CyberProfiler Scan – An Attacker’s Eye View™ of your cyber risks
Protect your business against cyber crime
Anything connected to the internet is part of an organisation’s attack surface and an internet domain (website address) is an entry point which criminals use to identify vulnerable access points.
CyberProfiler is a tool designed to give you an Attackers Eye View™ of your online presence. The report alerts you to key information that criminals use to profile your business in preparation for cyber attacks.
Viewing your exposure from an Attackers Eye View™ will help you optimise your online presence, reduce or change public information where possible, and ultimately limit opportunities available for attackers to defraud you. This is the purpose of vulnerability scanning.
Frequently Asked Questions
- Vulnerability scans are a valuable tool for organisations striving to harden their cyber security. They scan your website for vulnerabilities, quickly and accurately discovering weak points and providing remediation recommendations.
- In fact, they work by assessing the domain (e.g., yourcompanyname.com), so whether you have an active website or not, the scan will let you know what digital risks and vulnerabilities your company might be exposed to.
- If you’re wondering how to prevent cyber crime from affecting your business and want to know what cyber criminals see when surveilling your company, then a vulnerability scan is one of the best places to start.
- As we’re all aware, cyber attacks in South Africa and globally are on the rise, and a proactive approach to risk mitigation is important to respond to these threats.
- A good vulnerability scan will provide a quick and detailed snapshot of a company’s digital risks, allowing the company to remediate them before a malicious actor can take advantage. They’re able to assess a multitude of potential risks, not just the risks associated to a website.
- One of the risks a good vulnerability scan will report on is potential DNS (Domain Name System) misconfigurations. These are a common issue that can make companies vulnerable to a wide range of cyber attacks including Ransomware attack and Phishing attack.
- Many IT professionals still rely on manual processes to assess misconfiguration threats in a client’s digital environment.
- Reliance on a manual approach opens the door to human error in missing or mis-categorizing critical misconfigurations. It’s intricate and time-consuming and therefore often overlooked, particularly after organisations have implemented new network or system changes.
- An automated vulnerability scan is an effective tool for cyber crime management and can be used to mitigate potential in human error. It’s quick, accurate, and saves hours of an IT professional’s time.
- Provides businesses with a rapid snapshot of their digital estate from an attacker’s perspective with Findings, Observations, and Insights.
- Highlights exposed systems that criminals leverage to deploy malicious software such as Ransomware.
- Actively scans for vulnerable technologies and configurations which malicious actors use to defraud you, your customers, suppliers, or other third parties.
- Provides remediation recommendations, arming organisations with the knowledge to mitigate exploitable vulnerabilities.
- Analysis is driven by advanced intelligence tools that are continuously updated to include the latest cyber risks.
- Why you might be vulnerable to phishing attacks that target customers by spoofing your domain
- Where you might have insecure protocols with data being shared in plaintext
- How malicious emails could be sent from your domain
- Why you might be more prone to attacks because of clear access point to attackers
- Where you are revealing too much information that can be spoofed by hackers
- Lists of expired certificates which present a danger
- Associated domains which may leave you vulnerable and provide easy targets for attackers
- Domain variants that attackers might register to appear legitimate when impersonating your company in phishing scams
- Lists of DNS (Domain Name System) misconfigurations which can make it easier for hackers to access sensitive information like passwords or steal personal data
- Lists of associated domains and subdomains for review so as to remove unused, reducing your online attack surface and helping to prevent malicious activity
- No, because we know every company’s needs are different, we give you the choice as to when you need to run a new scan.
- Existing customers get 50% discount on all subsequent scans (re-order from your My Account or CyberProfiler portal)
- When you Buy Now you’ll need to provide your domain / website address (this is how the scan is run).
- Once you’ve completed your purchase, we’ll confirm your order by email and your order will be sent to STORM Guidance for processing.
- You’ll receive an email from STORM Guidance within 24 hours of purchase giving you access to your report.
- The report is made available via secure access to your CyberProfiler portal for viewing or downloading. Instructions on how to access your CyberProfiler portal will be provided in the email.
- The report should be analysed in conjunction with the organisation’s management and inhouse IT team or their outsourced IT MSP (Managed Service Provider).
- The potential risks and vulnerabilities can then be quickly assessed and prioritised by separating into major risks (that must be managed immediately) and minor risks (that may be acceptable).
- If you’ve never done one, the time is now. Because cyber criminals use these same tools to quickly assess the easiest entry-points to breach a company, vulnerability scanning can be seen as a pre-emptive first line of defence against cyber threats.
- Each organisation will have its own risk management and compliance requirements, but we’d recommend running a scan at least once or twice a year.
- Over and above this, you should run a scan after any major system, organisation, or infrastructure change (network changes, new system configurations, new user groups).
- Many organisations employ multiple vulnerability scanners to ensure complete coverage of all their digital assets, resulting in a complete picture.
- Not all scanners look for the same things and some are better than others.
- If you’re already using a scanning service, getting a second opinion from a credible source can be very valuable – it will either provide you with peace of mind that your current service-provider is doing a great job, or alternatively it could alert you to vulnerabilities that were not picked up in their reports.
Within a few hours the insightful report it produces enabled us to identify vulnerabilities, certificate issues and misconfigurations.
It’s easy to read and even if you’re not technical, it’s super useful and explains what steps to take. The report is seriously in-depth and at the price bats way above its weight.
I would highly recommend it to website owners, especially those that store and processes consumer data or run e-commerce.
As an IT services provider, cyber security is of utmost importance to us and our clients.
CyberProfiler is an invaluable tool to assess the state of a client’s cyber security. It can be used very effectively to provide quick and necessary improvements when onboarding new clients or assessing the state of current clients, especially if their cyber footprint has changed.
The report is professional and in-depth while still maintaining a reader-friendly and to-the-point structure which makes it presentable to our clients. I would highly recommend to any IT services business.
About the Supplier
STORM's specialists have decades of experience in helping clients recover from a range of cyber incidents, including Ransomware, Business Email Compromise (BEC), Extortion and Data Theft.
STORM has helped some of the world's leading underwriters and their customers with risk management.
Founder, Neil Hare-Brown, has been working in cybercrime for over 3 decades. He helped form the first digital forensics lab with the MET police in the mid-90s and written a book “Information Security and Incident Management” in association with the British Standards Institute.
ISO 27001:2017 certified | ISO 9001:2015 certified | ISO 14001:2015 certified
Certified for the following activities: Risk and security consultancy providing services encompassing cyber incident response, assessment, planning and training to commercial customers across the UK and internationally.
Businesses Going Digital (Rewards & Risks)
Companies are moving their systems onto digital platforms to increase efficiency, reduce costs, and improve customer experiences. This move will continue as technology advances and businesses strive to retain a competitive edge.
The shift towards digitalization increases cybersecurity risks, with digital platforms being vulnerable to cyberattacks.
Cybercrime as an industry will continue to grow due to increased opportunities, low barriers to entry, low risk, and the lucrative opportunity of economies of scale.
The World Economic Forum (WEF) - State of the Connected World 2023 Edition
- The financial impact of Ransomware attacks is forecast to cost the world $7 trillion in 2022, making cybercrime the world’s third largest economy after China and the United States
- Global cybercrime is expected to grow 15% per year over the next five years, reaching $10.5 trillion by 2025
- Many organizations still approach their cybersecurity reactively, with the bulk of efforts targeted at managing existing damage.
STORM Guidance surveyed business groups across South Africa, representing approximately 10’000 SMEs and found:
43% of cyberattacks target small businesses, particularly Financial, Healthcare, Retail, Insurance, and Legal sectors
Interpol’s African Cyberthreat Assessment Report October 2021:
- South Africa has the third highest number of cybercrime victims worldwide, at a cost of R2.2 billion a year
- South Africa is estimated to suffer 577 malware attacks an hour
- Over 679 million cybercrime-related emails were detected last year alone—with 219 million of this emanating from South Africa
- In the first quarter of 2021, Egypt, South Africa, and Tunisia suffered the most ransomware detections with South Africa accounting for over 25% (> 375,000).
The Information Regulator South Africa:
Received more than 500 notifications of data breaches or security compromises between October 2022 and February 2023.