A cyber threat susceptibility assessment is something every business should do.

Our pragmatic 3 step assessment will help you understand where your business may have weak controls or being targeted by malicious actors, and we will provide a strategy on what remediation may need to be prioritised first. Aligned to CERTNZ’s recommendations, we can guide you while you strengthen your business’ security controls and help prevent potential cyber incidents.

1. Identify threats and vulnerabilities

Work out who may want to access your systems and data, and how vulnerable or exposed you are.
• Our consultants conduct an non-intrusive scan of your organisation and collect data from over a 1000+ open-source intelligence repositories, including scan hacker forums and darkweb sites looking for any suspicious mentions of your company’s domain.
• Futhermore, we assess and eliminate false positives as well as measure the findings against Industry standards and frameworks, to give a security score everybody can understand.
• During the process Cybergrape assess the security of your DNS, email system controls, your websites, network security and 15 other technical categories.
• Lastly we’ll look for common indicators of vulnerabilities to provide a ransomware susceptibility index based on the information found.

2. Determine the risks

After we’ve identified the threats & vulnerabilities, we determine the risk each one presents
• We provide a graphical distribution (heat map) to determine the status of each of the findings from step 1. Based on MITRE and NIST frameworks, we confirm the criticality of each threat discovered.
• We will create a security frameworks compliance report, showing where our findings map against 14 specific security standards (eg. NIST, ISO, PCI etc). Note: These are for information purposes only and purely based on what can be determined externally to your IT environment).

3. Implement Controls

Define controls that will help prevent, or mitigate your business cyber threats
• We generate a full internal stakeholder technical report, with granular details on all findings, reference to the Common Vulnerabilities and Exposures (CVE) as well as recommendations on how to mitigate them.
• We then provide a ‘board ready’ strategy summary report providing current state security posture, high level steps required for mitigation as well as a ‘to-be’ expected security posture rating.

Who is Cybergrape ?

CyberGrape is a 100% NZ Owned and Operated Cybersecurity company providing cyber risk mitigation and management solutions to all New Zealand businesses. We pride ourselves in providing enterprise level security solutions, to businesses of all sizes and industries, in Aotearoa.
Being ‘purple’ we focus on both Blue and Red team security solutions, assisting our clients in implementing new security controls, as well as testing the ones they already have. Our key value is integrity, and we believe in being fully transparent when working with our clients and partners to ensure we achieve the best possible security solutions for the best price.

Leave a Reply

Your email address will not be published. Required fields are marked *