Cyber Attack Surface Scanner (CASS) Programme

While cyber security standards, technologies and methods have improved drastically over the last decade, social engineering remains persistently effective and inherently difficult to prevent. Trust-based cyber-attacks still pose the greatest threat to organisations, with 85% of organisations experiencing phishing and social engineering attacks accordingly to a recent cybercrime study by Ponemon Institute.

In contrast to traditional technology-based approaches to cyber-attacks, social engineering specifically targets the weakest link in the cyber security chain: people and their natural urge to trust others. 

What is CASS?

The Cyber Attack Surface Scanner (CASS) programme is developed to offer organisations a hacker’s view of their digital footprint. By identifying potential security risks on publicly available information and taking corrective actions in time, organisations can avoid falling victim to trust-based cyber-attacks.

Why is CASS Important for your Organisation?

Trust-based cyber-attacks are not only detrimental to your business, they can affect your customers as well. For example, phishing emails may be used to entice individual employees to click on malicious links that compromise their accounts or online credentials. This may lead to sabotage of networks, routers and other physical hardware, or even leakage of confidential customer details. With the preventive measures made possible by the CASS Programme, organisations can protect both their business and customers.

Our CASS Programme

Designed for organisations of all sizes including Small and Medium-sized Enterprises (SMEs), organisations with limited cyber security budgets as well as firms with large cyber security investments, the programme provides valuable statistical information with the interpretation and support of our highly skilled CASS experts.

The CASS Programme tackles the issue of trust-based attacks by achieving 2 primary objectives:

• Firstly, it identifies publicly available information that can be used by hackers to add legitimacy to their social engineering attacks. The programme then recommends actions to be taken such as to remove, obfuscate or verify this information.
• Secondly, it detects early signs of vulnerability in organisations' public websites that attackers identify when picking targets of opportunity. Actions are then recommended to remediate these issues.

Completion of both objectives and implementations of recommended actions can greatly reduce the hackers’ capability to perform targeted social engineering, thereby minimising the exposure of your website as a target of opportunity.

Your business benefits

• Low cost investment – with 70 - 90% cost savings as compared to conventional security assessment services or phishing campaigns.
• Rapid turnaround – through customised automation, enabling results within a week.
• Unique insights – providing a direct view of the trust-based attack methodologies that organisations encounters.
• Pre-emptive awareness of social engineering attack surfaces – by identifying key personnel who are likely to be targeted for social engineering attacks.
• Completely non-intrusive testing – with no impact to operations.