Understanding the risks will help clients to minimise and eventually mitigate them. Firstly we will look at how a client can minimise the risk of data being stolen by understanding which data is sensitive and has a value to an attacker. Different clients will have vastly differing requirements in this area. Next we look at understanding the potential impact of data loss to help identify the data which requires the most protection. Finally we explain how Context can assist in mapping a client’s security vulnerabilities against Best Practice, in order to have a clear picture of which areas will need to be fixed to maximise security.
Data at Risk
It is not possible for an organisation to protect all of its data, but it does not need to. Having worked through a process of detecting compromises and responding to and learning about the attack to which the organisation is being subjected, one of the most important outcomes is the development of an understanding of which data is most at risk, and a course of action to secure that data. The data in question may be sensitive for only a very short time, as in the case of pricing data in a contract negotiation document, say, or over the longer term, as with intellectual property information or research.
Context works with clients to identify, segregate and protect their most valuable data assets.
Context will, where required, work with a client to assess the wider risk and impact to an organisation that could originate from a compromise. We will work with the client to understand where high value data assets are stored and how they are protected, then construct a full risk assessment looking at the likely attackers who would target such data, their capabilities, resources and levels of sophistication. This would then be coupled with a technical assessment of how easily an attacker could escalate privileges on a machine and move laterally through the network. This information is then presented to the business to facilitate a workshop aimed at establishing the full impact of data being stolen.
One of the most useful services Context delivers as part of its Response work, according to feedback from clients, is a Gap Analysis report aimed at assessing the current state of an organisation’s defences and its ability to detect and respond to attacks. To conduct this exercise we would spend one day on site with a range of network defence stakeholders, to establish which security products are in use, the tools available to analyse network events, the efficacy of the organisation’s policies and procedures; and the cyber security culture, awareness and environment. Context works with clients to identify, segregate and protect their most valuable data assets.
Evidence is collected through a series of interviews and discussions. Once complete the consultant takes all of the input and compares it against Best Practice, compiled from a variety of sources and combining advice on traditional assurance and more specific best practice advice on countering a targeted attack. The output is a report which details the measures that organisations should consider implementing if they want to improve their defences against the threat of targeted attacks (in particular), the difficulty in implementing those control measures and the degree of urgency with which these actions should be taken, based on projected risk reduction.
Context will then be able to show exactly where it can help and offer advice on other areas where it cannot offer direct assistance. Though Context is product and vendor agnostic, our consultants have experience of working with many different products and will be able to offer guidance on which products have performed well elsewhere. In some cases we may also be able to make introductions to the vendor or third party resellers in order that the client can deal with a trusted contact.