Cybersecurity is not IT. IT is just one small part of Cybersecurity.
There are many IT companies and providers that profess to provide complete cybersecurity but few actually provide a full service. For many, their aim is to sell products or services on which they make a margin and they are purely looking at IT as being the problem and solution. Effective cybersecurity doesn't work like this. Effective cybersecurity needs an effective team of specialists.
At Digital Armour, we don't want to sell you these products or solutions. We want you to value our time, knowledge, experience and tradecraft so we concentrate our efforts on looking at your organisation's cybersecurity as a whole. When we undertake penetration testing, we're looking to expose how your IT company hasn't set up your firewall correctly or how you don't have any email protection to assist in combatting phishing attacks - we're looking for problems and we need to be completely independent in order to accomplish this successfully.
Aside from the IT side of your organisation, you need to know where your vulnerabilities lie. Can someone easily gain access to your building to extract data? Can your sub-contractors be bribed to plug something in to your network? Physical penetration testing is a challenge that we enjoy and it gives us creative freedom to be your dedicated criminals for the duration of the test.
Certification and Compliance.
Digital Armour is a Certification Body for Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assurance and we have been certifying organisations throughout the United Kingdom and further afield since 2014. Whether it is for a contractual requirement or your own piece of mind, Digital Armour can take you through the Cyber Essentials journey.
Once you have attained Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assurance, you could move to the internationally standard for Information Security, ISO/IEC 27001. Digital Armour isn't a certification body for ISO27001 but we have extremely capable ISO27001 Lead Implementers and Auditors who can help you to gain compliance with ISO27001. There's no shortcut to compliance and we don't just bombard you with templates, ask you to fill them in and expect you to understand exactly what is needed - we'll guide you through the process and ensure that your implementation of ISO27001 is sound and that your internal audits are comprehensive.
There are other standards that your organisation can comply with, like NIS Directive Cyber Assessment Framework and the Payment Card Industry Data Storage Standard which we can help you get through too.
Check and Test. Check and Test. Check and Test.
Many organisations purchase a solution and then they just believe that the solution is there, solving any problems. The thing is, even the most expensive firewall, incorrectly configured, can be next to useless. That's not a great return on your investment.
This is why you need to check and test.
Testing the solutions you have purchased is the best way to know how they will perform in the event of a real issue and that's where vulnerablity scanning and penetration testing sit. Both should be undertaken regularly so that you are regularly informed about how your defences hold up in the event of an actual attack. Remember, criminals are clever and they are constantly evolving their strategies to monetise your estate. Just because you got a new firewall last year, if you've just plugged it in and left it unattended, what are the chances that it is going to protect you this year? Check and test. Check and test.
Beyond the Conventional.
We are twisted at Digital Armour. We are unconventional at Digital Armour. This is why you need Digital Armour. By adopting an unconventional, creative mindset, we aim to provide you with the closest experience to a real attack. It may be that we don't just hit you with a brute force attack on your VPN to gain access. We might just fly a drone next to one of your home worker's windows and film them as they go about their daily business - we can process your data from as far away as 2 kilometres with a drone.
Or how about a charging lead? What if we replaced the charging lead plugged in to the reception PC with one of ours? What could possibly go wrong? When is a charging lead not a charging lead? When it's a keyboard, pre-loaded with our keystrokes that simulate us, typing at your keyboard.
Criminals are not confined by the same rules that you live by, so why would you expect them to behave in the same way that you do? You just need to be lucky 100% of the time where they need to be lucky 1% of the time.