CyberSecurity Risk Assessment (CSRA)
What is a CSRA?
A Cybersecurity Risk Assessment or CSRA refers to the process of identifying, estimating, and prioritizing information security risks. A complete cybersecurity risk assessment should evaluate an organization’s IT infrastructure as well as its security-related policies and procedures.
What does your CSRA cover?
- Discovery Consultation
- Install Remote Access & Monitoring Tools
- Scan for Personally Identifiable Information (“PII”)
- Internal / External Vulnerability Scans
- Phishing Simulation
- Dark Web Scan
- Evaluate Equipment and Infrastructure
- Present Results and Recommendations
Discovery Consultation:
Our CyberSecurity Discovery consultation explored and emphasized the need for the following:
- Shared and identified industry best practices found in the NIST framework
- Identified mission-critical networks, systems, and data
- Considered the confidentiality, integrity, and availability needs of your IT assets
- Round-tabled risk transference options
- Explored the need for:
- Building a human firewall
- IT & cyber-related policies & procedures
- Cyber-related tools to help identify, protect, detect, respond, and recover
Remote Access Tools:
- Enterprise firewall
- Network probe device
- Remote agents on endpoints
Data Discovery:
Are criminals working to crack your defenses?
Internal and External IDS/IPS:
Patches and Updates:
Phishing Simulation
Based upon Avanan’s Global Phish Report, Of 55.5 million total emails analyzed, 561,947 were phishing attacks. Researchers broke the malicious messages into four categories:
- over half (50.7%) had malware,
- 40.9% were harvesting credentials,
- 8% were extortion emails,
- 0.4% were spear phishing attempts.
Phishing Results:
Scan for Exposure to Known Vulnerabilities
- High-risk vulnerabilities are present on the network perimeters of 84% of all companies
- With its huge store of personally identifiable information (PII) about policyholders, the non-profit industry has become an enticing target for cyber crime. Data breaches at non-profit companies over the last few years have exposed the personal information of over 100 million people
Is your network locked down?
Previous slide
Next slide
Dark Web Scan:
Statistics:
- 80% of all consumers have had email information leaked on the dark web
- 70% of consumers have had their phone numbers compromised
- 10% have had driver’s license information leaked
- 7% of respondents said they have had their social security numbers leaked online
Dark Web Results:
Hardware Assessment:
The Value of Attack Surface Management:
- Automate asset discovery, review, and remediation
- Map all assets on a continuous basis
- Quickly identify and disable shadow IT assets and other previously unknown assets
- Eliminate known vulnerabilities such as weak passwords, misconfiguration, and outdated or unpatched software
Current:
- Last Gen Firewall with no security Subscriptions applied
- Managed network equipment in Multi Controllers
- OperationsMan & NorasShared PCs
- 10 + Years
- Windows 10
- NorasShared – Pentium G2030 Processor from 2013
Recommendations:
- Managed Next Gen Unifi Firewall with all equipment in one controller
- Fully Replace both PCs with Application appropriate Hardware
CyberSecurity Benchmarking
- 96% of organizations were targeted by an email-related phishing attempt.
- 75% – Ransomware has attacked three out of four organizations worldwide
Overall Score from BT Baseline
Employee Risk Breakdown from BT Baseline
Nora’s Home Risk Assessment Summary:
- Network is vulnerable to attacks
- Data is at risk and must be encrypted
- Recommend upgrading to a Next Gen Firewall
- Establish industry best policies and procedures practices
- Implement SETA program
- Replace two aged systems
- Deploy cyber tools that will actively defend and destroy against threats
- Consider MCSRT