Implementing and managing a secure environment is very difficult and requires significant resource commitment. We can assist you to address your security and compliance needs by providing full scope penetration testing, outsourced security staff and services, compliance preparation, and security program creation and strategy.

Depending on customer need, we focus our engagements on social engineering, physical security and network security to address all aspects of implementing and maintaining a secure environment. We can also help with compliance needs, policies, procedures, controls, and virtual CSO functions.

Pinnacle Group Security SolutionsImplementing and managing a tightly secure environment is difficult and generally requires a significant resource commitment. We can help you address your security and compliance needs by providing full scope penetration testing, outsourced security staff and services, compliance preparation, and security program creation and strategy.

9 Top Security Breaches and How to Prevent Them From Happening to Your Business

Lapses in basic security measures continue to result in attackers comprimising sensitive data. Password hacks, malware, and phishing have grown every year, resulting in the theft of intellectual property and exposure of sensitive customer data. These attacks endanger reputations and threaten a business's ability to serve customers. It's clear you need to protect your enterprise. 

Ponemom Research: 2015 Cost of Data Breach Study

2014 will be remembered for such highly publicized mega breaches as Sony Pictures Entertainment and JPMorgan Chase & Co. Sony suffered a major online attack that resulted in employees’ personal data and corporate correspondence being leaked. The JPMorgan Chase & Co. data breach affected 76 million households and seven million small businesses. IBM and Ponemon Institute are pleased to release the 2015 Cost of Data Breach Study: Global Analysis. According to our research, the average total cost of a data breach for the 350 companies participating in this research increased from 3.52 to $3.79 million2 . The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 in this year’s study. 

Technology Experts Foreshadow Technology's Future

Technology is moving so quickly, predictions for next year already are losing relevance. A more distant view is now required to stay ahead of the curve. Short-term trends come and go, but the true impact of mobility, Big Data and the cloud still remains to be seen. That’s why we asked some experts to weigh in on their long-term predictions for business technology. So 2020, here we go. Or rather, here we come.

Frost And Sullivan Report: How to Improve Your Enterprise Security

As the Internet threat landscape continues to evolve, so too must security technologies. Yet, the practice of stacking an increasing number of independent security technology “boxes” can contribute to several undesirable outcomes, notably: operational complexity, sub-optimized security expenditures, and inefficiencies in risk management. Overcoming these outcomes is the aim of all-in-one security. This approach consolidates multiple essential security technologies onto a single appliance, with control of all technologies through a single management interface—a single pane of glass. 

Managed Services Perception vs Reality Infographic

Even though managed services have a multi-year, proven track record, some business managers still hold on to the same old perceptions. We think it’s time for a reality check.

Infographic: Cloud Requires Dynamic Security

Four imperatives to safeguard your move to cloud and reduce risk

The Pinnacle Group is Your Answer for Security Questions

Is your organization prepared for a cyber attack? Watch this video to learn how we make sure you are prepared!

www.youtube.com

5 Cybersecurity Trends to Watch for in 2016

We may welcome in the New Year with open arms, but we must also prepare for the cybersecurity threats ahead of us. The 2015 Cost of Data Breach Study from IBM and the Ponemon Institute put the average cost of a data breach at $3.79 million, and that figure is expected to grow in the year ahead. With the right resolutions, you can drastically reduce your chances of falling prey to cybercriminals.Here are five major trends in cybersecurity that you should have in mind when updating your InfoSec plans for 2016.Cloud servicesAs more and more of the services we use reside in the cloud, IT departments can lose oversight and control. Employees are bypassing IT to snag the services they feel they need, and there’s a real danger that they’re bypassing security protocols and systems in the process. You should take steps to ensure that your IT department has full visibility.Even approved cloud vendors must be scrutinized on an ongoing basis. Do you know where your data resides? Do your cloud service providers meet your security standards? If they aren’t in compliance, their failure to meet regulatory requirements could be something that you’re liable for. Don’t take it on trust, test your third-party vendors and verify for yourself. RansomwareThe impact of ransomware is growing. According to the Cyber Threat Alliance, the recent CyrptoWall v3 threat has cost hundreds of thousands of users worldwide more than $325 million so far. This kind of attack encrypts important files, rendering data inaccessible until you pay the ransom. It often relies upon social engineering techniques to gain a foothold.It works, and we expect to see a lot more of it over the next 12 months, because the easiest way for many individuals and businesses to get their data back is just to pay the ransom. With a bit of forethought, better education and real-time security protection, not to mention a regular, robust backup routine, the threat of ransomware can be cut down to size.Spear phishingCybercriminals follow the path of least resistance and the easiest way for them to gain access to your precious data is usually by tricking a person into handing over the keys, not by writing a clever piece of code. Phishing attacks are growing more sophisticated all the time, as official-looking messages and websites, or communications that apparently come from trusted sources, are employed to gain access to your systems.The targeting of high-level execs or anyone with a high security clearance is on the rise. If cybercriminals can hack a CEO’s account, for example, they can use it to wreak havoc and expose a lot of sensitive data. Educating potential targets about the dangers is not enough. You need a combination of real-time monitoring and scanning systems, with protective blocking capabilities. That said, sometimes laying down a security policy for employee education is all you need. Known vulnerabilitiesThe open source movement has leveled the playing field for many companies, and there are also lots of off-the-shelf software packages that are very popular. Integrating this software will often make more business sense than developing something in-house, but you have to keep vulnerabilities in mind. Publicly known vulnerabilities are one of the biggest threats for IT departments.Consider that HP’s 2015 Cyber Risk Report found that 44% of 2014 breaches came from vulnerabilities that are two to four years old, and you can see the problem. Software must be patched regularly, and expertise is required to avoid common misconfigurations that offer attackers an easy way in.The Internet of ThingsWe’ve seen a wave of mobile devices and wearables stream into the workplace, each offering a new potential inroad for a cybercriminal, but the Internet of Things represents another looming threat. As connectivity spreads into every corner of our lives and businesses, it becomes more and more challenging to maintain a clear view of entry points and data flow.The IoT may herald some exciting business opportunities, but we must be mindful about ensuring that access is limited and secure. Sensitive data should be encrypted, access must be restricted, and oversight is needed. It’s important to be able to manage and block access to enterprise devices and networks when necessary.If you expect to enjoy success in 2016, and you want to ensure that your plans aren’t derailed, then make sure that these cybersecurity trends are on your radar.The opinions expressed in this Blog are those of Michelle Drolet and do not necessarily represent those of the IDG Communications, Inc., its parent, subsidiary or affiliated companies. This article is published as part of the IDG Contributor Network. Want to Join?

Services Provided

Physical Security Testing / Consulting
Social Engineering (Targeted Phishing and Human Social Engineering)
External and/or Internal Network and Application Penetration Testing
Wireless and Bluetooth Profile and Testing
Security Interview-Based Assessment (non-adversarial)
Virtual CSO (Chief Security Officer)
Assistance in building a comprehensive sustainable security program

Benefits To You

External Security review
Audit preparation
Real world visibility into current security posture
Security program foundation knowledge
Provide information to close compliance gaps
Assistance in building a sustainable Information Security Program

Engagement Deliverables

Executive overview
Detailed notes
Full reports
Remediation recommendations

Compliance Frameworks

HIPAA/ARRA/HiTech
ISO27002 Framework
PCI/DSS
SOX
SAS70/SSAE16 preparation
NIST

The Pinnacle Group's High Value Security PortfolioA complete listing of Pinnacle Group's Security Solutions

IBM Security: Cloud

IBM protects cloud environments with cloud security strategies and a comprehensive portfolio of solutions. These security solutions span the entire cloud lifecycle and all security domains, including identity and access management, application and data security, infrastructure protection and security intelligence for the cloud.

Veeam V9

The Pinnacle Group’s Total IT Data Protection service provides state of the art, turn key data protection.   Total IT’s data protection feature integrates into your company’s existing disaster recovery strategy and is cloud based, capable of protecting both physical and virtual environments. When you use the Pinnacle Group’s highly skilled engineering team to manage your organization’s data protection solution, your company’s IT team is free to focus on delivering innovation that adds value to your business.

Services Description

External Network and Application Penetration Testing

We perform comprehensive external penetration testing utilizing industry standard automated tools as well as manual testing using experience proven techniques which simulate what the bad guys will do.

Internal Network and Application Penetration Testing

We perform comprehensive internal penetration testing utilizing industry standard automated tools as well as manual testing using experience proven techniques which simulate what the bad guys will do.

Social Engineering/Phishing Attacks

We perform targeted phishing attacks with proven methods to test your staff’s resolve not to click unknown links and to avoid phishing email scams

Social Engineering/Physical Access

We perform targeted social engineering attacks on staff and guards to gain physical access to restricted areas

Wireless and Bluetooth Profile and Testing

We can perform wireless and Bluetooth radio architecture and vulnerability profiling and assessment.

Security Interview-Based Assessment (non-adversarial)

This is our most popular service. Through a series of interviews with key personnel, we perform a ‘friendly’ assessment to determine the organizations overall security posture and make key recommendations toward a comprehensive and realistic remediation strategy. This service can be tailored to prepare your organization for an audit

Security

Services Provided

Services Provided

Services Provided

Benefits To You

Benefits To You

Engagement Deliverables

Engagement Deliverables

Compliance Frameworks

Compliance Frameworks

Services Description

External Network and Application Penetration Testing

Internal Network and Application Penetration Testing

Social Engineering/Phishing Attacks

Social Engineering/Physical Access

Wireless and Bluetooth Profile and Testing

Security Interview-Based Assessment (non-adversarial)

Virtual CSO (Chief Security Officer)

Assistance in building a comprehensive sustainable security program

Policies, Procedures, and Controls Consulting

Featured Articles

Get in Touch

Solutions