Security

 

The Internet has become a ubiquitous part of our daily live and its’ security is something which people take for granted.  As evidenced by the recent events, cyber crimes are on the rise and no one is immune.  Hackers are a huge threat to businesses and individuals worldwide.  Cyber criminals can shut down your website with a DDoS (Distributed Denial of Service) attack, rendering your IT infrastructure and resources unusable whilst simultaneously stealing your data from workstations and servers.  

In 2014, there were 42.8 million cyber attacks world wide (117,339 per day), that number was 48% higher than what was experienced in 2013.  In fact, the number of cyber attacks world wide has increased year over year by an average of 60% since 2009.  security1

The financial impact of breaches has also increased. The average reported loss from such incidents was up 34% in 2014 compared with the previous year. Furthermore, the number of companies reporting losses greater than $20 million nearly doubled. As many incidents go undetected or unreported, the true scale of the problem is even greater.

The fastest growing cyber-threats involve attacks by nation states, competitors, and organized crime, though these remain much less common. According to the findings, attacks by nation states were up 86% in 2014, with activity focusing mainly on the oil and gas, aerospace and defense, technology, and telecommunications sectors. Reports of security incidents attributed to competitors increased 64% compared with the previous year. Levels of theft by organized crime were particularly high in Malaysia, India, and Brazil.

Cyber-criminals also appear to be switching their focus to medium-size firms as large companies bolster their data security. Larger companies (those with gross annual revenues in excess of $1 billion) said they had detected 44% more incidents than last year, while medium-size companies reported a 64% increase.

At Jeremy Murtishaw, Inc., our security consulting division is skilled in understanding what it takes to secure your business from the threats of cyber criminals, rogue employee’s or contractors.  We offer a full suite of security services to support your business including:

Internet Security Testing
Any device with access to the Internet is a potential open door to would-be hackers. Our team provides vulnerability assessments during which it closely maps the network architecture, examines all open ports, hosts and services with access to the Web, and ensures that these network devices are secure. Defensive thinking gathers information such as domain names, IP network ranges, operating system and applications, to identify systems on the network, how they are related, the services that are exposed through open ports (such as http, SMTP, terminal services, etc.). Once open ports and attached services are identified, we will determine whether each service has been updated with the most recent patches and identifies other vulnerabilities located within the exposed services.
In addition to conducting vulnerability assessments, The team performs more rigorous penetration tests in which the information gathered from its assessment is used to attempt to penetrate the network. This more thorough procedure can confirm whether potential vulnerabilities are, in fact, capable of being exploited to expose the network.

Following all vulnerability assessments and penetration tests, our team leverages the information it gathered to prepare a thorough vulnerability analysis and offers recommendations for strengthening network security.

Intranet Security Testing
While outside threats must be guarded against, business must also protect against potential threats from within their own networks. Using many of the same techniques and procedures for Internet Security Testing, we provide Intranet risk assessment and analysis to protect against the potential threat posed by insiders.

Depending on the client’s needs, intranet testing can be performed under varying degrees of disclosure of network information from the client, for example with or without network accounts.

Web Application Assessment
This assessment examines what services are being offered on Web-based portals and e-commerce applications to examine potential vulnerabilities with respect to authentication, authorization, data integrity, data confidentiality, and consumer privacy concerns. Our engineers can test these applications using either zero-knowledge testing or full-access testing to examine the full range of potential vulnerabilities. Our security and developement engineers can also conduct source code audits to identify any potential vulnerability among the applications and scripts that are accessible through the Web.

Wireless Assessment
Wireless networks, while highly convenient, present additional security threats since the wireless signals are not limited by the physical boundaries of a traditional network. Our security consultants evaluate how to prevent wireless communications from being exposed to eavesdropping and access by unauthorized intruders. Additionally, we will examine the enterprise infrastructure for unencrypted or standard WEP enabled access points that may be vulnerable in order to ensure the security of the network.

Social Engineering Assessments
Social engineering involves manipulating and/or deceiving company employees and other human resources to gain unauthorized access to a network or to confidential information. We are one of the premier consulting firms in its ability to identify weak links in the security chain through security2
exploitation of human vulnerabilities.

Once individual or systemic weaknesses are identified, we will recommend procedures designed to ensure that employees do not divulge information that could compromise company assets. The social engineering assessment not only uses tactics intended to gain confidential information, but also to induce unsuspecting employees to create vulnerabilities that can subsequently be exploited to gain access to confidential information.

Physical Security Testing

Access to confidential information can often be obtained by simply gaining physical access to company premises. Our team conducts on-site surveillance to assess physical security and uses social engineering, pass key duplication, and other techniques designed to gain physical entry into secure areas and the network system or even to confidential business data.  

Forensics
In addition to preventing future attacks, we can conduct forensic analysis to evaluate past security breaches. This analysis examines log reports, compares backups to identify modifications to the network, and investigates the introduction of foreign software tools to help identify intruders, determine the extent to which the network has been compromised, and mitigate potential damages from the intrusion.

Training
At the customers request, we can provide branded and tailored security training seminars to IT professionals and all employees with access to sensitive information to better educate them about the risks of social engineering and how to prevent themselves from falling prey to ruses posed by competitors or malicious intruders. These seminars are dedicated to preventing human error from undermining an otherwise robust information security infrastructure.