How to Conduct Internal Penetration Testing - eSecurity Planet

Our Pen Tester Rob carried out internal penetration tests on us. Here is an interesting article on the topic. http://www.esecurityplanet.com/network-security/how-to-conduct-internal-penetration-testing.html

ABC Security Consultants's cover photo

8 Security Practices to Use in Your Employee Training and Awareness Program

https://www.tripwire.com/state-of-security/security-awareness/8-security-practices-to-use-in-your-employee-training-and-awareness-program/

5 Social Engineering Attacks to Watch Out For

We educate all of our clients about the risks their company are under due to Phishing attacks. Employees are their greatest weakness https://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/

As feds pin political hacks on Russia, how to respond?

Another example showing how politically motivated hacks are becoming common. Many blame Russia for trying to influence the US presidential elections. The Hilary Clinton hack is a prime example. https://www.wired.com/2016/10/feds-pin-political-hacks-russia-respond/

SWIFT Hackers Steal $10 Million From Ukrainian Bank

This article shows how banks connected via the Swift network are still at risk of being breached. Here $10 million was stolen from a Ukrainian bank. In February, hackers attempted to steal $951 million from the central bank of Bangladesh. They got away with $80 million dollars. http://thehackernews.com/2016/06/ukrainian-bank-swift-hack.html

World's Biggest Mirai Botnet Is Being Rented Out For DDoS Attacks

A worrying article explaining how anyone can purchase an army of connection IoT bots for $7500 to launch a massive DDOS attack. A similar attack targeted Dyn in October which put the likes of Netflix, Spotify and the New york times offline. http://www.forbes.com/sites/leemathews/2016/11/29/worlds-biggest-mirai-botnet-is-being-rented-out-for-ddos-attacks/#461827943046

Hi Everyone, Today we are going to be informing you on our Team here at BC Consultants and our roles. ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ Conor O’Brien is ABC consulting’s CISO and lead in strategy development. Chief information security officers know they can’t simply take security, privacy, and risk and boil it down to a simple, standard formula every organisation is different. Accordingly, CISOs can’t put security controls in place just for the sake of having security controls. Instead, they must have their finger on the pulse of their organization so they can completely understand the unique business problems they face and solve them appropriately. A CISO is charged with building the best vehicle to support the organization’s information security challenges from top to bottom. This is a vital role in today’s security landscape, and it isn’t without its challenges. But for an individual who wants to take large risks and boil them down to technical and legal controls in order to keep a company safe and secure, it’s also extremely rewarding. Conor’s duties include: - Establishing and implementing security-related strategies. - Overseeing regulatory compliance. - Ensuring data privacy. - Supervising identity and access management. - Working with other high-level executives to establish disaster recovery (DR) and business continuity strategies. ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ Shane Mulcahy is ABC consulting’s Research, security breach analyst. Cyber-attacks have been on the rise around the globe, with hackers and other criminals targeting businesses large and small to steal valuable information or bring computer networks to a halt. Information security breach and research analysts are valued for their ability to protect an organization’s data and information from such attacks. Information security research and breach analysts are expected to stay up-to- date on the latest intelligence, including hackers’ methodologies, in order to anticipate security breaches. They also are responsible for preventing data loss and service interruptions by researching new technologies that will effectively protect a network. Shane’s duties included: - Research breaches in information security, understand these breaches. - Preforming analysis on breaches, understanding how we can eliminate these same threats - Recommending security enhancements based off of this research. - Inform staff on network and information security procedures that could help ABC consulting ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ Darren Quirke is ABC consulting’s Research, security breach analyst. Research and Security response analysts are expected to stay up-to- date on the latest intelligence, including hackers’ methodologies, in order to anticipate security breaches. They ensure the information stored on computers or networks is not disclosed to unwanted parties or modified inadvertently, and may also create and maintain security systems. If the data is compromised, security analysts repair the damage and take measures to seal the security hole that enabled the data compromise. Darren’s duties included: - Research breaches in information security, understand these breaches. - Preforming analysis on breaches, understanding how we can eliminate these same threats - Having a plan in place if a breach was found in the system. - Repairing the access point and making sure our system was secure again ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ Rob Noonan is ABC consulting’s Penetration tester and strategy analyst. A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, service and application flaws, improper configurations, or risky end-user behavior. The process of performing a penetration test is to verify that new and existing applications,networks and systems are not vulnerable to a security risk that could allow unauthorized access to resources. This process is vital to make sure our asset remain secure and that there is no flaws or weak points in our system. Rob’s duties included: - Preform technical and non-technical penetration testing on our own company to insure it is secure and safe. - Preform internal and external tests to see if someone can get into our page and also once they get in what they can see, find and change. - Report back to the group on finding and how secure our asset is. - Form a strategy based off my finding on keeping our asset secure ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ ‍‍‍‍‍‍ ‍‍ All members of our company worked as hacker to our competitors and tried to obtain their assets.

ABC Security Consultants