Compromise Assessments are an unrivaled method of evaluating an organization’s cyber security posture. By verifying whether there are active threats existing within the network and eradicating them before they can cause damage, this service acts preemptively to identify and eradicate potential cyber incidents before they can occur. In Blackpanda’s experience, 91% of companies conducting their first Compromise Assessment have discovered active threats residing in their networks.
Cyber attackers often work undetected in a network for months or years, often entering through “legitimate” paths, setting off no alarms and leaving no trace of forced entry. Like a sniper, attackers lie in wait, gathering or exfiltrating confidential intel and building a profile of your business while looking for the perfect time to strike.
Compromise Assessments seek to find attackers who are currently positioned in an environment or that have been active in the recent past. The assessment process is akin to the steps that Blackpanda incident responders would take in the event of a breach; via an inside–out investigation and security audit of the organization’s internal environment, applications, infrastructures, and endpoints.
Compromise Assessments for Compliance
Compromise Assessments not only reduce the chances of your organization being hit by a devastating cyber attack. They can also assure clients that their data is being appropriately protected, and investors that their money is in safe hands. In fact, one of the biggest hidden costs of cyber breaches is reputational damage, as clients and partners may feel that the breached organisation is not trustworthy enough to adequately protect itself from cyber threats.
Additionally, in many countries around the world, conducting a Compromise Assessment is a legal requirement for certain industries including financial institutions, and is highly recommended for others.
For example, Singapore’s MAS TRM guidelines for financial institutions dedicate an entire section to threat hunting and incident response (2.2 Cyber Event Monitoring and Detection and 12.3 Cyber Incident Response and Management). MAS TRM directives in Singapore include strengthening system security and resiliency while deploying strong authentication processes to protect sensitive data. This can be achieved by implementing required security patches and conducting regular Compromise Assessments to address cyber vulnerabilities. We advise you to check with your local regulations on cyber security requirements for detailed information on cyber security requirements for your organization.
Do Small Businesses Need Compromise Assessments?
Cyber attacks are becoming more common. They are targeting organizations across all sectors and sizes, and small-medium enterprises (SMEs) and start-ups are getting hit especially hard. Research by insurance firm, Chubb, found that 93% of SMEs that experienced a cyber incident reported a severe impact to their business. For these reasons, start-ups and SMEs must develop their cyber security measures. Building their security will assist SMEs in maintaining confidence in the Asian and global markets while surviving in an ever-changing cyber-threat panorama.
Whilst a strong digital infrastructure and good cyber hygiene can protect organizations from up to 90% of cyber risks, they are not sufficient. Attackers are continuously working to find loopholes in the system, and a singular instance of negligence can severely compromise the cyber security of the company. Blackpanda’s cyber Compromise Assessment services for small businesses can help your organization improve its cyber security posture.
How Often Should You Perform a Compromise Assessment?
Global financial institutions have internal teams, just like Blackpanda’s, conducting Compromise Assessments on a daily basis, as their risk tolerance for being unaware of an active breach is essentially nil. For smaller companies which can assume a higher risk tolerance, compromise assessments can be conducted weekly, monthly, or even quarterly -- the decision regarding frequency is ultimately a financial cost-benefit analysis for each business.
Blackpanda recommends a minimum of quarterly Compromise Assessments for Asian businesses due to the average regional dwell time of 90 days, also known as the amount of time it takes for a victim to detect an active intrusion. Conducting Compromise Assessments on a quarterly basis helps victims to preempt an active breach instead of stumbling on it accidentally in a normal dwell time scenario. A compromise assessment results in a reduction of the damage otherwise to be inflicted.
Third-party Compromise Assessments are the gold standard, as they are objective and impartial, while limiting the possibility of an insider threat during the course of the operation.
Blackpanda’s experts are able to dig deeper than what is expected day-to-day in real-time monitoring. Additionally, the assessment brings tools and techniques like Digital Forensic Analysis and Behavior Analytics that are typically reserved for incident response. Investigators are better suited for detecting post-compromise activity. Compromise Assessments are an extremely effective defensive and in-depth measure an organization can use to discover any threats that made have made it past the first lines of defense.
Compromise Assessments are a key cyber security service, and every company should conduct a cyber compromise assessment at least once per quarter. This ensures that all active or potential threats in your network are addressed as soon as possible, minimizing attack dwell time and in turn reducing the chances that your organization is hit by a catastrophic cyber attack of the likes of the ones we have witnessed this year worldwide.
Blackpanda is Asia’s premier Digital Forensics and Incident Response provider. Our threat hunting specialists conduct bespoke Compromise Assessments for our APAC based clients on a daily basis. Blackpanda services are available ad hoc for urgent requests, or alternatively at a discounted rate for those who wish to purchase retained hours.