Wed, Oct 15, 2014
The company looks great on paper it has an innovative product, a great sales team and a lean approach to expenses. Whether the business model is centered around customer data, intellectual property or proprietary information, a key question often overlooked by investors is: “Has management really recognized the issues and risks posed by insecure data protection?”
Even good companies can be unprepared
How can you ensure that an investment target isn’t one keystroke away from a major cyber incident or data breach? How can you be sure that an attacker isn’t already lurking in their network? If a threat is identified, does the organization know how to respond to mitigate damage so brand, reputation and investment value are retained?
Cyber Due Diligence conducted prior to investment can identify actual or potential cyber security lapses, areas that may be at risk, quantify remediation costs and help restructure an investment should substandard cyber security systems data or latent breaches be discovered. Likewise, a target can strengthen its attractiveness to investors by conducting its own cyber due diligence, enabling it to mitigate risk through identifying and minimizing any found cyber weakness.
Kroll’s experts know that cyber security risks are here to stay and have been helping investors identify, evaluate and quantify them. For more than 40 years, Kroll has advised private equity firms, hedge funds, investment banks and venture capital investors on reputational due diligence matters. Our cyber experts provide the same high level of care and attention in conducting your cyber due diligence, enabling us to:
Kroll’s cyber due diligence assessment
Kroll’s Cyber Due Diligence provides clients with a level of assurance regarding the state of their enterprise systems. Using its customizable modules described below, to assess a firm’s Cyber strengths and weakness, Kroll’s thorough gap analysis provides actionable information for management to sharpen their practices and procedures.
Module 1: Endpoint Threat Monitoring and Analysis
Kroll can quickly install a sophisticated toolset that will rapidly detect and respond to threats in the subject environment. This enables us to watch every piece of software on every machine in real time. We can help you know what is happening in the network right now. Kroll’s cyber security experts will work with your team to identify appropriate steps to contain and respond to any incident we detect and to implement countermeasures that help thwart future attacks.
Module 2: Security Controls Risk Assessment
Kroll’s Security Controls Review evaluates existing policies and procedures to determine if the right standards and framework are in place to respond to a Cyber Security incident. Our comprehensive assessment can determine if the right controls are in place to protect your confidential assets, and how well you can detect, respond to, and mitigate threats. A review can be standards-based (ISO, NIST, PCI-DSS, HIPAA/HITECH, GLBA, etc.), or against Cyber Security Best Practices.
Module 3: Incident Response Tabletop Exercise
A tabletop exercise can help identify any gaps or deficiencies prior to experiencing an incident, and ensures that responders know what to do in the event of an incident. Incident Response planning is critical to effectively detect and manage security incidents or data breaches. An Incident Response plan is a good first step, but it is not enough. The organization needs to effectively execute that plan so that reputational issues and associated costs, including notification and legal expenses, don’t quickly spiral out of control.
End Point Threat Monitoring Analysis Report
Security Controls Risk Assessment Report
Incident Response Table-top Exercise Report
With these Kroll reports in hand, management and investors can move forward with a thorough understanding of their cyber security environment.
About Kroll
Kroll is the leading global provider of risk solutions. For more than 40 years, Kroll has helped clients make confident risk management decisions about people, assets, operations, and security through a wide range of investigations, due diligence and compliance, cyber security, physical and operational security, and data and information management services. Headquartered in New York with more than 55 offices across 26 countries, Kroll has a multidisciplinary team of nearly 2,300 employees and serves a global clientele of law firms, financial institutions, corporations, non-profit institutions, government agencies, and individuals.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
When organizations worldwide need intelligence, insight and clarity to take decisive action, they rely on Kroll.