You have to know what you have in order to protect it. We look at physical and virtual “assets:” data, hardware and software that have a “positive economic value”–things that cost money.
How critical are these assets to your computers and networks? How much revenue do they affect or generate? What would happen if the asset was no longer available? We label assets in the analysis on a scale of importance from 1 to 5 being highest.
What are your organization’s structural flaws and weaknesses? Tech Kahunas uncover these weaknesses (“vulnerabilities”) in your current security. How effective are your current safeguards? What weaknesses still exist despite them? Tech Kahunas captures a picture of your network’s and data’s security.
Every asset will be measured for multiple vulnerabilities and we test your cybersecurity with industry-standard tools. We have diverse backgrounds and our experience enables us to consider all the weaknesses specific to your organization.
What malicious forces are out there? What are the human or environmental threats to your assets? What types of attackers might there be?
We look at everything.
So when we look at the vulnerabilities and threats, we determine what dangers an asset may face. Both a threat and a vulnerability must be present in order for them to be a “risk” to your organization. What is the likelihood that the vulnerability would be exploited? What would happen to your organization if the attack occurred? We assign likelihood and impact ratings for the risk. Then we score your total risk with a “risk rating.”
(TECHIE STUFF: We use the well-known equation Risk = Threat x Vulnerability.)
We repeat our assessment after every change to your networks and systems, and at the end of every quarter. As an objective 3rd party, we also may find risks our clients overlooked and perform official security compliance audits as well.
So, what to do about the risks? Realize that not every risk can be entirely eliminated. The question is, how much risk can you tolerate? Time and money are involved; some risks must also simply be accepted.
We know the likelihood and impact of the risks we find. Then we develop a custom set of hardware, software, practices and configurations to bolster your security and reduce your risk to acceptable levels.
Don’t worry. We have years of this.
Our free cybersecurity guide will tell you what the state of cybersecurity was in 2022, which companies didn’t make it, and what’s on the horizon in 2023 and beyond.