To Win, Wear Every Hat
Ransomware is one of the most persistent and relevant cybersecurity concerns of this age. While ransomware is not new, tactics are shifting. Formerly, threat actors would lock up data, making it inaccessible to victims unless a ransom was paid. Some chose to pay. Many didn’t, relying either on good backups or the belief that retrieving the hostage data wasn’t worth the cost or the risk of dealing with cybercriminals.
Today’s more targeted attacks exfiltrate data and leverage extortion techniques, increasing the pressure to pay ransoms. Victims often are left with the odious choice between paying – further increasing the adversary’s resources – or having their sensitive and precious data disclosed to the world.
At the same time, the ransomware-as-a-service market continues lowering the barrier to entry for less sophisticated actors while providing another revenue stream for ransomware authors. In this environment, protecting against ransomware means updating protection strategies to meet the evolving threat.
For more secure results, customer must shrink attack surfaces, identify and analyze possible threats, modernize tools, assess policies and procedures, and test, test, test.
Structured offers the following threat and attack simulation services to probe existing defenses for weaknesses so that they can be remediated.
Structured offers penetration testing services based on industry standards such as NIST SP 800-115 and other framework-specific requirements. This includes testing in white/gray/black box formats, and for the internal and/or external environments. The penetration test verifies compliance-required segmentation of network infrastructure.
The social engineering portion of testing comprises phishing attacks to end users, vishing (voice phishing) attacks to IT functions and end users, and physical entry testing to verify facility controls. Strict adherence to documented Rules of Engagement agreements is maintained at all times.
Identifying and properly remediating vulnerabilities is a critical part of a robust security program. Structured GRC engineers assist with scanning techniques and deploy tools that track and manage vulnerabilities over time. Vulnerability assessments cover required methodologies such as network discovery, port and service identification, vulnerability scanning, and wireless testing.
Structured Professional Spotlight
Rob Wayt, Director of Governance & Compliance, CISSP-ISSEP, HCISPP, CISA, CISM, CRISC, CEH, QSA, CDPSE
As Director of Governance & Compliance for Structured, Rob applies his 25 years of critical experience in IT security, compliance and networking to design and implement comprehensive security programs, focusing particularly on compliance assessment and audits. With core competencies in PCI, HIPAA, ISO 27001, FIPS/FISMA, FERC/NERC CIP, FERPA, GLBA/FFEIC/NCUA and Governance, Risk and Compliance (GRC) solutions, Rob is an incredible asset both to Structured and to its customers.
But while it’s clear he has a slight interest in GRC, he’s hardly one-dimensional. Rob also is an avid cyclist and outdoor enthusiast who enjoys life wherever it takes him. For 26 years it was Japan, but he and his family currently reside in Alaska.