IT Security Assessments
Organizations are, in general, becoming increasingly dependent on information technology infrastructures to the point where day to day operations would come to a screeching halt without these systems. This appears to be particularly true for corporations, where the ability to communicate and access information is critical.
Therefore, it is critical to secure information to ensure its Confidentiality, Integrity, and Availability. Today, there are many solutions that address specific security risks; however, without a well-designed security policy, security organization, and appropriate training, no organization can be secure against increasingly-sophisticated adversaries.
There are no silver bullets when it comes to IT Security—only the best practices. New attack vectors are constantly developing and becoming more sophisticated each day.
The Internet has enabled criminals to launch attacks against organizations to steal critical data from thousands of miles away with practically no risk of prosecution. There are organized criminals who work meticulously to steal your critical data for purposes of either blackmail or sale of the obtained data on the black market.
Our methodology for IT Security Assessments is a combination of industry best practices, along with the experience the assessment team possesses in conducting numerous IT Security-related investigations, as well as the lessons we learned from those events. In addition, having managed and secured large-scale IT infrastructures themselves, members of our assessment team understand the difficulties and challenges faced by the IT staff and can tell the difference between what is on paper and what is in reality.
As a result, our recommendations reflect this philosophy of practical solutions. Because our objective is to get a true assessment of the cybersecurity posture of an organization, as opposed to satisfying certain regulatory requirements, we go beyond what was put on paper, and look into real-life practices with a healthy dose of common sense.
Cyber Diligence, Inc. offers three levels of IT Security Assessments:
- Complete a basic assessment of the organization’s IT Security Posture
- Perform a basic risk assessment
- Check to see if proper Policies and Procedures are in place such as Disaster Recovery, etc.
Perhaps the most serious threat to an organization’s crown jewels originates from within. We separate internal threats into two categories: a) professional spies, and b) employees who became rogue at some point. Investigation of authorized users’ unauthorized activity requires special tools and techniques. We have successfully investigated all forms of insider threats regardless of the sophistication of the adversary. When people in the industry speak about APTs, they neglect to mention the possibility of APTs infiltrating organizations not via cyber-attacks, but by placing professional spies as employees. This is an ever-present danger and, on several occasions, our investigations have revealed that we were not simply dealing with employee misconduct, but with a calculated set of actions taken by an extremely skilled perpetrator.
We have successfully caught professional spies, as well as exonerated wrongfully accused employees. We have uncovered an employee working at a research and development section of a company launching attacks from his workstation on other researchers’ workstations to gain access to their programs and models. We have witnessed an employee installing ‘key loggers’ on other employees’ workstations. This broad range of situations has made us experienced, skilled, and well-equipped to deal with any form of internal threat regardless of the sophistication of the adversary.
The typical internal threat, however, is the employee’s desire to gain a competitive advantage on the marketplace or to attain more favorable employment. The theft of intellectual property is a mission that can easily be completed, often by copying someone else’s idea or product, or by stealing a company’s crown jewels. Organizations are generally ill-equipped to detect unauthorized activity by an authorized user. The vast majority of internal misconduct simply goes undetected. Those cases that are detected are generally identified either accidentally, or when it is too late. An employee may have a planned course of action to steal data over a long period of time or, more commonly, to begin copying sensitive data near their date of departure from the firm. Theft of intellectual property can reap terrible consequences for an organization, especially if the data reaches a competitor. Our investigators have consistently uncovered evidence of theft of intellectual property and trade secrets where the perpetrator(s) used advanced tools to conceal their actions.
Organizations face high-technology threats on a daily basis. There are common attack vectors used in these types of attacks from external threats: phishing attacks involve cloned websites designed [by data thieves] to extract confidential information from employees, social engineering tactics are designed to manipulate employees into disclosing private data, and employee smart phones, used as doors to your network, can be utilized to compromise critical systems. Oftentimes, firms may be faced with a rather formidable adversary carrying out these attacks. These threats can range from “script kiddies” to organized criminal groups and Advanced Persistent Threats (APTs).
We at Delta Strategic Solutions were combatting APTs far before the term ‘APT’ was created. At the time, we called them “sophisticated adversaries” and our founder Mr. Demirkaya has lectured and published on the subject as early as 2001, warning industry professionals on the growing trend of organized and government-backed adversaries. We have responded to many intrusions wherein we were able to quickly identify that an APT was behind the attack. The intention of an APT attack is to steal sensitive data rather than cause damage to the network or organization. Usually, APT attacks target organizations with a high volume of sensitive data, such as those in the national defense, manufacturing and financial industries. These attacks are carried out not by lone individuals, but by government entities, criminal organizations, and even terrorist groups; these groups have powerful incentives to infiltrate key business networks.
The Delta Strategic Solutions incident response team is quick to deploy our tools and vast knowledgebase to provide an overwhelming reaction to combat these threats. What makes APTs formidable is not necessarily the sophistication of their attack tactics but rather their persistence. If they are discovered and thrown out of the network, they will not give up. They will come back. Unlike other incident response firms, we do not simply disengage after the threat is eradicated. Once we uncover what happened and how it happened, we will deploy countermeasures to ensure that it will not happen again. We have the knowledge and technical knowhow to make a computer practically impenetrable. Such drastic measures are often not needed; however, if necessary, we can secure a network to such an extent that no APT will be able to successfully gain access to it.