SLVA and Black Kite join forces positioning SLVA Cybersecurity to analyse and secure South African organisations’ cybersecurity posture. SLVA Cybersecurity is both a value-added reseller and managed security service provider (MSSP) of Black Kite.
Black Kite is a non-intrusive intelligence-gathering platform that identifies critical vulnerabilities, pinpoints compliance gaps, quantifies cyber risk in financial terms, and can detect the likelihood of a ransomware attack with high-fidelity data.
Security threats are nothing new in the digital age, but one danger companies need to be more aware of is the growing connected risk, or to put it another way, the impact of third-party breaches.
Black Kite redefines vendor risk management with the world’s first global third-party cyber risk monitoring platform, built from a hacker's perspective. With vulnerabilities constantly emerging that are quickly exploited by cybercriminals, and a lack of due diligence in certain industries leading to breaches, it is clear that both the threats and the potential attack vectors will continue to evolve.
Considering how quickly both the attack surface and the threat environment are evolving, many chief information security officers (CISOs) find it challenging to keep track of their entire security posture.
“The real problem is that cybercriminals attack companies via third parties - essentially ‘island-hopping’ their way into target organisations. Black Kite’s solution is designed to help the CISO gain awareness of what is most relevant in the threat landscape, across their organisation, and crucially, potential third-party risks. The solution’s reporting mechanism gives concise and actionable insight into which areas an organisation is doing well in their cybersecurity approach, and which areas require immediate attention to protect what matters,” explains Patrick Evans, CEO of SLVA CyberSecurity
“Unsecured external-facing assets, such as databases and servers, pose a major risk to businesses. This risk increases significantly when it is a third party managing the data on behalf of a company, or even within a shared responsibility agreement,” he says.
Attacks do not discriminate between private and public sector entities - in fact, databases in the public sector are quite often out of date and remain unpatched, while typically also having a wide attack surface - leaving behind a weak defence strategy and therefore an easy target.
“Using data and machine learning, Black Kite's RSI™ is able to discover the likelihood that an organisation will experience a ransomware attack, by providing a multi-dimensional view of third-party risk,” says Evans.
Ransomware and unauthorised network access are two of the most common types of attack. The latter generally involves leveraging or cracking weak passwords and taking advantage of any vulnerabilities present in access control.
“Having a strong defence strategy means carefully monitoring an entire cyber ecosystem, as opposed to ‘cherry picking’ vendors based on assumed importance,” explains Evans. A holistic approach to vendor risk management requires intelligence from every angle. Black Kite’s protection goes beyond simple self-monitoring, instead taking the time to ensure that every vendor is monitored for vulnerabilities.
“While other security ratings service providers try to narrow the scope, Black Kite provides the only standards-based cyber risk assessments that analyse your company’s supply chain cybersecurity posture from all three critical dimensions: namely technical, financial and compliance,” says Evans.