Our next spotlight on the Student Services offered by the SECRC, focuses on the centre’s Remote Vulnerability Assessment service.
The COVID-19 pandemic has seen many aspects of our daily routines change or has required us to adapt to new working environments. This has also been the case for cyber criminals who have had to adapt their tactics, they are now targeting people who are spending more of their lives online than ever before.
Working remotely, home schooling and the launch of many small businesses has given cyber criminals a new playground to embrace. But our Remote Vulnerability Assessment service can help in identifying weaknesses that might be used to help cyber criminals carry out successful attacks.
What type of information can cyber criminals exploit?
Late last year, a school payment system Wisepay, that allows parents to pay for things like school meals and exam fees online was targeted in a cyber attack. The attack led to parents being warned that their card details may have been compromised.
Wisepay said a hack of its website meant an attacker was able to harvest payment details between 2 and 5 October via a spoof page.
Attempted payments to about 300 schools have been affected by the scam.
But the firm said only a small number of the pupils' parents would have used its system before it was taken offline.
This is an example of where the Remote Vulnerability Assessment system would have been able to identify possible weaknesses that cyber criminals would have been able to exploit.
How does the Remote Vulnerability Assessment work?
If your organisation is connected to the internet, this service will remotely review that connection in the same way as an attacker would perform reconnaissance, looking for potential weaknesses.
The service uses the same toolsets and skill sets as hackers use to map your organisations internet connections. This service also benefits from regional Police and National Cyber Security Centre intelligence to capture the very latest known threats and techniques used by cyber criminals.
Remote vulnerability assessments are not penetration tests, where the goal is complete systems compromise or to take full control of your systems.
Service reporting will provide a plain language interpretation of the results and how any vulnerabilities might be used by an attacker, as well as simple instructions on how any vulnerabilities might be fixed.
Find out more or request a quote for this service here.
I would like a full penetration test of my systems, can the SECRC help me with this?
We are able to recommend our IASME Trusted Partners network to provide additional services such as a full penetration test.
Our Trusted Partners have been subject to due diligence checks by the accreditation body appointed by the National Cyber Security Centre, the UK’s National Technical Authority who are a part of GCHQ. They are also certification bodies for Cyber Essentials and Cyber Essentials Plus schemes which assure you have considered the most common cyber technical controls.
Learn more about our Trusted Partners here.