News & Updates

Sign up to be the first to be informed of our news & updates

 

Join our mailing list

Never miss an update

Search

So, what is ransomware?


"Ransomware is malware that employs encryption to hold a victim's information at ransom. A user or organisation's critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access." McAfee


Attackers are now doubling down on this by stealing your business data before alerting you. Then, even if you can recover from backups they can still extort a ransom not to release your organisational and private data to the public.


Ok, so your data is now being held for a financial ransom. What a difficult situation, but it doesn't end there... what are the other implications of this hostile attack?


Aside from the financial ransomware demand and inconvenience of losing your client and business data and potentially having it made public, other elements to consider which elevate the cost of the attack include:


💰 Operational downtime - often 2 days & the long tail to full recovery

💰 Penalties for unmet contractual obligations for existing clients

💰 Fines for non-compliance

💰 Angry customers leaving your business - loss of trust

💰 Damage to brand image

💰 Lost sales opportunities due to diminished trust

💰 The huge expense of attack incident response & data recovery


gif

And the final cost here takes us full circle to the cost of implementing the security controls, policies, procedures and allocating a sufficient security budget which could have prevented the attack in the first place. Having these in-place will greatly reduce the risk and impact of such an attack recurring.


A sobering read wouldn't you agree?


Prevention takes time, planning and effort but is so much easier and cost effective than mopping up the after effects.





8 views0 comments

CREST Accreditation


Fortis is delighted to announce that we have recently become a CREST accredited penetration testing company. After a rigorous application process that assesses virtually every aspect of our business and validates the knowledge, skills, and experience of our team, we are now officially recognised as a leading provider of penetration testing services.


What is CREST?


CREST is a not-for-profit accreditation and certification body that represents the technical information security industry and was established in response to the need for more regulated professional services. It is now a globally recognised cyber assurance body for the technical security industry, covering a variety of information security services, including penetration testing.



gif

Why should you choose a CREST-accredited service provider?


A quick search of the web will produce a list of numerous providers offering pen testing services. The big question is how do you choose between them, and which ones are reputable and trusted partners who consistently deliver high quality services using suitably qualified and experienced security professionals?


All CREST accredited companies undergo a comprehensive application process with everything from security testing methodologies, resources and reporting to information sharing and data storage independently assessed by CREST. Therefore, choosing an accredited company for pen testing gives you the added assurance that all their policies, procedures and processes have undergone an independent and verifiable third-party assessment. You can also be certain that the services will be carried out using best practice and proven methodologies to ensure you have the necessary controls in place to identify vulnerabilities and prevent breaches and attacks.

CREST members are regularly updated with industry-leading guidance and developments, so as the threat landscape evolves and cyber-attacks become more sophisticated you can be confident that you are working with highly-qualified individuals with up to date knowledge and skills, and the competence to deal with both the new techniques used by real world attackers and the latest vulnerabilities.


The CREST code of conduct provides additional assurance that the company operates within the confines of a regulated industry and that you will receive a high-quality level of service, delivered in an ethical and professional manner.


CREST accreditation quickly and easily identifies your chosen provider’s commitment to robust and comprehensive security testing and, as a globally recognised body, working with a CREST accredited company gives your business greater international credibility. Using CREST accredited pen testers will also build trust and confidence in your company and reassure existing and potential customers that you take your responsibility to safeguard their confidential and privileged information seriously, further enhancing you reputation. In fact, using CREST pen testers is increasingly becoming a standard requirement in many highly regulated sectors.


In short, by working with a CREST accredited penetration testing company you ensure you are engaging a trusted, experienced, and professional organisation that undergoes regular and stringent assessment to give you complete confidence in your chosen provider.


Fortis’ comprehensive range of penetration testing services enables clients to identify, assess, and prioritise vulnerabilities and security flaws across their applications, APIs, platforms and infrastructure and our team of security professionals are skilled and experienced in identifying and mitigating vulnerabilities in even the most complex and sophisticated IT environments.



ISO/IEC 27001 is the international standard for information security management systems (ISMS) and was developed to help companies of all sizes, in any industry and virtually any country, systematically secure their confidential and business critical data. The framework helps organisations to implement a robust approach to information security and introduces controls across people (education and training), process (policies and procedures) and technology (systems and software) to effectively manage and mitigate risk and safeguard information assets.


gif

So why should companies take the time to invest in ISO/IEC 27001 certification? Here we look at some of the major benefits:


  • Peace of mind – certification ensures all your company’s confidential data is secure, which may include financial records, intellectual property, and other commercially sensitive information, as well as employee and customer records.


  • Globally recognised - with 165 member countries, ISO 27001 certification is recognised all around the world and quickly and easily demonstrates your organisation’s commitment to information security.


  • Compliance - there are a growing number of complex laws and regulations relating to information security and the threat of prosecution and/or huge fines for non-compliance is very real. ISO 27001 gives you the ideal framework to help your organisation manage its regulatory and legal requirements and stay compliant.


  • Enhances reputation - certification builds trust and confidence in your company and reassures existing or potential customers and stakeholders that you are committed to safeguarding their information, as well as other business critical and confidential data.


  • Competitive advantage - the additional credibility that certification brings can increase commercial opportunities and help your company win additional business and new customers from competitors who are not certified.


  • Greater security awareness - a joint ‘Psychology of Human Error’ survey by Stanford University and Tessian found that 88% of data breaches were caused by human error, 43% of employees had made a mistake that compromised cybersecurity and 25% of employees had clicked on a phishing email at work. Incidents such as these can have serious consequences for any business; however, ISO 27001 certification means far greater information security awareness amongst staff, which reduces the likelihood of an incident occurring in the first place.


  • Cost savings – the aim of ISO 27001 is to implement a robust ISMS to prevent security incidents from happening and with one survey reporting the average cost of a breach as $3.86 million in 2020 (https://www.ibm.com/security/data-breach) the cost of implementing ISO 27001 is likely to be minimal when compared to the potential financial impact of a breach.


  • Efficiency - business operations are streamlined as policies and procedures are all clearly defined and documented. In addition, by reducing the number of incidents the overall disruption to day-to-day operations is minimised.


  • Futureproofing – the framework helps your business to continually review potential risks and weaknesses and implement appropriate controls that improve the way you manage your organisation’s information security.


The breadth of the Fortis service portfolio enables us to offer a variety of information security and risk management solutions and helping our clients to achieve the information security compliance standards they need to operate with confidence is just one of the areas in which we specialise.


From a simple one-off gap analysis against the ISO/IEC 27001 standard, through to complex multi-standard integrated management systems, Fortis offers comprehensive certification services that can be tailored to suit your organisation’s specific requirements. For more information about how Fortis can help protect your business please contact enquiries@fortiscyber.co.uk



22 views0 comments