Cyber security

Prevention is always cheaper than repairing damage

CYBER THREATS ARE AN INTEGRAL PART OF THE DIGITAL WORLD

94% of companies in the Czech Republic faced a cyber attack in 2019

In 2019, NUKIB (National Cyber and Information Security Agency) investigated 8,417 cases of attack

Cyber crime caused $ 6 trillion in damage in 2019

The number of cyber attacks is increasing by more than 20% per year

With the ever-advancing digitization of structures, the advent of fast 5G networks and the ever-increasing dependence on digital technologies, the danger of this modernization is naturally on the rise.

The issue of cyber security has become a completely independent and highly specialized technical discipline, whose primary task is to protect the digital environment of the target organization.

Contact us, we will be happy to help you choose the right solution.

CYBER SECURITY AUDIT

The cyber security audit serves to determine the degree of threat to the organization from current and future digital risks, reveals vulnerabilities in internal systems and examines the policy of cyber security management in the client’s environment.

The result of the audit of cyber risks is a summary report on the state of cyber security of the organization containing, in addition to a list of identified threats, also methodological instructions for their reduction or complete elimination.

Due to the different requirements and levels of cyber security in different organizations, we offer three levels of cyber risk audit – Primary, Structural and In-Depth. In specific cases, the audit can also be set individually.

EXAMPLES OF SUCCESSFUL CYBER ATTACKS

Electronic Signature Compromise – An attacker was able to compromise the victim’s account using a phishing attack. He used this account to install monitoring and remote control software in the device.

Subsequently, the attacker discovered an electronic signature certificate in the device, through which he sent several requests for the re-issue of new documents due to loss / theft, and had them issued to a white horse. Consequently, with the help of these documents, he arranged non-bank loans in the total amount of approx. CZK 3,800,000 (app. EUR 149 171).

EXAMPLES OF SUCCESSFUL CYBER ATTACKS

Redirection of customer payments – An attacker managed to monitor the email communication of the accounting department of the damaged company for several months.

Subsequently, at the selected time, he took control of the sent emails and for app. three weeks he edited the account numbers for payment on the issued invoices, while he was able to capture and confirm several customer inquiries about this account number changing. As the attacker chose only customers with banking institutions outside EU, the damaged company was not able to claim any compensation and the damage exceeded CZK 6,000,000 (app. EUR 235 233).

EXAMPLES OF SUCCESSFUL CYBER ATTACKS

Blackmailing a software company – by successfull gaining access to the damaged company’s internal network, an attacker was able to install ransomware in the company’s environment, which spread uncontrollably for several months. As soon as he managed to break into the long-term deposit, he completely encrypted the company’s data and demanded a ransom payment of about CZK 1,500,000 (app. EUR 60 000).

As the company was not able to even trigger system backups and was also under a strong pressure from customers whom the attack had shut down several software products, it decided to pay the ransom in BitCoins. In this case, the attacker actually unblocked the affected systems, however, the company did not avoid several sanctions from customers and a complete overhaul of the systems.

PRIMARY AUDIT

The primary audit of cyber security is intended especially for small and medium-sized companies, or organizations whose data theft or shutdown of internal company systems will not cause significant damage to their property or the flow of operations. The audit focuses mainly on the protection of data and identities, accessibility of the environment and the backup system. If the primary audit does not reveal any deficiencies or these deficiencies are eliminated on the basis of the submitted recommendations, the organization is ready to face more than 90% of common cyber threats

STRUCTURAL AUDIT

The target group of structural audit customers consists of companies and organizations for which the very potential of the risk of data loss or blockage of digital systems is practically unacceptable. These include, for example, digitally controlled operations, where damage caused by downtime increases every minute, digital archives containing sensitive or otherwise irreplaceable data or systems for various reasons that do not allow for long-term loss of accessibility.

IN-DEPTH AUDIT

Primarily, state administration systems or critical infrastructure require security in accordance with the Czech Cyber Security Act No. 181/2014 Coll. or at least the minimum safety standard according to NÚKIB (National Cyber and Information Security Agency). Thus, an in-depth audit of cyber security does not only address the factual aspect of digital security, but also assesses whether the system complies with the above-mentioned standards or not.

CYBER SECURITY CERTIFICATE

Together with the summary report or after the elimination of deficiencies, the contracting authority shall obtain a level I, II or III cyber security certificate proving the achieved level of digital security of the organization. The certificate is granted for one year. If the contracting authority is interested in extending the certification, only an accelerated control audit is performed, which confirms the validity of the certificate for the following year. This extension by means of a control audit can be carried out a maximum of three following years and a corresponding audit must be carried out in full again the fourth year. Similarly it applies, if a control audit has not been performed no later than one year after the profit or renewal of the certification.

REMOTE CYBER SECURITY ADMINISTRATION

After obtaining any certificate, the contracting authority has the possibility, if its environment allows it, to request the establishment of remote cyber risk management. This is a service that usually requires few minor interventions in the contracting authority’s systems, but the organization gains professional supervision over cyber security management, and is also doesn´t need to undergo an annual control audit for the purpose of extending the cyber security certificate. The scope of the service is not standardized due to the complexity of the issue and the conditions are always set up individually.

The combination of 144 systems reduces labor costs by a third.

Critical infrastructure requires the highest security.

Documents are processed by artificial intelligence.

Added value per hour of work increase from CZK 200 to CZK 400 in just two years.

Starting from a contact through order and production to delivery without a single printed document.

PRIMARY AUDIT

The primary audit of cyber security is intended especially for small and medium-sized companies, or organizations whose data theft or shutdown of internal company systems will not cause significant damage to their property or the flow of operations. The audit focuses mainly on the protection of data and identities, accessibility of the environment and the backup system. If the primary audit does not reveal any deficiencies or these deficiencies are eliminated on the basis of the submitted recommendations, the organization is ready to face more than 90% of common cyber threats. The primary audit serves larger organizations as the initial documentation for a structural or in-depth audit, or as a proof of compliance with the conditions leading to the conclusion of cyber risk insurance for higher sums insured.

A PRIMARY AUDIT SHALL COVER MORE THAN 90% OF CYBER THREATS

  • Security and identity management (access)

  • Data and documented repositories (data protection policy)
  • Backup system

STRUCTURAL AUDIT

The target group of structural audit customers consists of companies and organizations for which the very potential of the risk of data loss or blockage of digital systems is practically unacceptable. These include, for example, digitally controlled operations, where damage caused by downtime increases every minute, digital archives containing sensitive or otherwise irreplaceable data or systems for various reasons that do not allow for long-term loss of accessibility. The structural audit focuses, among others, on the elimination of risks from an attack conducted for the purpose of damaging a specific company and also on the physical security of the client’s internal digital structures. An environment free of defects detectable by a structural audit can be considered as real cyber-safe according to the highest possible standards and ready to obtain ISO 27000 certification.

THE STRUCTURAL AUDIT will examine RISKS AT ALL LEVELS OF THE APPROACH

  • Security and identity management

  • Policy of an access to sensitive information

  • Security of internal company applications

  • Physical accessibility and security of infrastructure

  • Reduction of internal risks of the organization (insider risk)

IN-DEPTH AUDIT

Primarily, state administration systems or critical infrastructure require security in accordance with the Czech Cyber Security Act No. 181/2014 Coll. or at least the minimum safety standard according to NÚKIB (National Cyber and Information Security Agency). Thus, an in-depth audit of cyber security does not only address the factual aspect of digital security, but also assesses whether the system complies with the above-mentioned standards or not. The in-depth audit also reveals details such as a physical accessibility of the communication network and its security against an attack by sophisticated devices, testing compliance with cyber security regulations by affected personnel or a possibility of entering malicious code by attacking devices within the organization. The elimination of errors at the level of in-depth audit essentially prevents the successful execution of an attack to the cybernetic environment of the contracting authority in order to cause greater damage.

IN-DEPTH AUDIT ACCORDING TO NUKIB (NATIONAL CYBER AND INFORMATION SECURITY AGENCY) RECOMMENDATIONS AND APPLICABLE LEGISLATION

  • Comprehensive protection of access to the organization’s environment
  • Highest level of data and documentation security
  • Multilevel backup and system stability

  • Detailed analysis of safety management policy
  • Maximum level of physical security of the environment

We will contact you

Do you need to discuss your intention with an expert, find out if the service is suitable for your company, get answers to questions or a quote?

Contact us at:

Roman Caha, Sales Director
phone: +420 776 371 143
email: r.caha@altairgroup.eu

or via the contact form.

New Field

New Field

8 + 7 =

Call Now Button