Cyber-securityConsulting, Training Courses and Certification Exam Preparation
If you think that you are protected, then you are most probably vulnerable
The Wannacry ransomware attack proved us again how the human factor coupled with the vulnerabilities inherent to the information systems can cause tremendous damage to the worldwide digital economy.
The schema used is not revolutionary and is based on a conjunction of known techniques.
- Exploiting a vulnerability that has been discovered but not patched by the software or hardware vendor
- Using the human factor weakness to activate the malware on the operating system
- Having access to the low level system instructions that enables the total encryption of the data stored on the system.
- Using worms to facilitate the light speed propagation of the attack on the network of the victims
- Using the darknet mechanisms in order to receive the ransom via bitcoin
With the scenario described above, the victims are, in the vast majority of cases, disarmed, especially if they were not prepared via security awareness campaigns and if the CIO and CSO did not implement adequate preventive, detective and corrective controls.
Since the beginning of the attack more than 150 countries have been hit by Wannacry and the damages to the worldwide economy can easily estimated to billions of dollars, if we consider the business interruptions caused to thousands of companies worldwide.
In order to reduce the probability and the impact of such events, companies should reinforce the awareness level of their users and patch their systems in a frequent and systematic way. Last but not least, a well designed and implemented business continuity architecture, would permit the enterprises and users to recover their information systems and data to a coherent state, as they were just before the attack.
We should all be reminded that we are in a field where never ending battles will probably continue forcing us to be better and better prepared for the future evolutions of more and more sophisticated threats.
The human factor will always be the biggest vulnerability that the attackers will exploit. And the major area where security can be improved.
Wannacry screen seen by the victims of the cyber-attack.
Jeff Primus, CEO of ACTAGIS, was interviewed on this subject for the show “Toutes Taxes Comprises”, aired on the RTS on 15 May 2017 (in French).
What can ACTAGIS do for you?
Secure your business in alignment with the stakeholders needs and augment your level of protect in a proactive way.
- Strategy creation
- Security Management System
- Security Dashboard
- Training & Awareness
- Packaged security services
- CSO, CISO services
Information Security Management System
Ensure a rapid recovery of your critical business functions and preserve your competitive advantage in case of a disaster.
- Business Continuity Plan
- Disaster Recovery Plan
- Pandemic Plan
- DRP Architecture
- RFP process
- BC Manager Services
Business Continuity planning
CISM is the only globally recognized certification in the fields of IS management and governance. It has earned a great reputation internationally for many years, as it sets a high and consistent standard worldwide. The CISM Job Practice Area consists of five “domains”, 37 “tasks” and 60 “knowledge statements”. Because the different tasks refer to the relevant COBIT processes, COBIT is an integral part of the CISM training and certification. This training is organized by ACTAGIS SA in collaboration with Swiss Chapter of ISACA (www.isaca.ch).
This 5-day training is composed of theory modules covering the 8 CISSP domains which were updated in April 2015, interlaced with exam questions, offering the participant an optimal preparation for the certification exam.
This is a 5 days course (with a choice between the “Foundation” and “Architecture” modules), which combines the SABSA levels L1 and L2. For more information on this topic: Download the SABSA flyer (PDF) here.