Business Challenges 2019

Threats continue to evolve and become increasingly complex. In response, our defence strategies must too evolve and be reviewed to ensure they continue to remain effective and up-to-date. Sapphire have highlighted what we believe are the most challenging areas of cyber security for businesses today. If these areas resonate with you and your business, we would be delighted to share our insights with you and how Sapphire can help address them.

The Complexity of Networks

Historically, our corporate infrastructures were much simpler. Modern day methods of working mean that we no longer have a clear perimeter, but rather our networks are made up of various portable devices used by employees and contractors, mobile workers and office-based staff, not to mention the adoption of cloud services be that public, private or hybrid.

We work with multi-national organisations who host complex and diverse infrastructures. By applying the same principles and methodology to both on premise and cloud environments we are able to work with or clients helping them to security their infrastructure (on-premise and in the cloud), their assets, their data and their people.

OUR SERVICES INCLUDE:

  • Asset Discovery
  • Cloud Threat Assessment
  • Identity Management
  • Cloud Infrastructure Security
  • Endpoint Security
  • Vulnerability Management
  • Perimeter Security
  • Data Leakage Prevention

Cyber Risk in Mergers & Acquisitions

When firms merge, the process of due diligence involves assessing the risks relating to finance, operations, personnel and legal structure, but does not always extend to cyber security or systems integration. When professional services firms advise on their clients’ acquisition activities, is there an opportunity to include cyber security in the process?  Does evidence of attention to cyber resilience increase an organisation’s value in the M&A market, and to what extent should advising firms be able to offer consulting services? Stringent regulations on data protection such as the GDPR coupled with the detrimental effect a public data breach could have must also be taken into consideration.

Sapphire can work with you to identify the risk appetite of your business and define a strategy identifying the importance of governance, risk and compliance.

OUR SERVICES INCLUDE:

  • CISO as a Service
  • ISO 27001: 2013
  • Security Awareness Training
  • Security Consultancy
  • Data Leakage Prevention
  • Compliance & Standards

The Human Factor

It’s estimated that more than 90% of cyber-attacks can be attributed to human error. Employees can be more susceptible when they are unaware of the actual risks, or unaware of procedures to mitigate social engineering-based attacks. Although technical solutions can provide a layer of protection ultimately there is always room for human error. Compromises specifically targeting the user at the endpoint have been by far the most common method of attack seen in recent years reaping lucrative rewards for those criminals behind these types of breaches.

Raising awareness, not just around phishing attacks, is an important line of defence which needs to be addressed. Sapphire provides a range of solutions to secure your people and our training and awareness programme can help you to build and maintain a security culture within your organisation.

OUR SERVICES INCLUDE:

  • Security Awareness Training
  • Phishing Awareness & Training
  • Malware & Phishing Prevention
  • Open Source Intelligence (OSINT)
  • Social Engineering
  • Policy Compliance

Outsourcing and Third-Party Risk

The drive for digital transformation coupled with a lack of resource has prompted many organisations to look at outsourcing their requirements to third parties. This has increased the operational risk for many businesses who in their haste to move to new suppliers are failing to carry out a full risk assessment and assess the security implications to their business.

It’s absolutely key to review the suppliers providing these types of services to your business, where there are based, how they store and share their client data and what security standards they adhere to. Sapphire’s consultants can work with your team to identify any outsourcing requirements, assess the relevant suppliers and develop the relevant policies and procedures to ensure that the risk is always assessed and deemed appropriate to your business need to ensure the integrity of data and under existing guidelines and regulations.

OUR SERVICES INCLUDE:

  • Security Consultancy
  • Policy & Document Writing
  • Data leakage Prevention
  • GDPR Gap Analysis & Consultancy
  • Vulnerability Management

  • User & Entity Behaviour Analytics

  • ISO 27001: 2013

Legacy Equipment

Many organisations are running legacy systems within their environments, constrained by cost or the reliance on integration with other key systems. This is by no means limited to the NHS, manufacturing sector, SCADA environments or enterprise organisations. 

Legacy systems often remain unpatched and unsupported due to the use of outdated versions of software and operation systems this makes them a prime target for hackers and other malicious activity. Sapphire provides a range of solutions helping you to identify legacy equipment, patch and remediate where applicable. We can also ensure that your infrastructure is monitored and any vulnerabilities or flaws are identified.

OUR SERVICES INCLUDE:

  • Asset Discovery
  • Endpoint Security
  • Perimeter Security
  • Patch Management Solutions
  • Vulnerability Management
  • Network Monitoring Solutions

Not fully Understanding Cyber Risk

Essentially Cyber Risk is the impact of a cyber breach or technology failing which can impact your business in relation to financial loss, downtime and reputational or brand damage. It is no longer a case of if your business will be subject of an attack but when and as the probability of a security incident or data breach increases, so does the risk appetite of your business.

Fully understanding where the risk truly lies and how adept your business is to protect against these threats is absolutely key. The culture of an organisation is set around the board room table and security must be at the heart of the business risk conversation and a clear strategy set. The strategy must be communicated to all parts of the business and include technology, policies and procedures and a security awareness programme.

Sapphire has worked with organisations across all sectors to ascertain the risks, develop, communicate and maintain a security strategy which is sensible and appropriate for your business.

OUR SERVICES INCLUDE:

  • CISO as a Service
  • ISO 27001: 2013
  • Cyber Essentials
  • NIS Directive
  • GDPR Consultancy
  • Security Awareness & Training

Not Getting the Basics Right

Ponemon reports that 77% of the companies who were compromised in 2017 were attacked using known exploits or file less techniques. Organisations can go a long way to protect themselves by remembering to get the basic hygiene right when it comes to security. We would recommend that you take the following steps when securing your organisation:

Be aware of all the assets on your network
Have a patch management programme in place
Ensure users can only access the information they need on your network
Use strong authentication or strong passwords
Deploy effective malware protection on the endpoints
Implement robust perimeter controls

LET’S TALK

For greater visibility and control, don’t hesitate to get in touch. We’d be delighted to hear from you!