, systems, hardware, applications, and other parts of the IT ecosystem. Vulnerability assessments provide security teams and other stakeholders with the information they need to analyse and prioritise risks for potential remediation in the proper context. Vulnerability assessments are a critical component of the vulnerability management and IT risk management life cycles, helping protect systems and data from unauthorized access and data breaches. Vulnerability assessments typically leverage tools like vulnerability scanners to identify threats and flaws within an organisation's IT infrastructure that represents potential vulnerabilities or risk exposures..
In the face of the COVID-19 pandemic, most companies adopted a "working from home" policy. This had an adverse effect on companies, changing the way we work and operate, and introducing new Information Security Risks. During these trying times, perpetrators have made it clear that they are not resting, and they are not backing down! In fact, we have seen a substantial increase in these types of attacks over the last couple of months.
With "working from home" policies becoming the new norm, it now poses significant security risks, mainly due to companies and ICT teams having to rush, to put in place applications and services that enable remote work as well as more insecure connections.
It is a well-known fact that home networks, and more specifically home Wi-Fi networks are far less secure than corporate networks, which in itself poses another significant risk to business.
Technical Controls and Security Assessment focus areas include, but are not limited to the following:
• Identification of Rogue Wi-Fi Access Points.
• Default Credentials (Router Based Access and Wi-Fi Passkey)
• Unencrypted Wi-Fi Networks
• Legacy / Weak Encryption
• Outdated Firmware Version
• Network Segmentation
• DHCP Functionality Check
• Wi-Fi Passkey Strength Test
• Residential Wi-Fi Vulnerability Assessment
For more information, please refer to our associated partner company DYNAMDRE specialising in Cyber Forensics.