How comfortable are you with your current level of protection from hackers and internal fraud?

Good day! As you may know from my profile, I have begun my new professional challenge as an Account Executive with the Sikich Cybersecurity Services sales team. I would like to take some time now to explain who we are and what we do.  This is a bit of a long post, so grab a cup of coffee (“A Cup o’ Joe”) and have a read.  I encourage you to contact me any time to discuss your company’s cybersecurity posture or to pass this along to those in your organization who would find this of interest.

Today, it’s not a matter of if your network will be attacked, but when.  In fact, many companies have already been breached and do not know it yet. It takes the average mid-market organization nearly seven months to even learn of a breach in their network.  Furthermore, it is usually discovered by third parties and not internally identified. This time between the initial breach and its discovery is known as the MTTD or “Mean Time to Detect”.  The lower an organization’s MTTD, the more likely they are to limit any damage done by a cyberattack. The higher the MTTD, the harder it becomes.  To repeat:  How comfortable are you with your company’s current level of protection from hackers and internal fraud?

We at Sikich Cybersecurity Services are dedicated to assisting our clients in strengthening their cybersecurity posture through security consulting, fraud management, risk mitigation, and vulnerability detection and prevention.  Allow me to take you through the highlights of what we do…

IT Security and Risk Assessments

This is usually the first service that is recommended and provides a baseline of intelligence about your environment.  The assessment reviews your network architecture, security controls, policies, and procedures to help identify key areas of risk and how these areas could potentially be targeted.  It is often thought of as a security roadmap for future security initiatives.  Our assessment incorporates risk areas beyond the scope of security testing related to procedure and policies within the organization.  It helps to identify gaps between your practices and industry standard best practices and compliance requirements.  A risk assessment can be an effective budgeting tool to achieve the most effective use of approved spending.

Compliance Assessment

Speaking of compliance, there is a veritable “alphabet soup” of industry standards and government regulations that many companies must be in line with. (e.g., PCI DSS, HIPAA, GDPR, GLBA, FFIEC, DFARS, NIST, etc. etc. etc.)  Our security and compliance team can help with any of these.  These assessments are like financial audits, complete with on-site visits, work paper collection, and reporting. We take our clients through the process from start to finish.  These are not pass/fail audits – we include remediation services.

Vulnerability Scanning

External vulnerability scanning is an automated scan of the public-facing components of a network known for vulnerabilities.  Think of this as like the anti-virus you run on laptop, except that it scans your IP addresses and web hosts.  (An analogy:  If your network was a house, a vulnerability scan is like going to every door and window around the house to make sure they are all locked.)  Scans are typically performed monthly or quarterly and are typically done in a single day.  Our scanning service includes a review of the findings to confirm the information and eliminate false positives. (For those of you who need to be PCI compliant, Sikich is an Approved Scanning Vendor (ASV), certified by the Payment Card Industry Security Standards Council.)  Vulnerability scanning does not include exploit attempts or attack simulations on your network - it is not Penetration Testing and should never be portrayed that way.  

Penetration Testing

OK, then what is Penetration Testing (“Pen Test”)? A Pen Test is a manual engagement that simulates a hacker or other threat attacking your network. Think “ethical hacking”.  The human element is key: it tests the exploitability of potential vulnerabilities in your system.  It identifies the risk areas that automated scans cannot identify. Typically, Pen Tests are performed semi-annually or annually and take an average of several weeks to complete.  They can include a variety of attack simulations, including:

• External network testing
• Internal network testing
• Web application testing
• Wireless network testing
• Social engineering

Once the testing is complete, Sikich provides a thorough report on our findings and remediation suggestions.  We also include a free re-test with 30 days to ensure that those vulnerabilities were addressed.  

Back to that house analogy:  If Vulnerability Scanning is like going up to each door and window of the house to make sure they are all locked, then Penetration Testing is like trying to break into the house and seeing how much of the inside you get move around in and potentially steal things.

Forensics and Incident Response

So far, I’ve discussed analysis, preparedness, and prevention.  Sikich Cybersecurity also provides valuable services after an incident occurs.  Response time is critical.  We provide a dedicated incident response team and can offer additional support resources when needed. Sikich is also one of only a dozen companies in the U.S. that is a PCI Forensic Investigator (PFI).  We provide incident response retainers that provide access to robust and affordable Service Level Agreements that include industry best practices.

Outsourced CISO

This service is perfect for SMBs and mid-market organizations if you have not focused on security in the past. Sikich will become a true security partner and can lead you and your team in improving your overall cybersecurity posture by

• helping choose security tools
• leading your team in implementing best practices
• providing security awareness training to your staff
• providing updates on your security posture to your company’s executive and board members
• including time-and-materials consulting in order to work on other security-related items.

With Sikich, you can choose from a menu of services that can fit budgets as low as $10K / year.

I trust you made it through this before your coffee got cold!  Don’t hesitate to call me at (423) 241-6295 or email me at joe.gaeta@sikich.com.  Additionally, you can schedule a meeting with me here.  I’d love to learn about your organization and to recommend ways that the Sikich team can help.

Thank you.