Testing Avoids a Possible Meltdown

Email is a crucial business and communication medium in the digital world. The majority of our communications (including confidential communications) are carried out over emailEmail is also the favorite mode of initial attack or entry point for most cyber criminal activities.

Phishing, whaling, and malware campaigns are the most common examples where email provides a criminal with a platform from which to carry out attacks, as mentioned last month in our newsletter on BEC scams.

Organisations test their internal infrastructure with technical security audits, their external infrastructure with various types of penetration testing, and aim to raise their user awareness with internal phishing simulation activities.

However, organisations routinely forget to regularly check and test the email security controls they use to filter, secure, and process emails.

Kaon Security’s Email Security Risk Assessment focusses on addressing this gap and provides unique intelligence based on the outcome of the security assessment.

Some of the key aspects covered during the email security & phishing threat assessment are:

1. An assessment and test of the accuracy of your email spam blocking.
2. An assessment and test of the blocking capabilities of your email spam filter.
3. A simulation of zero day threat actors and their detection rate.

The outcome from the Email Security Assessment could significantly help to inform key business and IT security decisions.

Some of the key benefits of this assessment include:

• You can measure the effectiveness of email security controls.
• The potential risks to your IT security posture are understood.
• Email security gaps are identified and can be addressed.
• A business case can be developed to support upgrading or replacement of existing email security controls.
• Awareness training programmes can be introduced or adapted to protect your email.

This exercise can be supplemented with a controlled real-world external Phishing campaign with uniquely crafted user awareness landing pages.

Our experience shows that these campaigns can yield more impact when compared to deploying an internal phishing simulation run over several months.

ASD Essential 8 Content
Last month we also discussed the very useful technical security controls guidance available from Cert NZ and the Australian Signals Directorate. We have recently augmented the IT Policy System to incorporate a mapping of policies to the ASD Essential 8. This has seen the addition of 3 new sections of content in the technical policy area and 9 changes to existing policy content. These additions along with a selection of other enhancements will form the basis of version 19 which will be ready for shipping 2nd week of June.  

NSW Regional Centre Adopts IT Policy Lite System
Our IT Policy Lite System provides a very cost effective way to develop, deliver and then maintain organisational IT security policies.

One of our recent projects for Broken Hill City Council (BHCC) saw us addressing the following challenges - 

• Existing policies were written and developed at different times and were therefore disjointed, with many requiring a thorough review before being updated.
• As policy review dates fell due, someone had to conduct time consuming research into contemporary IT policy standards.
• Writing/maintaining content is a tedious task and wasn’t a priority, resulting in policy review delays.
• Informing staff about IT policies through a new interface was needed to help improve the security posture throughout the organisation.

Having deployed the system at BHCC, Gerald VanDenHeuvel, Manager Information Services comments “We are now in a good position to communicate to staff how to reduce risk through improved compliance, create an awareness of their responsibilities and to ensure Council meets legislative requirements"

Click Here to view the BHCC case study.

To discuss our Email Security Assessment, your IT Policy requirements or any of our other professional IT services offerings, contact Mike or Steve.

Which Essential controls should be at the top of your list? >