KEY PERSONS CYBERSECURITY ASSESSMENT
The Key Persons Assessment (KPA) is an in-depth cyber threat intelligence (CTI) analysis package, in which qualified analysts conduct a thorough investigation of critical human resources (human threat intelligence) through the eyes of known and relevant threat actor groups.
The KPA is a comprehensive review of the personal attack surface of key individuals and employees working for your organisation, as seen through the lens of a threat actor. This approach replicates the process threat actors are known to undergo when seeking fresh targets of intimidation, blackmail and coercion to exploit into a foothold within an organisation.
The Benefits Of A Key Persons Assessment
A KPA provides a highly-unique insight into how threat actors perceive both the organisation and its employees from a human-centric rather than a technical perspective.
A KPA empowers your organisation to effectively address the following concerns by:
- Immediately identify real-world online content that may pose a threat to your organisation, whether posted by an executive or a cyber or physical attacker, anywhere in the world.
- Identify online activity associated with key persons that threat actors may weaponise against your company or executives.
- Identify fake accounts on social and professional media impersonating key brands, persons and executives, potentially indicating threat actors in preparation for a confidence attack.
- Detect data leakage regarding key persons through information uploaded to paste sites, social and professional media forums and criminal dark web sites.
- Detect exposed credentials of your key persons and executives which could be used to gain access to internal resources.
- Highlight active threat actors and malware campaigns being used in your industry and against your peers.
- Establish the probable forms a personal attack against key persons could take, and prepare both immediate countermeasures and long-term training objectives to manage this risk.
- Inform internal policy decisions regarding social and professional media, threat actor contact procedures and disciplinary process in light of real-world examples and quantifiable data.
A KPA is invaluable to any organisation seeking to quantify the cyber risk exposure posed to their key personnel and executives, or how online activities of key personnel can be leveraged by threat actors into an effective attack against themselves or their employees.
Problem & Solution
Many threat actors, from the simple hacktivist to sophisticated Organised Criminal Groups through to state-sponsored cyberwarfare teams, are increasingly targeting humans within an organisation rather than the technical footprint of the organisation itself. As cyber defences improve and cyber awareness expands, it is the key executives and critical employees within a target that represent the most expeditious route for threat actors to acquire a foothold.
Cyber extortion is one such attack route, generally utilising email- or social media-based ransom demands. Threat actors locate personal or sensitive information about a key executive or manager. This can be in the form of personal information about spouses and offspring, photographs of compromising postings or online memberships, and in the age of public data breaches many reports have surfaced of the targeting of individuals via this exposed data, for example, the high-profile data breach of the popular adult website Ashley Madison.
A KPA meets these concerns head-on, by offering advanced warning of human-based weak points in an organisation’s trust perimeter, as seen through the eyes of a threat actor seeking to exploit critical VIPs, business units, and teams. Trained intelligence analysts utilise a wide range of reconnaissance techniques to uncover gaps in the personal cyber defences of critical individuals, locate fake social and professional media profiles, and to reveal potentially sensitive online postings that may be used to embarrass or coerce VIPs.
About The Key Persons Assessment
A KPA report empowers an organisation with an early warning of potential human-centric attack vectors, to which a traditional technical assessment is completely blind. No amount of advanced cyber defences can prevent a motivated internal individual with capable external assistance from acting against your organisation’s best interest.
The KPA intelligence-gathering process seeks to identify potential attack routes against these key individuals before threat actors make use of them. Nettitude analysts assess multiple intelligence sources to provide a detailed view of your board members, executives and other critical employees from the threat actors’ point of view, providing comprehensive employee cyber threat intelligence.
The resultant report enables an organisation and its key individuals to proactively sanitise their online histories and public social media presences to deprive threat actors of these opportunities. The report strongly informs future cyber policy and training decision-making processes by arming the organisation with real-life examples of personal attack surface vulnerabilities and their effective resolution paths.
A Nettitude KPA represents a high bar for both quality of output and intelligence analysis confidence. All findings within a KPA are extensively curated and reviewed by experienced analysts, no automated or ‘bulk’ findings are included in this analysis unless especially relevant to an intelligence objective, and results presented are of a sufficient standard to support both operational and strategic-level decision-making.
To safeguard both individuals and the organisation, Nettitude analysts follow strict protocols of redaction to ensure individual privacy is fully respected, and only details absolutely critical to the investigation are included in the resultant output. Nettitude’s priority is always to enhance and uphold the privacy and liberty of your organisation and its individuals, not to in any way compromise it.
Nettitude threat intelligence analysts comprise combined decades of experience in both cyber and military intelligence fields, and utilise this broad base of expertise to effectively replicate the processes threat actors are known to employ. Armed with this viewpoint, an organisation can effectively seal the leaks in their public and personal media presences, and train key executives to avoid such revelations in their future activities.
Whether your requirement is at a technical indicator (tactical), general awareness (operational) or board-level decision making (strategic) level, Nettitude are able to deliver the right outcome for your organisation.
The assessment will be conducted by Nettitude’s team of CREST Certified Cyber Threat Intelligence Analysts who have over 40 years of combined experience in the field across military intelligence and commercial cyber backgrounds.
Frequently Asked Questions about Data Privacy Security
What is an incident response policy?
An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. Nettitude follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.
Why is data privacy security important?
Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.
Does Nettitude practice sustainability?
As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.
Get a free quote