In today’s increasingly connected world, your organization faces a number of high-security risks. Identity theft, network hacking and ransomware could occur any time and expose your company’s vital information.
BKD’s cybersecurity team can help your organization develop a plan to protect against unforeseen attacks. Whether you want to prepare for the worst, respond to a breach or remedy weaknesses in your systems, BKD can assist.
Cybersecurity Risk Assessment
A cybersecurity risk assessment is the foundation of a strong cybersecurity program. Without a good understanding of your cybersecurity governance, processes and technology, you risk giving cybercriminals the keys to your critical information assets.
A cybersecurity risk assessment identifies possible threats to your business. Our process addresses cybersecurity risk in the context of business risk and uses generally accepted frameworks such as National Institute of Standards and Technology Cybersecurity Framework, ISO 27001, Federal Financial Institutions Examination Council, etc. The assessment includes:
- Analyzing critical assets that store or transmit sensitive data (data-flow analysis)
- Identifying security requirements and potential threats
- Determining infrastructure, systems and process vulnerabilities
- Identifying process maturity and implementation status
Advanced Threat & Vulnerability Testing
We help identify vulnerabilities and weaknesses in your network that can subject your information assets to hacking. We apply tools and techniques commonly used by hackers, identity thieves and disgruntled employees. Depending on your needs, we may perform these tests:
- Network Scanning – Port scanners determine existing devices, open ports and services operating on these ports—a beginning step for full penetration testing.
- Vulnerability Scanning – Network hosts, services, operating systems, applications and related vulnerabilities are located using a highly automated scan based on a database of vulnerabilities.
- Penetration Testing – Network and vulnerability scanning are combined with the human element of verification of vulnerabilities—a process that emulates a true hacking approach. External penetration testing simulates internet-based attacks while internal penetration testing simulates attacks by disgruntled individuals who breach your network’s perimeter defenses.
Advanced Social Engineering
Social engineering—often referred to as one of the greatest security risks—is the practice of obtaining confidential information through user manipulation.
Our team helps you prepare for these types of attacks with simulated pretext phone calling, spoofing, phishing and physical access attempts and the use of malware and counterfeit websites for security testing. We assist you in evaluating your organization’s security posture, testing your incident response plan and raising employee awareness.
Our incident response service typically involves using digital forensic technologies and procedures to assess the attack and determine its origin. This may include an assessment of whether employees inadvertently—or even intentionally—assisted with the attack. The incident response team also will test for the possibility that data was exfiltrated during the breach. Steps you can take to contain the breach and determine its scope include:
- Isolating the affected system to prevent further release of data or encryption in the case of a ransomware attack
- Reviewing/activating auditing software
- Preserving pertinent system logs
- Creating backup copies of altered files for secure keeping
- Identifying systems that connect to the affected system
- Preserving affected systems such as personal computers and servers for investigation
- Retaining an external forensic expert to assist the investigation
- Documenting conversations with law enforcement and taking necessary steps to restore the system’s integrity
Each breach is different and may require some or all of these steps. The key to a successful response is to effectively deploy the procedures once the breach has been discovered. This will help reduce the potential loss and preserve evidence needed to examine the breach.
Incident Analysis & Investigation
BKD’s cyberforensics professionals extract and analyze physical and digital evidence to help identify and document key incident information, e.g., date, time, cyber actors (insider versus outsider), threat actor tactics, techniques and affected systems and accounts or data. Our investigations involve analysis of computer activity logging controls to help determine accessed, infiltrated or removed data. This is followed by an in-depth examination to help determine the extent and nature of compromised data, e.g., personally identifiable or protected health information and other confidential or proprietary information, such as trade secrets.
Business Continuity Resilience (BCR)
Preparing for a crisis could mean the difference between the survival and failure of your business. We help your organization develop a plan that will help you recover your business operations if adverse events occur. Our consultants help lead you through these steps:
- Identify critical business processes, key employees and other vital resources
- Identify threats and their likelihood
- Assess business effect of threats
- Develop strategies to mitigate and recover from a disaster
- Educate employees through training and exercise
- Periodically review, test and update the plan
Depending on the nature of the breach and vulnerabilities identified, BKD can help your organization address unmet needs, e.g., creating policies and procedures or developing user awareness programs and conducting training.
Chief Information Security Officer (CISO) Services
Faced with the seemingly overwhelming task of protecting an enterprise from cybersecurity attacks, management may not be sure where to begin. BKD’s chief information security officer (CISO) advisory services can help organizations jump-start their cybersecurity program by identifying and prioritizing potential risks as well as developing a robust security plan.
Building on a cybersecurity risk assessment, experienced BKD personnel can help the management team:
- Create a cybersecurity plan to address the identified risks and exposures and establish institutional awareness and a shared commitment to protect information. This planning encompasses a range of activities:
- Review existing documentation
- Define the scope and boundaries of the information technology (IT) security plan
- Identify and document key roles and responsibilities to support IT security
- Create required documentation and reports
- Develop a remediation implementation plan
- Deliver an executive briefing of the plan
- Identify reasonable, cost-effective solutions to remediate risks from the cybersecurity risk assessment
- Provide recommendations for setting and maintaining standards and practices to manage the confidentiality, availability and integrity of assets and data
- Provide guidance regarding prioritization of infrastructure investments that affect information security
- Share knowledgeable, timely guidance on IT and cybersecurity risk matters. The individual will have the expertise to help provide an independent perspective, free from service provider or vendor bias and influence.