Security Assessments
What Is a Threat Landscape?
The threat landscape is usually thought of as including the vulnerabilities, malware, and specific groups of attackers and their techniques that represent a danger in a given context.
As such, a threat landscape is therefore said to apply to:
- Individuals
- Organisations
- Organisational sectors
Why Is Security So Important?
The IT industry changes constantly. This constant change causes code in products to change, and unfortunately a bi-product change, can be weaknesses in the underlying code.
To add to this, attackers are constantly adapting, finding new ways of exploiting systems. Originally, they would attack the server environment directly (an outside-in approach), however security enhancements in this space made this a much harder area to attack.
Attackers then realised that the simplest way to attack an environment is to target the individuals, which has resulted in a whole new form of ‘social engineering’ attacks via phone calls and phishing emails. A new approach since the COVID-19 pandemic started has been the targeting of remote assistance software, mainly attributed to the increased number of users now working from home.
To summarise, attackers are frequently finding new ways to exploit your business so it is a constant fight to ensure you are doing whatever you can to try and prevent it. Implementing a system or process today, does not mean that it meets the needs of tomorrow,
How We Can Assist
Having seen firsthand how some of these attacks manifest themselves within an organisation, many of the attacks can be significantly reduced or even prevented entirely by following a set of best practices.
Areas we like to focus on include:
- An architecture review – to see what your environment looks like, and identify areas of risk
- Use of antimalware and antivirus products
- Patching policies and procedures
- Password policies
- Use of multi-factor authentication
- Firewall practices
- User privileges
- User awareness and training
- Costly for many organisations
- Typically require dedicated teams to manage them
- Somewhat useless if you have not first assessed the fundamentals