Leeds Cyber Security
Cyber security is how organisations and individuals reduce the risk of becoming victims of cyberattacks.
Cyber security’s essential function is to protect laptops, tablets, computers, and smartphones and the services we access from damage or theft at work and online. It’s also about intercepting unauthorised access to the vast amounts of personal information we store on these devices and online.
Cyber security is essential because smartphones, computers, and the internet are now such a necessary part of modern life that it’s hard to imagine how we would operate without them. From shopping online and online banking to social media and email.
It’s important, now more than ever, to take important steps that can prevent cybercriminals from getting hold of our accounts, data, and devices.
If you’d like to find out more about Cyber Security, contact us today!
Cyber security
Cyber attacks
Protect important information
What are Cyber Essentials?
Cyber Essentials is a practical, Government-backed scheme that will help you protect your organisation, against a range of the most common cyber-attacks, whatever its size.
Cyber-attacks come in many sizes and shapes, but the vast majority are fundamental, carried out by moderately unqualified individuals. They’re the digital equivalent of a thief trying your car door to see if it’s been left unlocked. Our advice is designed to prevent attacks.
Our self-assessment option gives you shielding against a wide variety of the most common cyber-attacks. This is important because vulnerability to basic attacks can mark you as a target for more in-depth unwanted attention from cybercriminals.
Certification helps to put your mind at rest as your defences will protect against the vast majority of common cyber-attacks. This is because attackers look for targets who do not have Cyber Essentials technical controls in place.
Cyber Essentials shows you how to address the basics and prevent the most common attacks.
Cyber essentials
Government backed
Prevent the most common attacks
Why should you get Cyber Essentials?
- Reassure your customers that you are actively working to secure your IT against cybercrime.
- You have a transparent understanding of your organisation’s cyber security level
- Some government contracts require cyber essentials certification.
- You have a transparent understanding of your organisation’s cyber security level
Reassure your customers
Cyber essentials certification
Cybercrime
Penetration Testing
Penetration testing is where a cyber security expert will attempt to find security vulnerabilities on a client’s network and exploit them to find out how deep they go. The test aims to simulate an attack on the network and iron out any vulnerabilities attackers may take advantage of.
Someone usually makes these attacks with little knowledge of the company they are attacking to simulate a real-world scenario and to possibly find blind spots that the developers didn’t acknowledge while building the systems.
Types of penetration tests are:
Open Box- In an open-box test, the attacker will be provided with some information ahead of time regarding the target company’s security info.
Closed box- Also known as a ‘single-blind’ test, this is one where the attacker is given no additional information, just the targeted company’s name.
External- In an external test, the attacker goes up against the company’s external-facing technology, such as their website and external network servers.
Internal- In an internal test, the attacker performs the test from inside the company’s network. This can help determine the amount of damage a resentful employee can cause from behind the company’s firewall.
Pen tests are usually carried out in 3 phases:
Reconnaissance- the attacker spends time learning and researching the company and its operations.
Attack- The attacker will then use the information gathered as well as some software designed to perform brute-force attacks, SQL injections and social engineering techniques such as Phishing emails or disguising themselves as people within the company via email spoofing or over the phone in order to gain valuable information. The attacker would then remove any traces of the attack and return everything back to normal.
Report- the attacker will then report back to the companies cyber security team and advise them on vulnerabilities and patches they need to make and advise employee training etc. They can also advise on some upgrades to security such as rate limiting and DDOS mitigation.
Cyber security expert
Penetration testing
Iron out vulnerabilities
SQL injections
Structured Query Language (SQL) Injection is a code injection technique used to alter or recover data from SQL databases.
By placing specialized SQL statements into an entry field, an attacker can carry out commands that allow retrieval of data from the database, the destruction of sensitive data, or other manipulative behaviours.
If an SQL injection is done properly on an unpatched site, the attacker can parody the identity of a more privileged user, tamper with existing data, make others or themselves database administrators, edit balances and transactions, and retrieve and/or destroy all server data.
In modern computing, SQL injection occurs over the Internet by sending malicious SQL queries to an API endpoint provided by a website or service. In its most severe form, an SQL injection can allow an attacker to gain root access to a machine, giving them complete control over the machine.
SQL injections
Recover data
Modern computing
Social engineering:
Social engineering is the practice of manipulating people into giving up sensitive information. In most cases these attacks aim to get the victim to divulge either login credentials or sensitive financial information.
This is usually completed in the form of either:
1.) An attacker will send a phishing email to one or more end-users, enticing them to click on a link or download a file. Or they will pretend to be someone else who is higher up in the business and ask for sensitive information.
2.) An attacker will bait users online with fake links to download what they think is a file or application that they need.
3.) An attacker will spoof an email or phone number to get important information out of an unsuspecting employee.
Social engineering
Request sensitive info
Fake links and downloadables
Brute Force Attack:
A brute force attack is a trial-and-error method used to gain access to sensitive data. The most common applications for brute force attacks are cracking passwords and cracking encryption keys. Other common targets for brute force attacks are API keys and SSH logins. Brute-force password attacks are often carried out by scripts or bots that target a website’s login page.
What makes brute force attacks different from other cracking methods is that brute force attacks don’t employ an intellectual strategy; they simply try using different combinations of characters until the correct combination is found. Think of a thief trying to break into a combo safe by attempting every possible combination of numbers until the safe opens.
If the target does not have the correct security and mitigation policies in place, a brute force attack will ALWAYS work if given enough time. The amount of time a brute force attack takes to work is a good measure of how secure a company is.