digital risk

How robust is your cyber security framework?

Christos Makedonas Christos Makedonas

Sophisticated cyber attacks pose a serious threat for organisations today. Many businesses, have had their data compromised due to insecure systems and a lack of safeguards. Data breaches can have serious financial and legal implications, as well as lasting reputational damage.

Most modern business models are built around online processes and electronic communications. While this streamlines operations and improves business agility, it also creates a series of cyber vulnerabilities. If exploited, these vulnerabilities can lead to data breaches and significant business disruption.

What are the implications?

Data breaches can leak commercially sensitive information and staff or customer details. This can lead to customer distress, loss of assets, long term reputational damage, and regulatory fines or censure. Business disruption can grind your business to a halt leading to reputational damage and lost opportunities.

What are the key considerations?

Cyber threats refer to a potential malicious attempt to damage or disrupt a business computer network or system. They evolve on a daily basis and organisations need to continually re-assess the risks and associated controls. Businesses should continuously assess their exposure to both internal and external attacks, weighing them up against client information, networks and current systems. An effective cyber security framework should incorporate preventative, detective and corrective solutions. To test the robustness of the cyber security defences, organisations should undertake regular vulnerability assessments and penetration tests:

  • Vulnerability assessments explore and identify weaknesses in cyber security controls. Identification is the first step in mitigating risk and creating a secure network. They can also help to validate the design of cyber security controls.
  • Penetration tests form the next step in reviewing the robustness of cyber security defences. These tests exploit the identified vulnerabilities, with the aim of breaching an organisation’s security perimeter – thus testing how effectively security controls are operating.

What is a penetration test?

A penetration test essentially aims to gain unauthorised access to a network. It mimics what a person with a malicious motive would attempt to achieve. It applies a range of techniques, including social engineering, to breach an organisation’s security perimeter.

Approaches to penetration testing

Technology is not infallible and nor are people. An effective penetration test should assess network vulnerabilities from both the cyber standpoint and the human element. It should mirror different types of attack, based on the amount of information an attacker might have or their preferred technology.

image00ubs.png

How we can help

Our penetration tests assess how robust a cyber security system is in practice. They simulate common methods used by attackers, taking into account both the technical and human elements which make up the full security perimeter. We help organisations understand the full range of vulnerabilities and implement improved controls to mitigate those risks.

At Grant Thornton, our cyber security experts can develop a bespoke penetration testing plan to meet your business needs and unique IT environment. We can undertake the full suite of testing or conduct individual assessments, as required. Our experts can test for vulnerabilities around particular areas of concern, or help identify unforeseen issues across the network.

Our subject matter experts have significant experience in IT and cyber security, working with clients across all industries. The team can assist in the following areas:

  • cyber security governance and strategy
  • cyber security architecture
  • firewall configuration and management reviews
  • firewall rule-set reviews
  • audits of security controls
  • information security management reviews
  • physical security reviews
  • PCI-DSS reviews and audits
  • training and awareness sessions for staff and senior management (eLearnings & classroom trainings)

Sophisticated cyber attacks pose a serious threat for organisations today. Many businesses, have had their data compromised due to insecure systems and a lack of safeguards. Data breaches can have serious financial and legal implications, as well as lasting reputational damage.