Assurance Services

Protect your business

Your business is a potential target for cyber attacks and data breaches. In its 2021/22 report, "The cyber threat to UK business", the UK government's National Cyber Security Centre (NCSC) records that businesses of all sizes have suffered financial losses due to cyber attacks.

Alarmingly, the odds right now seem stacked in the attackers' favour. Powerful cyber crime applications are now available as a service for as little as £5 a month. The total losses they can inflict are incalculable, but over £32 million was stolen in 2021/22 in mandate fraud alone.

Given this reality, your business needs an ally in the fight against attackers. As that ally, Firesand can regularly probe and test your business’s defence like a hacker would – and close the holes that are so useful to them.

Our Assurance Services:

We get right to the heart of what keeps your business genuinely protected: the certainty that your security is working, not just the knowledge that it has been implemented.

Your assurance work is carried out by our team of certificated security specialists, with decades of cross-domain experience of delivering manual, automated and bespoke testing methodologies.

We do this in ways that suit your business and your budget – from Cyber Essentials compliance to full auditing and accreditation; from light-touch vulnerability assessments to premium, deep-dive penetration testing; from web applications to full system scope.

Assurance: Your Business Needs It

In addition to any funds that are stolen or compromised, the cost of dealing with a cyber incident can be immense – an average of £857,000, according to PwC’s Global State of Information Security Survey (2021).

An alarming analysis from Deloitte suggests that customer attrition increases 30% in the wake of a cyber incident and doesn’t return to normal until three years later.

FCA, PCI DSS, HMG, ISO 27001 – all these regulatory standards and accreditations require assurance. Your business can be fined for non-compliance, but regardless of the accreditations your business does or doesn’t hold a lawsuit can be brought against you by any party affected by a cyber incident for which you are responsible.

Your business can find itself with steep insurance premium increases after an attack, or can even be denied coverage until it has put in place additional cyber security measures as dictated by your insurers.

Particularly in the case of a breach that has led to the compromise of product development information, your business may find its own innovations being brought to market by another organisation – severely impacting your business’s competitive position and its attractiveness to investors.

Advanced Assurance Services:

Infrastructure – Penetration Testing

This service provides a detailed security assessment of the new and existing infrastructure that underlies the business-critical applications deployed to it.

Essential Assurance Services:

This service’s OWASP-based testing approach prioritises the discovery of security issues that are likely to have the greatest impact on your business.

It focuses on all the key web application risks, including - amongst others - session hijacking, authentication and authorisation, invalidated input vulnerabilities, web server configuration issues, cross-site scripting (CSS) and SQL injection attacks.

For web applications and public-facing infrastructure that are less mission-critical, Firesand’s vulnerability assessments deliver a streamlined, highly automated service to flag potential risks, helping you maintain security vigilance with minimal overheads.

As part of our assurance services, we also help your business to put in place defined cyber security measures to gain the Government-recognised Cyber Essentials and Cyber Essentials Plus accreditations.

These not only reassure your customers and supply chain that you are working seriously to secure your systems against a cyber attack, but are mandatory if your businesses wishes to compete for certain government contracts.

Premium Services:

A full penetration test of a system from the ground up covers not only your business and its employees, but additional risks such as contractors and third parties.

Firesand’s full system penetration test puts us in the hacker’s shoes by launching deliberate, controlled attacks. These enable us to analyse the outcomes using the latest automated technological assessments, plus the specialist insight borne of our decades of security experience.

We fingerprint lower level systems, scan entry points and progress right up to application-layer testing – leaving no stone unturned and no risk unseen.

This service is a deep dive security investigation into every area of any web application that your business uses.

It comprehensively addresses not only the industry-standard OWASP Top 10 issues (using additional proven methodologies including OSSTMM, NIST, NSA, PTEST and ISSAF) but also emerging threats and attack techniques - helping to secure your business both now and in the immediate future.

Firesand can tailor all its testing and assurance services to your business’ specific needs, combining out-of-the-box and bespoke-developed tools, custom methodologies, and our specialists’ expert insight to deliver exactly the solution you need.