Protect your business against the inevitable
To say your business is a target for a cyber-attack or a data breach is not a statement of fear – it’s a statement of fact.
In its 2017 / 2018 report The cyber threat to UK business, the UK Government’s National Cyber Security Centre (NCSC), records that cyber attacks have resulted in financial losses to businesses of all sizes.
The odds seem stacked alarmingly in the attackers’ favour. Powerful cyber crime applications are now available as a service for as little as £5 a month. The losses they can inflict run into many millions (over £32 million in 2016 – 2017 in mandate fraud alone).
The reality is that you need a friendly ally to regularly probe and test your business’s defences like a hacker would – and close the holes that are so useful to them.
Assurance: Why Your Business Needs It
The vulnerabilities and exposures that attackers exploit in your IT environment can harm your business in many ways:
- Financial - In addition to any funds that are stolen or compromised, the cost of dealing with a cyber incident can be immense – an average of £857,000, according to PwC’s Global State of Information Security Survey 2018.
- Customer attrition – Analysis from Deloitte suggests that customer attrition increases 30% in the wake of a cyber incident and doesn’t return to normal until three years later!
- Legal / Regulatory - FCA, PCI DSS, HMG, ISO 27001 – all these regulatory standards and accreditations require assurance. Your business can be fined for non-compliance, but regardless of the accreditations your business does or doesn’t hold a lawsuit can be brought against you by any party affected by a cyber incident for which you are responsible.
- Insurance cost increase – Your business can find itself with steep insurance premium increases, or can even be denied coverage until it has put in place additional cyber security measures as dictated by your insurers.
- Loss of competitive advantage / investment – Particularly in the case of a breach that has led to the compromise of product development information, your business may find its own innovations being brought to market by another organisation – severely impacting your business’s competitive position and its attractiveness to investors.
Our Assurance Services - And How They Help You
Our Assurance Services get right to the heart of what keeps your business genuinely protected: the certainty that your security is working, not just the knowledge that it has been implemented.
We do this in ways that suit your business and your budget – from Cyber Essentials compliance to full auditing and accreditation; from light-touch vulnerability assessments to premium, deep-dive penetration testing; from web applications to full system scope.
Your assurance work is carried out by our team of certificated security specialists, with decades of cross-domain experience of delivering manual, automated and bespoke testing methodologies.
Premium Assurance Services:
Full System Penetration Testing
A full penetration test of a system from the ground up covers not only your business and its employees, but additional risks such as contractors and third parties.
Firesand’s full system penetration test puts us in the hacker’s shoes by launching deliberate, controlled attacks that enable us to analyse the outcomes using the latest automated technological assessments, plus the specialist insight borne of our decades of security experience.
We fingerprint lower level systems, scan entry points and progress right up to application-layer testing – leaving no stone unturned and no risk unseen.
Web Application Penetration Testing – Full Deep Dive
This service is a deep dive security investigation into every area of any web application that your business uses.
It comprehensively addresses not only the industry-standard OWASP Top 10 issues, using additional proven methodologies including OSSTMM, NIST, NSA, PTEST and ISSAF, but also emerging threats and attack techniques - helping to secure your business both now and in the immediate future.
Bespoke assurance and testing
Firesand can tailor all its testing and assurance services to your business’s specific needs, combining out-of-the-box and bespoke-developed tools, custom methodologies, and our specialists’ expert insight to deliver exactly the solution you need
Advanced Assurance Services:
Infrastructure – Penetration Testing
This service provides a detailed security assessment of the new and existing infrastructure that underlies – and can potentially compromise - the business-critical applications deployed to it.
Essential Assurance Services:
Web application penetration testing - Essentials
This service’s OWASP-based testing approach prioritises the discovery of security issues that are likely to have the greatest impact on your business.
It focuses on all the key web application risks, including, amongst others, session hijacking, authentication and authorisation, unvalidated input vulnerabilities, web server configuration issues, cross-site scripting (CSS) and SQL injection attacks.
For web applications and public-facing infrastructure that are less mission-critical, Firesand’s vulnerability assessments deliver a streamlined, highly automated service to flag potential risks, helping you maintain security vigilance with minimal overheads.
As part of our assurance services, we also help your business to put in place defined cyber security measures to gain the Government-recognised Cyber Essentials and Cyber Essentials Plus accreditations.
These not only reassure your customers and supply chain that you are working seriously to secure your systems against a cyber attack, but are mandatory if your businesses wishes to compete for certain Government contracts.