So many smaller businesses ask themselves the question – why would anyone want to target me in cyber attack. The truth is, they probably wouldn’t. But that doesn’t mean they won’t be caught up in an attack aimed at identifying companies that have so much more to lose – and with, potentially, equally devastating effects.
Cysiam was founded by three individuals with more than 70 years’ combined experience in defence and national security environments. Cyber security specialist David Allan, after a career working in national security and defence, teamed up with commercial expert James Kench and business strategist Steve Lancaster to create the new business.
Still offering capacity building services to large organisations like the Foreign and Commonwealth Development Office, Cysiam’s stated aims also include protecting companies and organisations of all sizes across the globe so that they can operate without fear from the growing threat of cyber crime.
David Allan said:
“We live in an information age where freedom to do business and prosper is dependent upon resilient and secure digital technology. Our backgrounds mean that we understand the critical interdependencies between the running of an organisation and the technology that makes it possible.
“So often we hear businesses say that they don’t feel they are under threat from cyber crime, they think the criminals won’t be interested in them. In a way, that’s true, but cyber criminals are often not individuals, sitting at a keyboard, targeting those who do have lots to lose.
“More often, systems are running automated scripts that pick up any vulnerable device on the internet and try to access company data. They are looking for high value victims, but that doesn’t mean you won’t get caught up in the attack and find yourself compromised.”
While automated phishing attacks are not particularly sophisticated, they are the number one initial access method that lead to data breaches, and the criminal groups behind these campaigns are sophisticated organisations with efficient dark economies supporting their activity.
No system is 100% safe, but what businesses can do is put in place the best possible protection that identifies unusual activity and threats and acts immediately to limit the damage.
- The Cysiam programme involves identifying, protecting, monitoring and responding to risk.
- Identify – by carrying out an audit to understand vulnerabilities and then advising clients on what systems they should have in place, prioritising the particular needs of that business.
- Protect – based on the identify phase, implementing the security controls that are needed build business resilience.
- Monitor – 24-hour security monitoring proactively identifies potential cyber attacks.
- Respond – where threats are identified, security experts act to prevent attack and find the root cause of the problem.
Where a business is not a client, there’s the Cysiam instant emergency response plan, where the monitoring, hunting and response team can be called into action to detect anomalous behaviour, minimise harm, and work with client to restore business as usual as quickly as possible. But the fact remains that organisational resilience to attack is the best response to threat. When working with Cysiam, clients are reassured that their assets are protected, and their business is ready at all times.
“We aren’t in the business of selling security products to people, we are more of an outsourced cyber security partner. We only work with organisations that recognise the cyber threat from the top down and know that there is a need to build in resilience. We’re expert security consultants, who understand business operations first and foremost, not just tech people. We devise systems that assess and monitor, backed up by expertise in digital forensics, so that our clients are assured their protection is appropriate for the threat they face.
“If a business believes it is enough to have security in place and leave it to do its job, they are leaving themselves vulnerable. So, part of our service is to simulate an attack to test security assumptions. We try to break into clients’ systems, sometimes digitally, sometimes physically, just to see how vulnerable they are. If we can get in, so can cyber criminals. Once they know those vulnerabilities, they will see the value of proper protection.
“Businesses should approach security on the basis that if you are managing your security well, then your business will be more efficient and grow faster, because you are not suffering downtime and disruption because of attacks.”
Nothing is 100% secure so focusing on business resilience is key, prepare for the worst but plan for the best. Having a security partner like Cysiam enables organisations to focus on their business, knowing they have the world’s best security experts protecting their operations and allowing them to confidently prosper in the digital age.