Today’s modern legal practise is a hive of information that is at risk of sophisticated attacks by cyber criminals. To protect your most valuable information assets, you need to test your internal and external IT systems for vulnerabilities that expose you to cyber-attacks.
As the legal sector increasingly embraces the online marketplace, the attackers are ever more laser focused on the industry. Breaches are sadly common place where organisations have not sorted their cyber security out properly. The outcome of these data breach are:
- Company brand is tarnished
- Consumer trust erodes
- Client leave
- Competitors use the news to harvest your clients
In order to ensure the security of your legal practise it is recommend that you engage with a suitably qualified external third part to perform regular penetration testing. In fact GDPR, in article 32, places a legal requirement for security testing be performed at least annually.
How we can help
Hedgehog Security has a tried-and-tested approach to penetration testing. We have been doing it since 2009. The foundation to our approach is built on reconnaissance. A solid reconnaissance effort is key to any engagement, and we focus on target identification, foot-printing, and server and service vulnerability identification.
We follows a modified NIST 800-115 standard when performing network penetration testing. This includes:
Discovery – Our penetration testers begin by identifying hosts to be included in our target of evaluation. Sometimes this information is provided upfront; other times we must use technical means to discern the addresses of live hosts within the target environment.
Enumeration – Once they have a detailed list of targets, we will enumerate them to identify available services on each target.
- Vulnerability scanning – These targets are then fed into our commercial vulnerability scanner and an automated vulnerability assessment is performed.
- Gain Access – The identified vulnerabilities will then be leveraged to gain access to systems within the target environment.
- Escalate Privileges – Leveraging exploits and other techniques engineers will escalate privileges to access more of the system and all the files on the machines.
- System Browsing – Browsing the systems for data, credentials, or other information to expand our influence. If more systems are found additional discovery and vulnerability scanning will be performed.
- Lateral Movement – Moving laterally within the network to expand influence and look for more valuable data that an attack could be looking for.
- Reporting – Our team compile all of the data into a comprehensive repot laying out attacks methods, and risk ratings for each area of the organisation.
How we work
We are a small team of certified white-hat hackers with a drive for exceptional client service We have a structured approach to every engagement:
- Understand and prioritise your concerns and penetration tests goals (eg compliance, vulnerability, internal threat, etc).
- Agree on penetration testing approach and timing.
- Assign expert cyber security penetration tester tasks best suited for the tasks.
- Perform the penetration tests to uncover weaknesses in your cyber defences.
- Give you a stakeholder-ready report providing detailed review of your cybersecurity posture.
Want to know more about penetration tests? We are very happy to help. Do reach out to us using the form below, or the chat button on the bottom right.