Security Assessments

What Is a Threat Landscape?

The threat landscape is usually thought of as including the vulnerabilities, malware, and specific groups of attackers and their techniques that represent a danger in a given context.

As such, a threat landscape is therefore said to apply to:

  • Individuals
  • Organisations
  • Organisational sectors
 
Keep in mind that a threat is also common inside an organisation too, for example a disgruntled employee, or a contractor with conflicting interests.

Why Is Security So Important?

The IT industry changes constantly. This constant change causes code in products to change, and unfortunately a bi-product change, can be weaknesses in the underlying code.

To add to this, attackers are constantly adapting, finding new ways of exploiting systems. Originally, they would attack the server environment directly (an outside-in approach), however security enhancements in this space made this a much harder area to attack.

Attackers then realised that the simplest way to attack an environment is to target the individuals, which has resulted in a whole new form of ‘social engineering’ attacks via phone calls and phishing emails. A new approach since the COVID-19 pandemic started has been the targeting of remote assistance software, mainly attributed to the increased number of users now working from home.

To summarise, attackers are frequently finding new ways to exploit your business so it is a constant fight to ensure you are doing whatever you can to try and prevent it. Implementing a system or process today, does not mean that it meets the needs of tomorrow,

How We Can Assist

Having seen firsthand how some of these attacks manifest themselves within an organisation, many of the attacks can be significantly reduced or even prevented entirely by following a set of best practices. 

Areas we like to focus on include:

  • An architecture review – to see what your environment looks like, and identify areas of risk
  • Use of antimalware and antivirus products
  • Patching policies and procedures
  • Password policies
  • Use of multi-factor authentication
  • Firewall practices
  • User privileges
  • User awareness and training
Of course, there are also many other areas that can be investigated including specialty security services like penetration testing and tools, but these can be:
  1. Costly for many organisations
  2. Typically require dedicated teams to manage them
  3. Somewhat useless if you have not first assessed the fundamentals
Before investing in such services and solutions, it first makes sense to understand where the gaps are – i.e. check the fundamentals. These can be identified by reviewing the current policies and procedures you have in place.
 
 For further information or to discuss how we can assist you, please contact us today!