Experts from three
different sectors
Are you not sure if your digital assets and applications require cybersecurity support?
Are the data you collect secure?
The number of attacks on the organization's infrastructure and data theft has been growing at a breathtaking speed in the recent years.
Why should you consider Lemlock as your cybersecurity partner?
Secure your applications and digital assets.
Protection of the organization's resources is a challenge that requires knowledge and actions requiring both legal and technological expertise.
Do you suspect that your organization has been hacked? Contact us immediately!
Watch the video
Why is the risk of an attack on data
so great?
Main reasons for attacks
political
(el!(i%us
ideological
financial
testing abilities
ente!t)inm@n*
Carrying out attacks on the organization's infrastructure and data theft has been on the rise in the past few years.
According to Deloitte’s report, such areas as the motor industry, as well as the financial, telecom and medical sectors proved to be the most popular among cybercriminals in 2017. Currently, there are still more motives for their devastating activity, and any company or institution that has attractive resources or that collects and processes valuable data can become a target of a cyber attack.
The Internet is constantly updated with new training materials concerning security, sometimes also used for unethical reasons. More than 25% of attacks end up not only in data leakage, but their loss as well (often also with the loss of the backup copy).
Consequences of a successful attack cannot be underestimated. Loss of information, destruction of information systems or a blocked website means not only damage to the organization's image and loss of reputation, but it may also cause enormous financial losses. From 25 May 2018, the occurrence of these situations may cost you much more - even up to 20 million euros or 4% of global turnover. This is closely related to the data protection requirements listed in the General Data Protection Regulation (GDPR).
Systems and data security is a continuous process that involves not only the implementation of standards and security, but also their continuous monitoring and testing. In this area, you can not afford concessions or compromises.
What can you lose if you won’t secure your
applications and digital assets properly?
Data loss
Blockage of organization’s activity and its revenue
Loss of reputation
Destruction of IT systems
Financial penalties up to 20 million euros or 4% of the annual global turnover
The reason for the threats are the increasingly frequent and more sophisticated cyberattacks on the organization's systems and the failure to comply with the new data security requirements introduced by GDPR.
What strategies are used by cybercriminals?
0%
On average, ¾ of system intrusions are carried out in a matter of minutes. In 50% of cases it takes more than a month to actually detect the attack.
On a large scale
Cybercriminals are able to carry out large-scale attacks by joining groups. A spectacular attack which took place in May 2017, affected nearly 100 countries. The hackers used an exploit called ETERNALBLUE which had been stolen from the National Security Agency. The bug hijacked computer screens and encrypted hard drive data, demanding bitcoins to unblock them. A massaged, worldwide attack of ransomware software called WannaCry caused the most damage in Russian computers connected to the internal networks of the Ministry of the Interior and the Investigative Committee of the Russian Federation. It also took its toll in the British healthcare system, blocking all patient data, and in the German railway or Renault factoriest. It is still unclear who the attackers were, but the attacked vulnerability was quite obvious and it could have been prevented in the first stage of penetration tests.
Sector-specific
These days, there are more and more sector-specific or small-scale attacks. Banking institutions are a very attack-prone area and at the beginning of 2017, Poland saw a rise in attacks on this sector. The website of the Polish Financial Supervision Authority, or rather its subpage for bank employees, was infected. Thanks to that, the malware spread on their computers, stealing personal and financial data, as well as infiltrating the bank’s infrastructure.
Target-oriented
Victims of cyberattacks are quite often very specific companies, not only large corporations. Small, local businesses which collect and process data useful for criminals are the most prone to attacks. A Japanese travel agency, JTB Corp., can serve as a good example: a database infiltration attack resulted in the theft of almost 8 million records with sensitive data including client names, addresses and passport numbers.
Why neglecting cyber threats can cost you
20 million EUR or 4% annual turnover?
GDPR (General Data Protection Regulation) is a new EU regulation concerning personal data protection to come into force on May 25th 2018.
It confers new powers on national authorities who control the processing of personal data, e.g. penalizing non-conformity with GDPR requirements, charging as much as 20 million euros or 4% of the annual global turnover. Owing to this, many companies have already started introducing changes to their activity.
GDPR introduces new regulations regarding e.g.:
- transparency of data and procedures,
- consent for the processing of personal data and their deletion from legal persons,
- designing tools for the processing of data,
- the scope and availability of data
- the appointment of a Personal Data Administrator and new responsibilities.
The legal regulation concerns not only entities established in the EU, but also those from outside of the EU who offer goods and services in the EU (even free of charge) or monitor customers’ behavior on the European market.
In cases of breaches or even suspected incidents, the inspection body will assess the introduced preventive measures. The right choice of data security systems may help to significantly minimize the financial penalties. Introducing security measures and testing their efficiency will prove to be of much greater importance starting in May 2018.
Since the entry of GDPR into force:
Personal Data Administrator is obligated to introduce appropriate technical and organizational security measures while specifying the processing method.
Constant monitoring is required, as well as a swift reaction to incidents and real-time notifications about privacy.
Obligation to notify the supervisory authorities and the data owner about an incident resulting in a personal data security breach.
Why do solutions have to be
comprehensive?
Threats related to breaches of security and privacy of data, as well as financial penalties for non-conformity to the new regulations, require appropriate preventive measures.
The protection of organization resources is a continuous process which requires both legal and technological knowledge and actions, and thus:
verifying the security and its constant monitoring
adapting norms and procedures to existing provisions of law
introducing appropriate technological solutions ensuring data security
We've been trusted by
How you can benefit from a partnership with Lemlock?
Experts from three different sectors
Lemlock is synergy which combines expertise from the following three sectors: security testers, lawyers and software engineers.
Security and
Verification Tests
Verification Tests
Surveillance and Verification Tests
Lemlock supervises changes made to your infrastructure, software or information systems. After the verification tests you can be sure that the patches or improvements will be legally and technically compliant with documentation/report on safety status tests.
Methodology
and competence
and competence
Methodology and competence
Lemlock’s tests and audits are performed in accordance with OWASP and NIST standards, as well as with ISO 27000. Our testers hold ABW certificates confirming their reliability, and the whole process is supervised by a law firm.
Active
monitoring
monitoring
Active monitoring
Continuity of data security irrespective of occurring threats requires continuous and active monitoring. Lemlock is like an alarm which will inform you about every single detected threat.
Start within
48 hours
48 hours
Start within 48 hours
Starting the testing process is possible within the first 48 hours. A quick start guarantee and the progress report allow to monitor the entire process in real time.
Security
certificates
certificates
Security certificates
Lemlock standard, Lemlock platinum and GDPR compliance certificate help the holder boost their reliability and trust among clients, business partners and employees.
How our work is done?
contact
consultation
progress
report
surveillance
certificates
BONUS: Free consultations with an expert regarding the implementation or modification of security measures.
How will you be sure
that your data are safe with Lemlock?
Modern clients are people more and more aware of their rights concerning personal data protection. Companies and institutions which collect or process data gain a significant competitive advantage by proving that they treat security measures seriously.
Using Lemlock solutions you can easily notify your clients, business partners and employees that you use the right security measures.
Lemlock STANDARD
a penetration test
and a security audit
checking the level of security and eliminating detected breaches
Lemlock PLATINIUM
monitoring of networks
and services
constant monitoring and immediate correction of detected vulnerabilities
GDPR compliance certificate
a GDPR compliance
audit
implementing changes in compliance with GDPR requirements