Holistic cyber risk management
A company’s cyber risk and its IT security are closely associated. Now companies can use the advanced cyber risk analysis from Funk to identify the weaknesses in their IT landscape as well.
What security vulnerabilities can I exploit to attack a company’s IT system? This is a question asked not only by hackers, but also by Funk’s risk management experts – so they can find weaknesses before they are used for an attack.
Analysis at two levels
Hendrik F. Löffler, a Member of the Funk Management Board, says, ‘It is only with holistic risk management that considers both economic risks – like business interruptions – and technical security risks that companies can effectively combat their cyber risk.’ The cyber risk analysis from Funk combines both of these aspects. Not only does it identify potential risks and determine how these may affect the value-adding process, it also incorporates a new technical security analysis that creates an overview of weaknesses in the IT system and points out security vulnerabilities. Funk works with IT security service provider RadarServices to achieve this. Clients therefore benefit from an even more extensive range of services.
Footprinting and pen test
The technical security analysis takes place in two stages. First, a process known as ‘footprinting’ gives the company an overview of weaknesses in the IT system. It identifies potential vulnerabilities from the internet and shows how many attack points a hacker can find here.
Footprinting
Footprinting is an IT security term referring to the collection of freely available information. It is the first phase of a hacker’s attack: getting information without directly accessing the target system. Publicly available data relevant to the attack target is compiled, such as email addresses, telephone numbers, postal addresses and the IP address of the web server and mail server.
Footprinting is the starting point for detailed vulnerability testing in the form of a penetration test, or ‘pen test’. Similarly to a real attack, security analysts known as ‘white hat hackers’ or ‘friendly hackers’ carry out a targeted attack on the company’s IT system. This penetration test reveals how far a hacker can penetrate into the infrastructure and how much damage a hacker can do.
Harald Reisinger, Managing Director of RadarServices, says, ‘With the technical security analysis, companies not only discover the sources of the attacks but also develop an innovative early warning system.’
Companies receive a two-part report of the results at the end, covering their individual risk situation and the weaknesses in their IT landscape. Emergency plans can be optimised and tailored insurance solutions devised based on the results. The report also helps companies progress toward certification under ISO 27001.
13.02.2020
Your point of contact
