CyberDefence Vulnerability Scan service is designed to help you understand the risk that your business assets and applications are exposed to/from an external or internal perspective.
The service allows you to conduct a vulnerability analysis, threat modeling and phishing assessment on your critical assets in a simple, flexible, and timely manner.
This service provides you with comprehensive results to help you identify risk and determine remediation steps.
CyberDefence Vulnerability Scan Service is available as a two-week engagement with a choice of one of the following targets:
one (1) infrastructure set (up to 250 IP addresses).
one (1) web application.
This service includes the following:
- One vulnerability scan on pre-agreed target(s).
- Full scanning report in PDF format.
- Customer debrief session (up to two hours).
Software Supply Chain Attacks
Compromising software code through cyber attacks, insider threats, and other close access activities at any phase of the supply chain to infect an unsuspecting customer
Floxif / CCleaner: Floxif infected 2.2 million worldwide CCleaner customers with a backdoor. Attackers specifically targeted 18 companies and infected 40 computers to conduct espionage to gain access to Samsung, Sony, Asus, Intel, VMWare, O2, Singtel, Gauselmann, Dyn, Chunghwa and Fujitsu.
Security Awareness Program
Overall, the security awareness field is still very immature. The clear majority of security awareness professionals report their program activity as being only a portion of their job responsibilities.
While support for awareness programs continue to grow, finance and operations departments are reported to be the biggest blockers.
Vulnerabilities can be caused by a number of factors, including design and development flaws, misconfiguration, inadequate administrative or operational processes, other user errors, or unforeseen changes in the operating environment or threat landscape.
Software, hardware and online services are all susceptible to vulnerabilities and it is unlikely that vulnerabilities will ever be completely eradicated. Even if a system is sufficiently secure at launch, there is no guarantee it will remain that way. Deployment in a new context, interactions with new systems or development of new attack methods may uncover previously unknown vulnerabilities.
Stronger metrics are needed to quantify cybersecurity efforts and success
Only 21% of companies say that they heavily use metrics as part of their security efforts. As security moves from defensive tactics to proactive initiatives, metrics such as “percent of systems with formal risk assessment” and “percent of network traffic flagged as anomalous” can serve as measures of success or justification for further investment.
Adversaries are exploiting undefended gaps in security,
many of which stem from the expanding Internet of Things (IoT) and use of cloud services.
Breaches cause real economic damage to organizations, damage that can take months or years to resolve. According to study respondents, more than half (53 percent) of all attacks resulted in financial damages including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs
76% of breaches were financially motivated
Most cybercriminals are motivated by cold, hard cash. If there’s some way they can make money out of you, they will. That could mean stealing payment card data, personally identifiable information or your intellectual property. And they don’t care who they take it from. Ignore the stereotype of sophisticated cybercriminals targeting billion-dollar businesses. Most attacks are opportunistic and target not the wealthy or famous, but the unprepared.