Cyber Risk Service: Network visibility
Goal: To understand your cyber security posture by identifying all applications including malware, their usage and risk, and ways hackers are attempting to breach your network
Focus: Analyse network traffic to identify all activity, its risk and what cyber-attacks your current perimeter security systems are missing
Outcome: Security Lifecycle Review that provides a complete picture of all applications and attacks on your network with key focus areas to help increase security. Recommendations for:
Next-Gen Security - Visibility and control users, content and threats
Perimeter security ‘Best Practice Assessment’ services
Cyber Risk Service: Prevention Posture Assessment
Goal: To have a consultative discussion about Risk/Threat Prevention across your entire architecture and define a direction toward achieving an expected result
Focus: An interactive questionnaire that assesses the capabilities currently enabled in each area of your network in relation to the cyberattack lifecycle
Outcome: Findings and Recommendation report across entire infrastructure, with a strategic alignment and shared vision between your organisation and KHIPU
Then along comes an email with an attachment or link to a website
The most simple attack method - just one-click and…
Someone opens the attachment - malware / ransomware is injected into the network
Or, the user goes to the URL, entering information which an attacker can then use to access the network - compromising your business. - financial loss, data leakage, reputational damage and even fines from the ICO. ARROWS / CROSSES destroying the network etc
all businesses must implement pro-active prevention measures to protect against cyber-attacks that can result in financial loss,
what the services does (as below) - what we can offer: Simulations, awareness and onsite training plus Value add + reporting
service does:
User Vulnerability Risk Assessment & Awareness Training – Identify your risk to phishing attacks
The service identifies the ‘risk factor’ and how vulnerable the organisation is to phishing attacks:
Users: Do they open phishing emails and how many could be compromised by providing information.
Infrastructure: Are email systems, spam filters, firewalls etc configured correctly or capable of protecting against a phishing attack?
Processes: How do users / IT helpdesk departments etc react to phishing emails?
Devices: What operating systems, web browsers and plug-ins are being used, are they vulnerable?
Prevention report: Highlighting “what is the risk” with best practice recommendations including training plans, solutions and services for on-going prevention and to reduce the risk of being compromised.
Cyber Security Awareness Training: To educate the users on phishing; the risks, impact, how to identify and what to do (see below CSAT).
KHIPU’s vulnerability assessment services enable organisations to understand their risks to cyber-attacks by highlighting the critical areas where they are vulnerable and could be compromised. Once the vulnerabilities are known, a best-practice approach to cyber security with recommendations for both on-going protection and future prevention can then be provided to reduce the exposure of a cyber-attack, mitigate the risk and simplify your cyber security strategy.
• Assign a dedicated delivery team which includes;
Project co-ordinator: To liaise with the customer on the SoW process, resources (for testing and approvals) and scheduling / logistics for the phishing campaigns and awareness training services.
Cyber security team: For the design, testing and implementation of the simulated phishing campaign and awareness training service including:
• Type of simulated phishing attack
• Type of awareness training
• Phishing email with a link to a website to capture information
• Phishing website to capture information
• Phishing email attachment document
• Awareness emails
• Awareness Training Landing page
• “Cyber Security 101” classroom training (if purchased)
They are also responsible for providing:
• Best practise recommendations to the customers cyber security environment post the campaign. If required, assist with the implementation of the recommendations should the customer request this.
• Plans for on-going phishing campaigns and training services based upon the results from previous campaigns.
• Customer report detailing the entire campaign, results and the above points.
•“Cyber Security 101” classroom training: This has been most effective in improving user’s awareness of phishing emails and is constantly being adapted to improve results. The 1.5 hour sessions, that can be hosted onsite, at our training centre and soon to be virtually / remotely (launch date Q2 2017), have the following agenda to support the simulated phishing campaigns based around work and home life. As customers have different requirements for classroom training as well as the logistics involved (e.g. co-ordinating attendees, availability etc) this service is quoted separately as an option.
- Cybersecurity 101 – Video
- Responsibility for Information
- What is Phishing?
- Phishing Facts; Real life attacks and threats to your personal and work life
- Detecting and Avoiding; Phishing examples
- Phishing DO’s & DON’Ts
- Questions & Answers
- Short Break
- Cybersecurity Awareness Quiz
service does:
User Vulnerability Risk Assessment & Awareness Training – Identify your risk to phishing attacks
The service identifies the ‘risk factor’ and how vulnerable the organisation is to phishing attacks:
Users: Do they open phishing emails and how many could be compromised by providing information.
Infrastructure: Are email systems, spam filters, firewalls etc configured correctly or capable of protecting against a phishing attack?
Processes: How do users / IT helpdesk departments etc react to phishing emails?
Devices: What operating systems, web browsers and plug-ins are being used, are they vulnerable?
Prevention report: Highlighting “what is the risk” with best practice recommendations including training plans, solutions and services for on-going prevention and to reduce the risk of being compromised.
Cyber Security Awareness Training: To educate the users on phishing; the risks, impact, how to identify and what to do (see below CSAT).
KHIPU’s vulnerability assessment services enable organisations to understand their risks to cyber-attacks by highlighting the critical areas where they are vulnerable and could be compromised. Once the vulnerabilities are known, a best-practice approach to cyber security with recommendations for both on-going protection and future prevention can then be provided to reduce the exposure of a cyber-attack, mitigate the risk and simplify your cyber security strategy.
• Assign a dedicated delivery team which includes;
Project co-ordinator: To liaise with the customer on the SoW process, resources (for testing and approvals) and scheduling / logistics for the phishing campaigns and awareness training services.
Cyber security team: For the design, testing and implementation of the simulated phishing campaign and awareness training service including:
• Type of simulated phishing attack
• Type of awareness training
• Phishing email with a link to a website to capture information
• Phishing website to capture information
• Phishing email attachment document
• Awareness emails
• Awareness Training Landing page
• “Cyber Security 101” classroom training (if purchased)
They are also responsible for providing:
• Best practise recommendations to the customers cyber security environment post the campaign. If required, assist with the implementation of the recommendations should the customer request this.
• Plans for on-going phishing campaigns and training services based upon the results from previous campaigns.
• Customer report detailing the entire campaign, results and the above points.
•“Cyber Security 101” classroom training: This has been most effective in improving user’s awareness of phishing emails and is constantly being adapted to improve results. The 1.5 hour sessions, that can be hosted onsite, at our training centre and soon to be virtually / remotely (launch date Q2 2017), have the following agenda to support the simulated phishing campaigns based around work and home life. As customers have different requirements for classroom training as well as the logistics involved (e.g. co-ordinating attendees, availability etc) this service is quoted separately as an option.
- Cybersecurity 101 – Video
- Responsibility for Information
- What is Phishing?
- Phishing Facts; Real life attacks and threats to your personal and work life
- Detecting and Avoiding; Phishing examples
- Phishing DO’s & DON’Ts
- Questions & Answers
- Short Break
- Cybersecurity Awareness Quiz
service does:
User Vulnerability Risk Assessment & Awareness Training – Identify your risk to phishing attacks
The service identifies the ‘risk factor’ and how vulnerable the organisation is to phishing attacks:
Users: Do they open phishing emails and how many could be compromised by providing information.
Infrastructure: Are email systems, spam filters, firewalls etc configured correctly or capable of protecting against a phishing attack?
Processes: How do users / IT helpdesk departments etc react to phishing emails?
Devices: What operating systems, web browsers and plug-ins are being used, are they vulnerable?
Prevention report: Highlighting “what is the risk” with best practice recommendations including training plans, solutions and services for on-going prevention and to reduce the risk of being compromised.
Cyber Security Awareness Training: To educate the users on phishing; the risks, impact, how to identify and what to do (see below CSAT).
KHIPU’s vulnerability assessment services enable organisations to understand their risks to cyber-attacks by highlighting the critical areas where they are vulnerable and could be compromised. Once the vulnerabilities are known, a best-practice approach to cyber security with recommendations for both on-going protection and future prevention can then be provided to reduce the exposure of a cyber-attack, mitigate the risk and simplify your cyber security strategy.
• Assign a dedicated delivery team which includes;
Project co-ordinator: To liaise with the customer on the SoW process, resources (for testing and approvals) and scheduling / logistics for the phishing campaigns and awareness training services.
Cyber security team: For the design, testing and implementation of the simulated phishing campaign and awareness training service including:
• Type of simulated phishing attack
• Type of awareness training
• Phishing email with a link to a website to capture information
• Phishing website to capture information
• Phishing email attachment document
• Awareness emails
• Awareness Training Landing page
• “Cyber Security 101” classroom training (if purchased)
They are also responsible for providing:
• Best practise recommendations to the customers cyber security environment post the campaign. If required, assist with the implementation of the recommendations should the customer request this.
• Plans for on-going phishing campaigns and training services based upon the results from previous campaigns.
• Customer report detailing the entire campaign, results and the above points.
•“Cyber Security 101” classroom training: This has been most effective in improving user’s awareness of phishing emails and is constantly being adapted to improve results. The 1.5 hour sessions, that can be hosted onsite, at our training centre and soon to be virtually / remotely (launch date Q2 2017), have the following agenda to support the simulated phishing campaigns based around work and home life. As customers have different requirements for classroom training as well as the logistics involved (e.g. co-ordinating attendees, availability etc) this service is quoted separately as an option.
- Cybersecurity 101 – Video
- Responsibility for Information
- What is Phishing?
- Phishing Facts; Real life attacks and threats to your personal and work life
- Detecting and Avoiding; Phishing examples
- Phishing DO’s & DON’Ts
- Questions & Answers
- Short Break
- Cybersecurity Awareness Quiz
service does:
User Vulnerability Risk Assessment & Awareness Training – Identify your risk to phishing attacks
The service identifies the ‘risk factor’ and how vulnerable the organisation is to phishing attacks:
Users: Do they open phishing emails and how many could be compromised by providing information.
Infrastructure: Are email systems, spam filters, firewalls etc configured correctly or capable of protecting against a phishing attack?
Processes: How do users / IT helpdesk departments etc react to phishing emails?
Devices: What operating systems, web browsers and plug-ins are being used, are they vulnerable?
Prevention report: Highlighting “what is the risk” with best practice recommendations including training plans, solutions and services for on-going prevention and to reduce the risk of being compromised.
Cyber Security Awareness Training: To educate the users on phishing; the risks, impact, how to identify and what to do (see below CSAT).
KHIPU’s vulnerability assessment services enable organisations to understand their risks to cyber-attacks by highlighting the critical areas where they are vulnerable and could be compromised. Once the vulnerabilities are known, a best-practice approach to cyber security with recommendations for both on-going protection and future prevention can then be provided to reduce the exposure of a cyber-attack, mitigate the risk and simplify your cyber security strategy.
Conclusion
This section provides a detailed conclusion of the simulated campaign conducted including:
• Explanation and interpretation of the results including ‘risk-factor’
• Observations from the phishing campaign and awareness training
• Best practise recommendations:
- Password management
- Further (targeted) campaigns and supporting awareness training components
- Awareness training plan
- Perimeter security: Optimised configuration of the customers’ existing environment to protect against phishing attacks with options for replacement and complementary technologies.
- Next stages; a plan for the short and long term simulated phishing campaigns (including targeted) and awareness training.
- A best-practise cyber security workshop review (optional)
In an ideal world… Your extensive investment into your environment should identify and protect against such cyber attacks
Infrastructure: Should Identify and block emails and malware coming in, see unknown applications running on the network
Endpoint: AV should identify and block malware at the device level
and finally your Users: Should be trained to not open suspicious emails
“don’t worry about it - we are protected”
In an ideal world… but we do not live in one unfortunately
all businesses must implement pro-active prevention measures to protect against cyber-attacks that can result in financial loss,
In an ideal world… Your extensive investment into your environment should identify and protect against such cyber attacks
Infrastructure: Should Identify and block emails and malware coming in, see unknown applications running on the network
Endpoint: AV should identify and block malware at the device level
and finally your Users: Should be trained to not open suspicious emails
“don’t worry about it - we are protected”
In an ideal world… but we do not live in one unfortunately
all businesses must implement pro-active prevention measures to protect against cyber-attacks that can result in financial loss,
In an ideal world… Your extensive investment into your environment should identify and protect against such cyber attacks
Infrastructure: Should Identify and block emails and malware coming in, see unknown applications running on the network
Endpoint: AV should identify and block malware at the device level
and finally your Users: Should be trained to not open suspicious emails
“don’t worry about it - we are protected”
In an ideal world… but we do not live in one unfortunately
all businesses must implement pro-active prevention measures to protect against cyber-attacks that can result in financial loss,
In an ideal world… Your extensive investment into your environment should identify and protect against such cyber attacks
Infrastructure: Should Identify and block emails and malware coming in, see unknown applications running on the network
Endpoint: AV should identify and block malware at the device level
and finally your Users: Should be trained to not open suspicious emails
“don’t worry about it - we are protected”
In an ideal world… but we do not live in one unfortunately
all businesses must implement pro-active prevention measures to protect against cyber-attacks that can result in financial loss,
Users – your last form of defence”
“Student and staff education is vital in the defence against ransomware”
“We often look but seldom see”