Cyber Security Frequently Asked Questions
What is Cyber Security?
In a nutshell, it’s protecting your company against those who would like to access, steal or lock you out of your data.
How likely is it that my company will be targeted by cybercriminals?
Unfortunately, highly likely. It’s the fastest-growing crime segment, and nobody is immune to its threats.
We need assistance with our data compliance requirements. Can you help?
Yes. Compliance is a growing need for many of our clients. We can help with a range of services that show you’ve taken a duty of care across several compliance areas, including GDPR, PCI-DSS, HIPAA, NDB and others.
Our current Information Technology provider says they do Cyber Security. Isn’t this good enough?
Probably not. As cyber threats have morphed and grown, Cyber Security has become a highly specialised field, requiring dedicated and experienced resources to protect against evolving threats. Put bluntly, it’s not just about running some clever software; it also requires skilled and adaptive human intelligence. It’s unlikely that the company that installed your network or implemented your ERP system is suitably equipped to deal with the cyber threats of today and tomorrow. We only do Cyber Security. All-day. Every day. All over the world.
We already run some internal scans, which occasionally flag vulnerabilities, and we fix them. Isn’t this enough?
Probably not. Most tools don’t do the job well enough without skilled human oversight. Today’s cyber threat environment is evolving fast and requires highly specialised professionals to assess, dig deep, identify and prioritise security issues.
Can’t you just tell me the tools that you use and I’ll get my internal team to run the appropriate tests?
Effective Cyber Security isn’t just about the tools, and some software tools tend to identify lots of ‘false positives’ that your internal team would spend fruitless hours, days and weeks looking for. We have the expertise to strip out such false positives and quickly identify your real threats.
We just had a Penetration Test and passed with flying colours. Isn’t that enough?
Maybe for today, probably not for tomorrow. All Penetration Tests are not equal. Take a look at our client case study for an example of this.
Are there different types of Penetration Tests?
Yes, it depends upon your specific needs, which we clarify in the scoping stage. See our Penetration Test service.
OK, we’d like you to do a Penetration Test for us. What do we actually get? What’s the process?
What’s the difference between a Vulnerability Assessment, a Penetration Test and the Vulnerability Assessment+ service?
Great question, and one that we’re often asked. Essentially, a Vulnerability Assessment is a mostly automated broad scan of your information systems, whereas a Penetration Test is a manually-intensive deep examination of a particular element of your systems. Our Next Generation Vulnerability Assessment (NGVA) service combines elements of both to provide an ongoing assessment of your security situation. Learn more in this article.
|Vulnerability Assessment||Penetration Testing||Next Generation Vulnerability Assessment (NGVA)|
|What is it?||A broad snapshot-in-time scan of your information systems to identify vulnerabilities.||A deep snapshot-in-time interrogation of specific elements of your information systems to identify vulnerabilities and recommendations.||A broad and moderately deep rolling monthly analysis/scorecard of vulnerabilities and recommendations.|
|Objective||To discover and prioritise vulnerabilities across your network.||To discover, prioritise, exploit and provide recommendations for specific network vulnerabilities.||To provide monthly network-wide vulnerability assessments, partial exploits and recommendations.|
|Scope||Broad & surface level.||Deep & focused.||Broad & as-required depth.|
|Performed by||Automated tools with skilled human oversight.||Experienced cyber security specialists with diverse IT experience and ‘out of the box’ thinking.||Automated tools with skilled human oversight and experienced cyber security specialists.|
|Result||A prioritised list of your vulnerabilities.||A prioritised list of your vulnerabilities, exploits and recommendations.||Monthly report/scorecard detailing your prioritised vulnerabilities, fixes and recommendations.|
|Best for||A basic understanding of your cyber security situation.||A deep understanding of your cyber security situation.||An ongoing understanding of your cyber security situation.|
I need my results to be confidential, are they?
Always. All test results are delivered to you securely. And we NEVER publicise who our clients are.
If you find any security issues with my company, do you fix the problems?
Usually yes. However, it depends on the problem. We can work with your internal team or your preferred service provider to get it fixed fast.
I have other questions. Can you help?
Of course. Please get in touch. Things will go faster for you if you can provide a short description of your current situation/problem.