At Layer 8 Security we believe that some of our customers need a more bespoke offering . As such, we provide some unique services to aid you in your risk mitigation strategy.
Baseline Program (Gap Analysis)
Some organisations may already have in-place a Cyber Security Awareness program to increase user awareness. To augment this, we offer a service to provide a baseline service allowing you to identify the gaps within your employees knowledge and understanding .
We create custom knowledge assessments, targeted surveys, one on one interviews, and we use simulated attacks to diagnose your organization’s potential vulnerabilities and determine where your end users are most susceptible.
This provides a baseline in which you can measure the maturity of your staff and the success of the program.
To further assist our customers we also offer a service to measure the success of your Security Awareness Program. This program is best combined with our Baseline service which would provide a strong measurement of the success of your awareness program.
Our Security Education Platform’s detailed reporting provides insight into each assessment and education component you choose to include in your security awareness and training program.
As users are completing their training assignments, you can monitor the results and look back over the data that was gathered throughout the assessment and training steps. You’ll be able to review employees’ interactions with Cyber Strength assessments; Phishing-Attack, Smishing-Attack, Social-Attack and/or USB-Attack assessments; and our interactive training modules. You’ll have access to detailed information about who completed which assignments, who fell for specific simulated attacks, which concepts employees understand well, topic areas of weakness, and improvements over time.
Our extensive library of reports provides you with aggregate and individual data that shows completion status of assignments, most missed items, as well as each user’s training report card, and other data about the assignments. As the training completion deadline approaches, you can use the assignment completion report to determine which employees need to be reminded again about the due date of their training assignments. Results will appear immediately and you can gauge employee proficiency and begin to plan the next assessments and the next training module assignments.
At any point in the cycle, you can print reports to provide a summary of results to managers, human resources, executives, and any other interested parties.
At layer 8 Security we offer Security Consultancy services with Enterprise Cyber Security Expertise.
The Layer 8 Security team consists of highly skilled IT security experts and engineers. Our senior project leaders have been working in the information security industry for many year in many different organisations.
Most importantly, when you’re a customer of ours, we commit to you as your partner in information security. Your problems are our problems; we are personally engaged with your project from initiation through completion, and dedicate ourselves to your needs when you retain our services on an ongoing basis. Throughout every consulting project, we share our best practices and corporate knowledge. In this way, we transfer our expertise to our customers, providing you with a level set and the ability to confidently monitor, manage, and improve your risk posture on an ongoing basis.
- Vulnerability and risk assessments
- Internal and external penetration testing
- Policy and plan development
- Configuration management, design, and remediation
- Enterprise security architecture design and re-design
- Computer security incident response
- Engineering and architecture design
- Operations management
- Application and software security assurance
- Insider threat and APT assessment
- Social engineering (targeted phishing)
- IT risk management and compliance
- & many more
Simulation attack tools
Simulated attacks mimic the techniques social engineers use to collect sensitive and confidential information from people. Our four tools — Fly Phishing, Smishing, Social-Attack and Drive-By — will help you safely assess your organizations’ level of vulnerability to attack.
This tool allows you to create groups, design a simulated phishing email, and send it directly to your users. Should a user click on the simulated phishing link, download an attachment, or enter information into a landing page, they will receive a “just-in-time” teaching message via a customizable Teachable Moment. In less than one minute, these Teachable Moments help employees recognize what could have been a critical mistake. This is an eye-opening — and humbling — experience, and it has been shown to make employees more receptive to follow-on training. Our customers have experienced up to 90% greater completion rates when using simulated attacks prior to training.
This is an industry-leading software-as-a-service product that enables security officers to send simulated SMS/texting attacks to their users’ mobile phones to assess their susceptibility to smishing techniques. These customizable messages are also paired with a Teachable Moment; any employee who falls for a mock phishing attack will receive one of these brief messages, which alert employees to the dangers of actual smishing attacks and prime them for additional training.
This targets another cyber security threat vector: infected USB drives and other removable memory devices. Using this tool, an organization can determine which employees are most susceptible to these attacks and who should receive additional training. Like our Fly Phishing and Smishing assessments, Drive-By mock attacks are paired with Teachable Moments that — in less than one minute — instruct users about the dangers of infected media devices and help them understand how to avoid future mistakes.
This targets the two most innovative attacks, Social Engineering and Social Media. These two attacks are based around the mechanisms used to utilize upcoming social interactions to identify the weak spots within employees’ behaviour.
We engage via the telephone, with employees, becoming friendly with your employees and innocently asking for information that they may perceive innocuous or unimportant, eventually identifying vital information that may be detrimental to your organization if this information was disclosed.
With Social Media we engage in campaigns to attack users utilizing the most common social media platforms like Facebook, LinkedIn, Google+, Pinterest, Twitter and other chat programs. With this we can identify the employees who are susceptible to this kind of attack. This is an eye-opening experience, and it has been shown to make employees more receptive to follow-on training.