Computer IT Security Audits, Data Loss Detection, Phishing & Vishing Prevention
Preventative measures across people, process, and technology are essential to enable a constant state of vigilance, accountability and protection. These measures however must not be supported in their entirety by technological means but must be supported by robust process and organizational awareness. Social engineering for example is perhaps one of the most effective ways of thwarting an organization’s technology protections and without established protocols sensitive information can be exposed.
A variety of organizations, their client bases, and individuals are targeted through sophisticated phishing, vishing and other complex scams. Technology provides the means for criminals to defraud people and the organizations they work for. The telephone while in existence for many decades has enabled determined criminal to defraud information rich companies out of billions in assets. This includes theft by funds transfers, wire theft, identity theft, credit card theft, the list goes on. How does the organization protect itself when there are people who front their technology?
While many organizations believe technology based solutions protect their organization they are mistaken. Technology in itself provides very limited protection and is often though of in terms of prevention. It is technically impossible to prevent all attacks.
What is most important is the detection of anomalous behavior. Good detection methodologies enable the organization to identify in the near term that the organization is under attack or has been breached. Every major reported compromise has been long term in nature and has led to significant business challenges through cost of clean up and loss of or damage to critical assets. The Pentagon identified recently that it spent $100M in 6 months to clean up from attacks. That certainly does not include the cost of lost national security secrets and weapons based technology, and intellectual property.
Preventative solutions delivered by Information Defense include:
- Organizational Security Program Development
- Technology Based Strategy and Security Assessment
- Application Development Strategy and Assessment
- Social Threat Based Assessments
- Anomalous Activity Detection Strategy and Architecture
- Penetration “Red Team” Assessment