Why Withum Should Be Your First Call
Cyber-attacks are extremely frightening and can be devastating; but most of us have no experience in effectively dealing with these incidents. However, if an attack does occur, your first call should be to us at Withum.
Modern cyber-attacks ‘DNA’ include intelligence gathering on targeted victims, often over a prolonged period of time; they are covert, pervasive and have long-lasting impacts and effects, well beyond financial losses. Modern threats, regardless of the type and size of your organization, include nation-states, organized criminals, hacktivists, internal threats, among many other actors.
We think of cyber-attacks as originating from some obscure foreign country, but they can also be carried out by a competitive company or organization, as well as insiders from your own organization. Internal threat actor(s) impacts have been of the most devastating. An attack on a major bank, for example, was orchestrated by a disgruntled insider who “obtained over 140,000 social security numbers, one million Canadian Social Insurance Numbers, 80,000 bank account numbers, along with the personal information of more than 100 Million US citizens and 6 Million individuals in Canada” and exposed personally identifiable information from 2005 – 2019. The volume of these attacks is increasing exponentially and require considerable protective measures. Once a cyber-attack occurs, without the proper controls in place, the impacts can be devastating and even catastrophic. In fact, after a devastating cyber-attack, some businesses have to close their doors for business permanently. Withum’s cybersecurity team successfully identifies and mitigates cyber-attacks in real-time, often even before they occur, 24/7/365 via Withum’s Fusion Center.
We have a very experienced cyber group and top-tier facility that assist clients in this terrible and untenable situation. I know some of them pretty well and they are very highly qualified and experienced true professionals. The Withum Cybersecurity team includes former members of our military from United States Strategic Command (“STATCOM”) from the Department of Defense responsible for strategic deterrence, global strike, and operating the Defense Department’s Global Information Grid, the US Air Force Cyber / U.S. Cyber Command, the US Army, as well as highly experienced veteran IT / IT Security staff from the private sector. The group is headed by Matthew Ferrante, a former awarded Top Electronic Crimes Special Agent (“ECSAP”) for the United States Secret Service and former Executive for Barclays bank globally security team. His background is extensive, including in the private sector, and he is likely one of the most experienced people in the world on fighting cybercrimes with accolades from the credit/debit card industry, academia, and major government cyber operations including but not limited to successfully designing the first computer network wiretap on online organized global criminals. He also assisted Joint Terrorism Task Force (“JTTF”) and provided US Presidential and Foreign Dignitary protection, as well as being assigned to the Presidential Protection Detail (“PPD”).
With the number and variations of successful cyber-attacks increasing every day, organizations must look to protect their customers, employees, financials, personally identifiable information, and confidential data — or risk severe consequences. At Withum, we provide a suite of cybersecurity solutions and services, tailored to support the organization through all phases of the security process. We do not do piecemeal band-aid type of protection but provide a comprehensive package of cybersecurity services that address the problem of Cyber Crime and protect what is critical to your business.
Our expert cybersecurity team works with clients to:
- Identify core assets (i.e. confidential data and information, also known as ‘crown jewels’) that need to be protected and determine the company’s current level of preparedness.
- Protect the ‘crown jewels’ by developing and/or honing the regulatory requirements, such as CCPA, GDPR, NY Shield, PCI, HIPPA, etc., as well as internal requirements to align to effective and adaptive security control framework(s) that are proven effective with verifiable metrics and reporting so you know your security investment is actually working.
- Detect areas within systems and processes that are weak and vulnerable to assault via penetration and vulnerability scans, vCISO, vCCO and security control gap testing. At Withum we use both known industry toolsets, as well as our own proprietary expert toolsets. This ensures maximum risk, vulnerability, and threat identification, thus, enabling your organization to make well informed decisions. For our more confident clients, we suggest engaging us on a formal ethical hacking project where we act like cybercriminals in an attempt to penetrate and verify systems and/or physical premises security control posture.
- Respond effectively to contain cyber-attacks and minimize the impact. We use a rapid response team and digital forensic experts to determine the point of entry, whether data was accessed or exfiltrated, and dig into the bits and bytes to ensure no other suspicious code or malware is hiding on systems.
- Recover quickly from an attack with a plan to restore capability and reputational losses.
A prior blog I posted was written by Anurag Sharma from this group. Anurag has been a friend for almost 15 years.
I could go on and on, but I want to make three points:
- Protect yourself. The cost will be miniscule compared to the costs to fix a serious breach, and you will sleep a lot better.
- Unfortunately, breaches can happen, and it is not a question of ‘if’; but rather ‘when’ your organization will suffer a cyber-attack. Immediately contact Withum at firstname.lastname@example.org Time is of the essence.
- Consider engaging Withum now to review your incident response plan and/or engaging them via a service level agreement (“SLA Agreement”) to expedite a rapid response when an impact occurs.
For a preliminary discussion, contact either Withum’s Cybersecurity team at email@example.com or contact me firstname.lastname@example.org and I’ll set up the meeting. However, if you suspect a breach has occurred and need immediate assistance; do not hesitate to get in touch with the Withum Incident Response Investigatory Support Team (“Withum I.R.I.S.™”) at email@example.com and one of our First Responders will assist with any questions or concerns you may have.
Do not hesitate to contact me with any business or financial questions at firstname.lastname@example.org or fill out the form below.
Read More of the Partners’ Network Blog