RansomAware™ – Fractis S.A.
single-product-text-image
  • Designed for SMEs and organizations lacking the resources of large corporations.
  • Fast project turn around.
  • Results that exponentially elevate your cyber security defenses.

Ransomware is the most monetizable form of cyber-attack and has become an omnipresent cyber threat faced by organizations globally. Many of them, especially SMEs are particularly vulnerable as they lack the technological resources or skillsets to withstand even basic cyber threats.

The prevalence of this threat in Greece is highlighted by FBI statistics showing that Greece has been ranking in the top 20 cyber victim countries globally since 2020.

Based on our extensive experience as cyber security professionals, our approach quickly outlines the key weaknesses of a business along with actions which can effectively increase your cyber defences.

single-product-text-image
single-product-text-image

The recognition of the 1+5 main areas to set up defensive lines allow us to customize a multi-line of defense strategy best fit for your organizations’ needs, starting from your users and ending on your infrastructure.

Our simplified and clear-cut approach is aimed at conveying the key takeaways and actions that will protect a company that does not have the expertise or maturity to withstand attacks like Ransomware.

 

 

 

What you get:

  1. Increase in security: A RansomAware™ report – highlighting your key cyber risks and outlining how they can efficiently managed. This will allow you to take action either with our help or independantly, increasing your cyber defences.
  2. Oranizational optimization: A map of the key components of your infrastructure and your most important data. This will alow you to make better use of your resources, both human and techonological, in increasing your cyber resilience and achieving your business goals.
  3. Readiness via education & preparation : A ransomware incident response plan, a communication manual on how to communicate if there is an incident along with a cyber security handbook for your people. This will enable you and your team to either prevent or effectively respond to a cyber attack.
  4. An emergency contact: who knows your infrastructure, increasing the support that can be provided in case of an incident – if it is ever needed.
single-product-text-image

Fractis has had the honor to serve leading organizations both domestically and internationally. Indicatively these organizations include:

Domestic:

– Shipping companies
– A systemic bank
– Critical infrastructure operators
– Organizations in aviation
– Major law firms
– Major player in the food industry
– Major software companies & IT organizations

International:

– Business process and outsourcing organizations
– Strategic advisory firms
– Law firms
– Investment companies
– Financial infrastructure organizations
– Technology organizations

Trust and privacy are paramount in the work we do, so even the names of our clients are considered sensitive information. Advertising you are secure only calls for unwarranted attention.

The steps of our approach in general could be summarized as following:

  1. Introductory meeting
  2. Identification and analysis of client’s needs
  3. Formulation of the scope of work and key objectives
  4. Preparation of a proposal
  5. Discussion and agreement of the proposal
  6. Insertion of proposal in services agreement and signatures
  7. Execution of the services agreed
  8. Follow up after the termination of the services provided
  9. On going support based on your needs

Standards:


– ISO/IEC 27001: Information security management system standard.
– ISO/IEC 27002: Code of practice for information security controls.
– ISO/IEC 27005: Risk management for information security.
– ISA/IEC 62443: Requirements for implementing and maintaining electronically secure industrial automation and control systems (IACS).
– NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations (used in the U.S. government).
– Standard of Good Practice for Information Security (SOGP): Business-oriented information security guidelines developed by the Information Security Forum (ISF). Available only to ISF members and eligible associated organizations.

Frameworks:


– NIST Cybersecurity Framework: The guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology.
– HCAΑ: The implementation of the Hellenic Civil Aviation Authority’s framework to the entities it regulates.
– COBIT (Control Objectives for Information and Related Technologies): A framework for the governance and management of enterprise IT.
– CIS Critical Security Controls: A set of best practices designed to help organizations prioritize and implement cybersecurity measures.

Guidelines

– ENISA Guidelines: The European Union Agency for Cybersecurity provides various guidelines on cybersecurity topics.
– SANS Critical Security Controls: A set of best practices to enhance the cybersecurity posture of an organization.
– Cloud Security Alliance (CSA) Security Guidance: Guidelines for securing cloud computing environments.

A high-level overview of our approach:

  1. Gap analysis – Our specialized professionals meticulously conduct a gap analysis against your designated standard, framework, or regulation. If you are uncertain as to what benchmark is most impactful for your organization, we conduct a preliminary assessment to identify the right standard, framework or regulation that best meets your objectives.
  2. Provision of findings and recommendations – Following the comprehensive gap analysis, we provide targeted and detailed recommendations for every identified gap or finding while accounting for each organization’s available resources.
  3. Prioritization of recommendations – Understanding that each organization has unique needs, we prioritize the recommendations, offering short-term tactical wins and long-term strategic objectives. This prioritization is crafted to align with your risk tolerance and available resources, ensuring that you achieve both immediate improvements and long-term goals. We aim to empower your organization with a clear, actionable pathway to heightened security and compliance.

Co-sourcing: We flexibly augment your capabilities in the provision of internal cyber security and IT functions integrating the specialists and technologies you need in your organization to perform the services or tasks you require. This middle ground between inhouse and full outsourcing fosters the transfer of knowledge and expertise as by sharing responsibilities and joint decision making you not only achieve your objectives, but we jointly skill-up our teams as they learn from one another. This mode of collaboration strategically leverages the strengths of our respective personnel and is ideal for organizations which want a more hands-on approach.

Outsourcing:  We assume and proceed with executing the functions, tasks, and responsibilities which you would like to have to increase your capabilities. After careful scoping and determination of reporting requirements and lines, you can then proceed with focusing on your primary objectives with peace of mind. This allows you to obtain access to specialized technologies, skills and competencies, in a cost-effective way that is flexible and scalable. This mode of collaboration tactically augments your available resources and is ideal for organizations that want a more hands-off approach.

  1. Long term: Over long periods of time with tactical involvement, often decreasing in duration over time. The lessening required duration over time is usually due to the increase in efforts required in the beginning to put structures in place, streamline efforts and the achievement of economies of scale, which come with involvement and time.
  2. Short & medium term: A limited period either in the short or medium term until operations or infrastructures are streamlined and finetuned.
  3. Ad-hoc: To tackle specific projects or engagements.
  4. On the job skill acquisition: until train internal staff are trained or until the conditions are ripe to hire suitable profiles.

Several factors play an important role in determining the right technological solution in any organization.

– Clear identification of the problem to be solved or objective to be met.

– Thorough assessment of the context in which the technological solution will be implemented. This analysis includes:

– the way you operate as an organization.

– your human resources and their skill level.

– other technologies you may have in place.

– Required investment vs increase in protection.

The end goal is to find the right technological fit for your organization.

While antivirus software remains an essential component of cyber security relying solely on it can leave even the most basic organization vulnerable to modern threats. It offers limited protection as it is only effective against known malware strains and unable to face zero-day attacks and exploits of unknown vulnerabilities.

Furthermore, modern cyber threats such as ransomware, the most imminent threat to most organizations, can easily bypass traditional antivirus software in most cases. Finally, and given its focus is on endpoint protection, it is unable to adequately defend your networks or cloud infrastructures.

Contact form

    *Required fields