A cyber-attack can have a huge impact on your organisation in terms of cost, productivity and reputational damage. Being prepared to detect and quickly respond to incidents will help to reduce the business impact and prevent the attacker from inflicting further damage.
If the cyber-attack results in a personal data breach then you have a duty under the GDPR to report the breach to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
Businesses must be prepared, which means key individuals having a clear understanding of the organisation’s response and their role in this process. This is particularly important for board members who would be called upon to represent the organisation in the media. Rehearsing your cyber response capability to specific scenarios is key to ensuring your plans are effective and remain fit for purpose
The Aristi Cyber Resilience Assessment is designed to help businesses to test their cyber response processes through realistic simulations of cyber-attacks. Our Cyber experts will work with you to develop scenarios based on your organisational context and facilitate a simulated cyber-attack to test your technical and procedural response capability. This is all conducted in a safe, non-obtrusive manner so that it does not impact your business. Following the assessment, we will provide a de-brief of the events covering what went well and what didn’t. The results are then documented in a formal report with recommendations for improvement.
Key Features and Benefits
- Assessment utilises real world cyber-attack methods such as ransomware and phishing
- Tests your technical ability to detect a cyber attack
- Tests your cyber response processes and procedures
- Tailored approach based on customer segment and scope of requirements
- De-brief and documented report detailing results of the assessment with recommendations
- Minimal organisational and operational impact
- Helps address prioritisation of information security and budgetary spend on information security
- Identification of security ‘blind spots’ (gaps) created through IT environment evolution
- Helps to meet regulator, standards (ISO 27001) and legal (GDPR) requirements
- Skills assessment to identify where IT security personnel may need additional training to deal with today’s cyber threats
- Review of incident response documentation and processes to ensure they are fit for business purpose
- Review of organisation’s security culture and attitude towards information security through targeted staff interviews
- Senior experienced consultant to explain risks and key issues to senior leadership