Frequently Asked Questions - FAQ's

We answer questions about us and our services

Frequently Asked Questions

Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

A Penetration Test, also known as a Pen Test, is a simulated cyberattack against your Web Application or System Infrastructure and Network to check for exploitable vulnerabilities. Pen Testing aims to identify vulnerabilities and risks which may negatively impact the Confidentiality, integrity, Availability, Security and Privacy of data and information assets.

Ransomware is malicious software (malware) used in a cyberattack to encrypt the victim’s data with an encryption key that is known only to the attacker, thereby rendering the data unusable until a ransom payment (usually cryptocurrency, such as Bitcoin) is made by the victim.

Ransomware is not a new threat. The earliest known ransomware, known as PC Cyborg, was unleashed in 1989. Since that time, ransomware has evolved and become far more sophisticated.

Ransomware has also become more pervasive and lucrative with developments such as the following:

»Ongoing digital transformation: As more organizations digitize their operations and employees use email, cloud apps, and mobile devices to get work done, the number of potential entry points for attackers increases exponentially. After a network has been breached, infections can spread more quickly when critical systems are connected.

»The rise of cryptocurrency: Currency (such as Bitcoin) enables easy and virtually untraceable payments to anonymous cybercriminals. As cryptocurrency speculation continues to push prices higher, the potential for large ransoms grows proportionally.

»The emergence of Ransomware-as-a-Service (RaaS): RaaS (ransomware that can be purchased for a small fee and/or a percentage of the ransom payment) makes it easy for practically anyone to use ransomware which is concerning.

Security is about the safeguarding of data, whereas Data privacy is about proper usage, collection, retention, deletion, and storage of personally identifiable or health information.

Data Security is about protection against the unauthorized access and disclosure of data. Encryption is typically used as a security control to mitigate this risk.

A cybersecurity program is a documented set of your organization’s information security policies, procedures, guidelines, standards and operating procedures. The security program includes a roadmap, plan and milestones for effective implementation of security management best practices and controls.