Nora’s Home Risk Assessment Results

CyberSecurity Risk Assessment (CSRA)

What is a CSRA?

A Cybersecurity Risk Assessment or CSRA refers to the process of identifying, estimating, and prioritizing information security risks. A complete cybersecurity risk assessment should evaluate an organization’s IT infrastructure as well as its security-related policies and procedures.

What does your CSRA cover?
  • Discovery Consultation​
  • Install Remote Access & Monitoring Tools​
  • Scan for Personally Identifiable Information (“PII”)​
  • Internal / External Vulnerability Scans​
  • Phishing Simulation​
  • Dark Web Scan​
  • Evaluate Equipment and Infrastructure ​
  • Present Results and Recommendations​
Discovery Consultation:

Our CyberSecurity Discovery consultation explored and emphasized the need for the following:

  • Shared and identified industry best practices found in the NIST framework
  • Identified mission-critical networks, systems, and data
  • Considered the confidentiality, integrity, and availability needs of your IT assets
  • Round-tabled risk transference options 
  • Explored the need for:
    • Building a human firewall
    • IT & cyber-related policies & procedures
    • Cyber-related tools to help identify, protect, detect, respond, and recover
 

Remote Access Tools:

  • Enterprise firewall​
  • Network probe device​
  • Remote agents on endpoints

Data Discovery:

Are criminals working to crack your defenses?​​
Internal and External IDS/IPS:

Patches and Updates:

Phishing Simulation

Based upon Avanan’s Global Phish Report, Of 55.5 million total emails analyzed, 561,947 were phishing attacks. Researchers broke the malicious messages into four categories:

  • over half (50.7%) had malware,
  • 40.9% were harvesting credentials,
  • 8% were extortion emails, 
  • 0.4% were spear phishing attempts.​
Phishing Results:

Scan for Exposure to Known Vulnerabilities​

  • High-risk vulnerabilities are present on the network perimeters of 84% of all companies
  • With its huge store of personally identifiable information (PII) about policyholders, the non-profit industry has become an enticing target for cyber crime. Data breaches at non-profit companies over the last few years have exposed the personal information of over 100 million people

Is your network locked down?

Previous slide
Next slide

Dark Web Scan:

Statistics:

  • 80% of all consumers have had email information leaked on the dark web​
  • 70% of consumers have had their phone numbers compromised​
  • 10% have had driver’s license information leaked​
  • 7% of respondents said they have had their social security numbers leaked online​
Dark Web Results:
Dark Web Results

Hardware Assessment​:

The Value of Attack Surface Management:

  • Automate asset discovery, review, and remediation
  • Map all assets on a continuous basis
  • Quickly identify and disable shadow IT assets and other previously unknown assets
  • Eliminate known vulnerabilities such as weak passwords, misconfiguration, and outdated or unpatched software
Current:​
  • Last Gen Firewall with no security Subscriptions applied​
  • Managed network equipment in Multi Controllers​
  • OperationsMan & NorasShared PCs​
  • 10 + Years​
  • Windows 10​
  • NorasShared – Pentium G2030 Processor from 2013​
Recommendations:​
  • Managed Next Gen Unifi Firewall with all equipment in one controller​
  • Fully Replace both PCs with Application appropriate Hardware​

CyberSecurity Benchmarking​

  • 96% of organizations were targeted by an email-related phishing attempt.​
  • 75% – Ransomware has attacked three out of four organizations worldwide​
Overall Score from BT Baseline​
Employee Risk Breakdown from BT Baseline​

Nora’s Home Risk Assessment Summary:

  • Network is vulnerable to attacks
  • Data is at risk and must be encrypted
  • Recommend upgrading to a Next Gen Firewall
  • Establish industry best policies and procedures practices
  • Implement SETA program
  • Replace two aged systems
  • Deploy cyber tools that will actively defend and destroy against threats
  • Consider MCSRT
Have any questions or comments? Leave them down below!