Cyber Vigilance

Information system security assessment

In-depth professional knowledge of defensive and offensive security approaches is essential in the fight against the growing risk of cyber-attacks, as evidenced by the annual increase in cyber incidents. Most organizations do not have the capabilities to simulate the actions of an attacker in-house. Our approach to security assessment is based on manufacturers’ best practices, backed up with well-established security testing techniques.

Security testing subjects a system’s configurations to intense scrutiny and simulates an attack to detect risks. Deloitte offers Information System Security Assessment, significantly lowering the risk of cyber incidents and the potential costs of an attack as it covers the vast majority of vectors, their exploitation, and attacker strategies.

Web application security assessment

Web technologies are constantly adapting to the latest technical innovations, exposing corporate web resources to major risks that could lead to a full-system compromise or enable advanced attackers to use compromised web applications against third parties as part of a watering hole strategy .

Logic and implementation flaws as well as the use of components with known vulnerabilities are threats that could result in significant losses. These threats can only be mitigated by conducting a comprehensive security assessment of web applications with industry-standard methodologies such as The Open Web Application Security Project methodology an area in which we have extensive experience.

Assessment of personnel’s cyber security awareness (social engineering)

Statistics show that people are often the ‘entry point’ for attackers in financially damaging cyber security incidents. The human factor has an indirect but significant impact on the strength of information security.

Advanced persistent threats are most often aimed at stealing money or sensitive data and can inflict irreparable financial damage. Human carelessness, negligence and lack of awareness are key reasons for the increase in the number of targeted incidents.

We offer a range of services to eliminate the risk of successful social engineering attacks. These include gathering information about company employees from publicly available sources, working out the most effective attack vectors and how they could be implemented, testing ways of bypassing the spam filter, creating mass or targeted phishing emails for various scenarios, as well as developing training activities and interactive exercises for employees.

Cyber threat footprint

All companies process various types of sensitive and confidential information. Clients, partners, regulators, shareholders and the board of directors rely on their organization’s ability to effectively ensure that this kind of data is properly protected.

We offer risk assessments based on open-source intelligence. Our approach makes use of advanced search, gathering and processing technologies for information available on open sources to identify information leaks and security risks.

Penetration testing

Although most attack vectors are covered by various technical solutions, some can still slip under a company’s radar.

Our team of specialists has wide-ranging experience conducting penetration testing and includes winners from the prestigious PHDays ethical hacking contest in 2018.

Our approach focuses on identifying the most probable attack vectors and verifying the threats behind them.

Red teaming

Boosting information security, creating an effective and well-established security system and security commands will guarantee a significant reduction in incidents and follow up financial losses.

The creation of a truly successful information security framework requires the systematic and independent assessment of all the components within the system.  

Our services aim to assess intrusion detection, breach containment and the incident response time by selecting the strongest attack vectors, simulating the most realistic and covert attacks and compromising the most critical information systems.