arrow_back Back to Services

Cyber Vulnerability Testing and Risk Assessments

Cloud Provider Cyber Risk Assessments Secure Cloud Engagement Cosecure will assess your current account with your cloud service provider. This assessment will include validation of adherence to best practices of cloud engagements. Remember, you are generally responsible for the security of any servers in the cloud to the same extent you would be if they were on premises (“on-prem”) servers. Cosecure will assess your cloud engagement process from start to finish. The assessment will include proper configuration and security rule review. Cosecure will run full external vulnerability assessments against any internet-facing servers and full internal vulnerability assessments against internal-facing servers. Our approach leverages our team’s years of experience to ensure a thorough review of current practices.

Cosecure can help you with the most popular cloud service providers, including:

      1. Microsoft
            Azure Compute
            Azure Identity
            Azure Backup
            Office 365
            Other Services

      2. Amazon
            Elastic Computing 2 (EC2)
            Simple Storage Service (S3)
            S3 Glacier
            Route 53
            Other Services

      3. Google
            Compute Engine
            Cloud Storage
            Other Services

Internet of Things (IoT) Cyber Risk Assessments

      1. CCTV Risk Assessments

IP Cameras are the most prevalent IoT devices on today’s corporate networks. Our team has years of experience configuring and testing IP cameras with the goal of ensuring the best possible cyber protection.

      2. Printers and Copiers

Printers and copiers have both become multifunctional network assets. Both devices may have access to Windows shares, especially if they can scan documents to the network. The settings on these devices can be the vector for the initial compromise of your network.

Business Unit Realignment Cyber Assessments

      1. Reorganizations

Reorganization of your business can lead to incomplete organizational charts, which can lead to incorrect alignment of access rights on the network. A complete personnel audit can ensure that only properly authorized employees have access to sensitive files.

      2. Mergers

Merging two companies can lead to a complex situation. In Active Directory, you will be creating forests and trying to establish trust relationships between the trees. If this is not something you do every day, let us help you create an environment where the right people have access to the proper assets and only the proper assets.

Social Engineering Education and Testing

      1. Phishing Test

Directing false emails at your employees is one of the primary methods hackers use to infiltrate your network. Phishing, Spear Phishing, and Whaling will all fall under this umbrella. Attackers need only one employee to click on the links in their email, so your defense must be 100 percent effective. This is why frequently testing your employees is critical to the safety of your systems. .

      2. Vishing Test

Vishing is phishing done over the phone. In the most common type of vishing, the attacker poses as a member of your IT department and tries to get the employee to provide usernames and passwords. The attacker can then use this information to perpetrate a full cyber breach. Our expert social engineering staff can test your employees for this type of vulnerability.

Passive and Active Password Risk Assessments

      1. Passive Password Risk Assessment

One popular method to compromise a network is to use password spraying. This is where commonly used passwords are tried in combination with known usernames to find a valid authentication pair. We can take your password hashes and compare them against passwords from known password breaches to determine if your organization is susceptible to this type of attack.

      2. Active Password Risk Assessment

After conducting a passive password risk assessment, we move to an active password risk assessment in which we iterate through common passwords to generate passwords which are related to those breached. For example, if “mypassword01” was released in a previous password dump, and one of your employees uses “mypassword02” this would be considered a very insecure password.

Network Asset Inventory Assessment

      1. Network Asset Inventory

The first step to securing your network is to understand what is on your network. Our analysts can take a full inventory of all computers and devices on your network. You may be surprised at what is on your network if you have never looked. Many of our clients find computer which they thought were out of service and have out-of-date operating systems on them. They sometimes also find computers or laptops missing. You never know unless you look. Allow us to help you audit your inventory and create a physical asset list if one does not yet exist.


COSECURE, an ancillary business of Cozen O'Connor, has been on the leading edge of cyber security and risk management for over 20 years and are actively protecting global Fortune 100 companies, law & technology firms, and high net worth individuals.

© 2022 COSECURE Terms & Conditions Privacy Policy