OUR EXPERTISE

Cybersecurity Services

Intelligent Technology Solutions. Powered by People.

Cybersecurity is no longer an option. Businesses of all sizes are increasingly reliant on the Internet and information technology systems to run their business operations. With such a dependency on technology, there is an increased opportunity for malicious entities to take advantage of system vulnerabilities. Today, businesses are just one data breach away from making headline news, resulting in severe damage to the organization’s valued reputation.

Security expertise is a foundational component of Edafio’s managed services offering. The three pillars of Information Security (Confidentiality, Integrity, and Availability) are at the heart of daily life at Edafio. We realize security is an ongoing and ever-evolving endeavor, which requires a dedicated team of professionals working around the clock. Many Edafio clients partner with us through our Managed Services offering to leverage and incorporate our world-class security monitoring, interpretation, and remediation skills into every thread of their IT canvas.

28%

of all reported data breach incidents in 2018 were attributed to insider activity.

48%

of CEOs surveyed said that a cyber-attack is now a case of “when” instead of “if”.

85%

of customers will not do business with a company if they have concerns about its security practices.

Ready to improve your Cybersecurity?

Take our Cybersecurity Readiness Assessment to find out if Edafio’s services are the right fit for you.

Program Foundations

Proactive

Reacting is not strategic nor comprehensive. This approach highlights areas of improvement that we can plan for, not just discover.

Objective Alignment

Cybersecurity goals should align with and enable the organization’s overall goals.

Progress Reporting

By establishing a target state an organization can demonstrate progress over time at a macro and micro level.

Offense > Defense

Protect your company through offensive cyber techniques and establish a “defend-forward” strategy to uncover advanced adversaries on your networks.

Auditable

Transparency = Trust
Demonstrate efforts in a common way that vendors, auditors, and boards can inspect.

Effective Investments

The cybersecurity spend can be better prioritized, focus on achieving desired outcomes, and demonstrate more concrete ROI.

Best in class cybersecurity depends on multiple layers, and below are some of the cybersecurity offerings we provide our clients:

Security Services

  • Security Risk Assessments
  • Security Awareness Training
  • Vulnerability Management
  • Security Monitoring and Response
  • Incident Response

Security Consulting

  • Information Security Program Development / Advisement
  • Policy Development / Advisement
  • Risk Management Program Development / Advisement
  • Supply Chain Risk Management Development / Advisement
  • vCISO

SECURITY SERVICES

Security Risk Assessment

Security Awareness Training

Vulnerability Management

Incident Response

Risk Management

CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC)

SECURITY CONSULTING

CYBERSECURITY POLICY AND PROCEDURES

A good policy is critical to ensure organizations are providing the security they need to stay safe. It can be difficult to know what policy your organization needs and how that policy can translate into procedures that are easy to understand and execute.

Edafio provides our policy and procedure expertise so that your organization has the right first step to creating a comprehensive security program. Whether you are starting from scratch or seeking a fine polish on existing policies, our policy professionals will make sure that each document is tuned to the needs of your organization, not a one size fit all solution. Once the policy is in place, we’ll begin to work with key stakeholders across the organization to make sure it is translated into procedures that make sense for your culture while also keeping your organization secure.

vCISO

(Virtual Chief Information Security Officer)

Attackers are getting more sophisticated every day. While major organizations like Amazon have the ability to hire dedicated security personnel, it can be difficult for smaller organizations to find someone who can guide their security program from a high level. That is where Edafio’s vCISO program can help.

Instead of trying to find an internal CISO, let Edafio provide the security expertise you need to navigate the fast pace and complicated world of modern cybersecurity. With a vCISO, you’ll have access to one of our highly qualified cybersecurity consultants to provide guidance and recommendations for your organization. They’ll be a dedicated part of your team, working directly with your organization from the boardroom to the server room to ensure that your organization has the best security posture possible.

With a vCISO, you’ll have someone you can trust to stay updated with the latest security trends and guide your security so that it works with your organization’s goals.

COMPLIANCE CONSULTING

With the number of rules, standards, and requirements, it can be difficult to understand the Governance Regulatory Compliance (GRV) requirements your organization faces. Edafio provides a robust Compliance Consulting program. We become your trusted advisor, guiding your organization through the complex labyrinth of GRV.

We offer to consult in HIPAA, HITRUST, PCI, FFIEC, SOC, and more. Our experts provide an abundance of industry expertise across a multitude of fields including the Medical and Financial fields. Our experts will help you every step of the way to meeting your compliance goals: from the initial assessment to a creating a plan to meeting standards to establishing an ongoing program to audit adherence to your designated framework.

CYBERSECURITY QUESTIONS AND ANSWERS

How do I ensure I have an effective cybersecurity program?

The effectiveness of a cybersecurity program is not based on how you answer the question of ‘Can we be hacked?’ but rather on your organization’s ability to manage the ever-evolving risks and threats that it faces.  The ability to manage risk begins with your organization’s leaders taking a proactive role in cultivating conversations and creating a culture that puts risk management as a priority.  From this vantage point you can determine your biggest risks and what assets are most critical.  Only then can you decide if your current cybersecurity program is meeting those risks and dealing with them in an effective manner.

What are the costs of a cybersecurity attack?

Actual costs of an attack or data breach vary widely based on the type and size of your organization as well as the sensitivity of your data.  For example, a breach of 6,000 records containing health information on patients and employees might cost upwards of $700,000. This doesn’t include costs related to loss of productivity, litigation, or reputational damage, which can be immeasurable.  Recent studies put the average cost of a breach for an organization with less than 500 employees at $2.74M.

You can estimate the cost of a data breach for your organization.

I’m a smaller organization, do I really have to worry about hackers?

The short answer is yes. Cybercrime is a lucrative business that is outsourced, automated, and streamlined so it doesn’t require a specific skill set to implement.  This makes it much easier for a wider group of people to execute attacks.  Attackers have also realized that small businesses, such as clinics, law firms, and even schools do not have sophisticated security, but do have the resources to pay if an attack happens.  Small businesses are huge targets for cybercrime due to these two factors combined, with one study showing 43% of cybercrime victims were small business victims.

“Seemingly, no matter what defensive measures security professionals put in place, attackers are able to circumvent them.  No organization is too large or too small to fall victim to a data breach.”

(Source:  Verizon 2019 Data Breach Investigations Report)

What is Phishing and how do I avoid it?

Phishing is an attempt to acquire sensitive information such as passwords, credit cards details and usernames by appearing to be from a legitimate source.  The goal of a phishing attack is to get the potential victim to click a link, open an attachment, provide their credentials, wire money, change direct deposit information, etc.

There are multiple techniques used by bad actors to obtain personal information.  A few examples are:

  • Spear Phishing
    • Targeted phishing to specific organizations or people. Example would be a bad actor compromising your vendor’s email account and sending an invoice with a wire transfer request to your Accounts Payable department requesting payment with a sense of urgency.
  • Malware
    • Ransomware (bad actors deny access to the device(s) or file(s) until the ransom is paid.)
    • Keylogger (bad actors log all inputs from the keyboard)
    • Malvertising (Malicious advertising that is downloaded and forces unwanted content onto your computer.)
  • Vishing (Voice phishing ) and Smishing (SMS/Text phishing)

(Source: Knowbe4)

What is MFA?

MFA stands for multi-factor authentication and is used to provide additional security for a traditional username/password login.  Essentially, MFA adds another step to the login process after a person enters in their username and password.  This step can come in a few different forms including a verification code sent to a phone or authenticator app, use of a smart card, or even a biometric like a fingerprint scanner.

Why use MFA?

MFA is particularly useful at hindering account compromise by adding an extra layer of protection since all your password controls will be meaningless if you hand the attacker your password.  This would include external applications, remote access (VPN), cloud-based email such as O365 or Gmail.

  • It’s almost impossible to verify that employees are using different passwords for each third-party service. Why does this matter? As an example, an employee’s insurance credentials are compromised and they change their password, but they also use the same credentials for their O365 account. The bad actor that has the compromised credentials will attempt to log into their email account and without MFA in place, will be able to compromise their account without that additional security.
  • A bad actor can attempt to brute force the password without controls and MFA in place.
  • When a bad actor gains VPN access without an additional layer of security and is inside your organization, they can attempt to move laterally within your organization.
  • An organization-wide password reset due to email compromise is complex and can be taxing on support to implement. Having MFA in place would dramatically decrease the likelihood that an organization wouldn’t need to reset passwords for all accounts.

“…the sobering reality is that if multi-factor authentication (MFA) is not in place, all your other security measures can be bypassed.”

(Source: TechBeacon)

CYBERSECURITY UPDATES

HAVE A QUESTION ABOUT ONE OF OUR SERVICES?