Cybersecurity Warrant of Fitness

Cyber WOF

Like motor vehicles, an organisation’s cybersecurity should be checked on a regular basis by a third party to ensure the security controls in place are relevant and capable of keeping your business and staff are cyber safe.

Of course,there are industry standards such as ISO27001 or NIST which achieve this, but not all businesses wish to endure a full security assessment or; have the need for such accreditations. 

So, CyberGrape have developed a cybersecurity ‘WOF’ service, which performs an assessment across your organisation and provides pragmatic recommendations relating to your business’ requirements, without the extra cost and effort.

Cybersecurity XDR Technology
remove before flight

Mis-configurations & human error

We understand that your business has likely invested time and money in protecting yourselves from Cybersecurity threats, but Cybersecurity is often callenging to get right, with its constant need for tweaking and management – human error can occur.

Our Cyber Security WOF service is simplified into seven catagories:

    • Darkweb Threat Intelligence
    • Human Risk Assessment
    • Network Traffic Analysis
    • Third Party Risk Assessment
    • Vulnerability Assessment
    • Security Policies Review
    • Backups Review

Darkweb Threat Intelligence

Often the results are startling for businesses when they discover just how much of their information is already out there.

We run a series of scans across over 400+ open source inteligence touchpoints across deep and darkweb, hacker forums and stolen data repositories, to provide a hackers perspective of your business.

We’ll show you were you have leaked credentials, vulnerable internet facing systems and provide a ‘board ready’ strategy report and ‘technical stakeholder report on what should be prioritised in terms of remediation to get your business back on track.


We perform an advanced internet wide search of your organisation, using your domain name as the only seed information. Our state of the art software, is a Gartner peer insight leader and is considered the best in the business. All we need is your top level domain, from there our systems will scan depths of the internet most never get to see, and we provide an agressive hackers perspective of your business. Our report will not only provide you information around where your business is most vulnerable, but also provide you a strategy report on what you need to address first to quickly close your cyber security gaps.

Human Risk Assessment

An organisation’s weakest link or your strongest first line of defence in a cyber attack, can be determined by a few simple tests.

Our Human Risk Assessment will send out a security questionnaire to each and every member of staff, as well as launch an email phishing campaign and provide you with a report showing who in your oragnisation are more phish or social engineering risk prone and where the gaps in their security awarness are. We will also provide an indication of how long it would take to breach your security as a result.

Your staff can be your weakest link, or strongest line of defense against cyber criminals – and it comes down to simply how educated they are. Our report will not only show you where certain members of staff have gaps in their security awareness, but we will provide a custom, user specific, strategy on how we can close those gaps together. Our assurance platform is Cyber Essentials Certified, giving you peace of mind that we are using the industry’s best in driving your business forward.

Network Traffic

It takes on average 220 days before a security breach is identified. This means that you may already have malicious activity happening on your network and devices without you knowing, right now.

Our Network Traffic Analysis assessment is a two week long engagement, where we analyse traffic on your network and workstations and provide a report on where your users are browsing, the types of applications they are using and if there is any suspicious traffic on your network as well as uncovering Shadow-IT. We integrate with threat intelligence feeds which update constantly, so we will even be able to discover and report on newest threats without delay.

By far, the least intrusive yet highest impact assessment on the market. Powered by Cisco, we leverage industry leading intelligence as well as advanced tool sets, provided by a global super power who has built their capabilty over the last 38 years. We’ve developed our service to provide you intel on the latest threats known to the internet, and byte for byte comparrison to real data on your network today, regardless of if your structure is 100% remote working, or dedicated office network. Within minutes of setting up the monitoring, we can tell you where your data is residing and what shadow IT systems you need to be aware of.

Third Party Risk Assessment

Third party risk was identified as a top threat by compliance leaders in 2019.

In fact, 83% of executives tell us that third party risks were identified after initial onboarding and due diligence. As these external partnerships become increasingly complex, the need for understanding vendor risk has never been more prevalent.

Our Third Party Risk Assessment provides up to date information on where your technology parters and vendors are in their security maturity, and provides you necessary information to help safeguard your business from attack.

Simply put, every business in the world relies on a technology partner to some degree to operate. Be it from email to logistics management, we all have some element of our business that hangs off the good judgement of people not directly employed by our business, and Third party security is paramount to our own operations. 

Understanding our vendors security posture is one of the hardest risks to manage for a business of any size, so having a view on what risks they impose on your business is paramount. We provdide an ‘up to the minute’ security posture report, showing you exactly where your vendors are weak and how that might affect your business in the long run.

Vulnerability Assessment

We will discover, assess and prioritise your critical vulnerabilities and instantly reduce your cybersecurity risk.

While most organisations have a patching policy and regularly install recommended patches, vulnerabilities can still occur. Leveraging insights from over 180k vulnerabilities sourced from over 25+ threat sources, we discover your whole network across IT, OT, and IoT assets for a complete, categorised inventory, enriched with details such as vendor lifecycle information and much more. 

Unlimited in the number of endpoints, our vulnerbility assessment is powered by an industry leader Qualys. Qualys have been providing vulnerability management intellligence for the last 23 years and are trusted by most organisations world wide. Will will scan your entire network, and provide assessment of every device in your technology ecosystem.

Security Policy Review

For policies to be effective, they must be  reasonable, auditable, enforceable, and measurable.

Security policies are a must have in helping your business remain safe. Policies are often difficult to produce, and similarly as difficult to socialise across the business and enforce. 

We will review the policies you have and provide advice on where we would suggest them to be altered. Where you don’yt have any policies, we can help you write some and we even have a brilliant way of solicalising them across your organisation.

Our CISO’s have enormous experience, and we have practical knowledge of what makes for a good internal policy or not. We can also evalute the effectiveness of how well the policies are understood, as well as provide a compliance capability to ensure that all your staff are aware of what they need to do. We will also ensure your staff are aware of what they need to do during a cyber incident, which will not only save your business time and money during an incident, but give your insurers and investors assurance that ‘You’ve got this’.

Backups Review

Backups reduce impact of ransomware – fact.

Data backup is the best way to protect yourself against ransomware. If you have a clean backup of your data when ransomware strikes, and are able to prevent ransomware from reaching the backup and encrypting it too, you have a safe and easy way to recover without paying the ransom.

We will review your backup architecture, disaster recovery processes and test the ability to restore data to ensure you have peace of mind should the worst happen.

Effective backups are one of the oldest forms of Business continuity. Without backups, we have no assurance that our systems and data will remain relevant. As it happens, an effective data backup policy, strategy and process is the deciding aspect of surviving a cyber attack. We will assess and test your current ‘all things backup’ – and make sure your business will survive the inevitable.