The Weakest Link

“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted; none of these measures address the weakest link in the security chain.”

- Kevin Mitnick, “The World’s Most Famous Hacker”

At a federal level, cyber safety is deterimental to the national and economic safety of the United States. From an organizational level, cyber threats can bring a business to its knees. Every time an employee connects to the Internet, they take risks that affect your company's cyber security. Though employee actions cannot be blamed for every cyber security threat, the Center for Internet Security (CIS) reports that the utilization of phishing, as a means to carry out data breaches, accounted for 64% of all identified data breaches thus far in 2017. KG Hawes can pre assess the cyber security strength of your company and implement social engineering awareness that can greatly decrease the threats facing your business. However...

Cyber security measures don't begin and end with employee awareness. As technology advances, a growing business' infrastructure becomes more complex offering increased vulnerabilities for cyber criminals to exploit. These vulnerabilities can result from a company's hardware and software applications, third-party vendors, external/internal LAN connections, poorly configured firewalls, and outdated certificates to name just a few.

In 2014 five high-profile Fortune 500 companies (JP Morgan Chase, Walmart, Home Depot, Target and Neiman Marcus) suffered serious data breaches of consumer information. JP Morgan Chase's breach alone compromised the accounts of 76 million households and seven million small businesses.

According to a New York Times article, "The hackers appeared to have obtained a list of the applications and programs that run on JPMorgan’s computers — a road map of sorts — which they could crosscheck with known vulnerabilities in each program and web application, in search of an entry point back into the bank’s systems..."

Fast forward to 2017 and the TYPE of threats to a business' cyber security have not only increased exponentially, they have become more insidious.

In 2016, the US Department of Justice reported that ransomware was the fastest growing cyber security threat. Government statistics state that more than 4,000 ransomware attacks have occurred daily since January 1, 2016 - A 300% increase over the approximately 1,000 attacks per day seen in 2015.

In 2017, the ransomware threat went global with first WannaCry in May, and Petya in June, affecting many organizations in Europe, Asia and the US.

A Timely Reminder

These recent ransomware threats are a timely reminder of why regular Cyber Security and Network Audits are so critical.

Ransomware is a malware that takes control of systems. It prevents the user/business from accessing their data unless they pay a “ransom”. Regular Cyber Security and Network Audits can greatly ameliorate the devastation of insidious malware attacks by ensuring vulnerabilities within your system are identified and addressed.

Low-Cost Cyber Security Pre Assessment Audit

KG Hawes offers a Pre Assessment Cyber Security Audit. The advantage of this type of audit is that you don’t need to commit to a full audit. The pre assessment can offer a company enough critical information to determine if a full Cyber and/or Network Security Audit is warranted. Should a complete audit be necessary, the pre assessment fee will be applied to any full Audit conducted by KG Hawes.

Our pre assessment cyber security audit will cover the following system checks:

  • Inventory
      Assess Risk Inventory
      Perform Automated & Manual Vulnerablity Analysis
      Perform and Check Security Misconfigurations
      Perform Patch Audit for Software & Operating System in Network

  • Firewall Audit
      Perform Audit on Misconfigurations
      Firewall Baserule Test
      Internal DDOS Test

  • Web Application Audit
      Audit Webservers for Security Issues
      Audit External Facing Web Application Security Audit
      Audit Web Application for Default & A1 Injection

  • Network
      Perform Software Patch Audit
      Perform Router Misconfiguration Audit
      Perform Antivirus and Malware Audit
      Perform DNS Audit
      Perform Internal Misconfiguration Audit

  • SIP Audit
      Perform SIP Audit
      Perform Vulnerablity Analysis
      Perform MITM Analysis Against SIP

  • Certificate Audit
      Audit HTTPS Certificates on Webserver
      Audit SSH Certificates and RSA Audit

  • IDS Audit
      IDS Rule Audit
      IDS Misconfiguration Audit

  • Phishing
      Internal Social Enginerring Test
      Internal Spear Phishing Test

Ransomware - Threats to a City's Water Supply

Georgia Institute of Technology (GIT) researchers created a proof-of-concept ransomware that, within a simulated environment, was able to gain control of a water treatment plant and threaten to shut off the entire water supply or poison the city's water by increasing the amount of chlorine in it.

Dubbed LogicLocker, the ransomware, presented at the 2017 RSA Conference in San Francisco, allowed researchers to alter Programmable Logic Controllers (PLCs) - the tiny computers that control critical Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) infrastructure, like a power plant's or water treatment facilities.

This in turn, gave them the ability to shut valves, control the amount of chlorine in the water, and display false readouts.

Initially, ransomware targeted regular internet users; however, most recently, the threat has begun to target enterprises, educational facilities, hospitals, hotels and other businesses.

ref: Out of Control: Ransomware for Industrial Control Systems

Cyber vs Network Security - The Difference

Network security deals with keeping an entity’s data and equipment secure. Cyber security focuses on protecting a company’s equipment and data from risks that originate from cyber space.

Learn About Our Network Security Services

Please click on a link below to download:

White Paper [Cyber Security]