icon

Technical Security Services

  •  External Audit
  •  Internal Audit
  •  Webapp Assessment
  •  Wireless Assessment
  •  Incident Response & Forensics

More info...

icon

Personnel and Physical Security Services

  • Phishing Attack Simulation
  • Physical / Premises Security Audit
  • Other Social Engineering

More info...

icon

Information Security Management

  • General Security Healthcheck
  • Vulnerability and Risk Management
  • Regulatory & Compliance Assistance
  • Managed Security & Virtual CISO

More info...

icon

Training

  • Security Auditing: Technical
  • Security Auditing: Management
  • Wireless Security

More info...
work
FINANCIAL SERVICES

Key current information security risks relevant to financial services are primarily related to fraud leading to either direct or indirect monetary gain. Such activities typically require unauthorised access to confidential information including via identity fraud and user account compromise. Quite often malicious insiders are implicated (industrial espionage, insider trading) and social engineering is involved. In addition, financial services are heavily regulated with numerous regulatory requirements pertaining to information security. These may range from PCI DSS to Basel regulations for banking industry, UK FSA IT Controls requirements, the relevant Sarbanes-Oxley requirements in the US and so forth. Preventing information security risks goes a long way in keeping your sensitive financial and personal data safe, assuring your customers and partners, and meeting critical compliance demands.

work
INFORMATION TECHNOLOGY & COMMUNICATIONS

One of the most critical information security risks it is facing are related to gaining unfair competitive advantage, especially by intellectual property theft. Another key risk area is vulnerabilities and security gaps in produced software products, offered services, and supporting infrastructure. Their exploitation may easily lead to customer and can be highly detrimental to company reputation. While not being as heavily regulated as finance, legal, or gambling industries, numerous IT, software engineering and Telecom companies choose to obtain and uphold ISO27001 and SOC1/2 certifications, as well as to certify their products to Common Criteria. In addition, IT service providers commonly bear the grunt of their customers compliance needs contractually transferred to the provider and regularly verified with security audits from the concerned customer side. By preventing the relevant security risks, IT and Telecom companies can preserve their competitive advantage, avoid blame for security shortfalls, keep and extend the existing customer agreements, and gain new customers.

work
LEGAL & INSURANCE

Key current information security risks relevant to legal and insurance companies are primarily related to compromise of sensitive business and personal information which may lead to severe repercussions including, but not limited to significant legal fines and loss of customer confidence. A common example of a relevant risk is the so-called 'Friday afternoon' scam as it often targets conveyancing firms at times when they are likely to be holding significant amounts of money. The nature of legal services also presumes that the attackers are often highly motivated being personally involved in specific cases. Just like financial services, legal & insurance industry is heavily regulated by the SRA, ICO, information security-relevant sections of Solvency II, and so forth. Preventing information security risks goes a long way in keeping your sensitive business and personal data safe, assuring your customers and partners, and meeting critical compliance demands.

work
NATURAL RESOURCES, ENERGY & UTILITIES

Key current information security risks relevant to these industry sectors often relate to industrial espionage, political hacktivism, and attempts to gain direct infrastructure control by attacking physical control systems (SCADA). Quite often, an attack may not be about taking over a service or obtaining confidential information – it may simply be aimed at system and service availability disruption. Foreign states involvement in such attacks is increasingly common. Local utilities services may also be a target for monetary fraud attempts in their operations area. By preventing the relevant security risks we can keep your key infrastructure safe and avert major incidents resulting in loss of services leading to customer, tangible resources and image loss.

work
RETAIL & E-COMMERCE

Key current information security risks relevant to online retail and e-commerce business include monetary theft and loss either via compromising credit card and other banking credentials, or by tricking e-commerce applications to obtain “free” or “discounted” services and products online. Apart from the theft itself, such incidents can easily create problems due to PCI DSS compliance failure. Its outcome ranges from being shifted to PCI Tier 1 with higher and more expensive compliance responsibilities to total refusal of service from major credit card providers hence blocking any E-commerce activities. Known monetary theft, denial of service, private data exposure, and site defacement attacks severely degrade company image and lead to customer loss with disaffected customers filing complaints and lawsuits. Prevention of the stated security risks enables effective online trading while preserving and expanding the existent customer base. It also allows safe introduction of novel services and applications.

work
HEALTHCARE & PHARMACEUTICAL

Key current information security risks relevant to the healthcare sector traditionally involve patient data exposure, corruption and loss – the aspects which are heavily regulated around the globe. However, emergence of new health support networked tech heralds an era when abuse of security flaws in such technologies either across the Internet or over local wireless links can directly endanger human lives. As for the pharmaceutical industry, intellectual property theft remains the major issue taking into account the sheer amount of resources necessary for new medicines and methods R&D. By preventing the relevant security risks, healthcare and pharmaceutical companies and organisations ensure that patient and sensitive research data are not compromised, regulations are met, the quality of clinical trials is preserved, and innovative medical technologies are introduced safely and without creating dangerous information security gaps.

Client's Comments

WHY ARHONT?

We have been at the forefront of security trends and developments since 2001 and have authored many books and whitepapers. We understand businesses of all sizes and across multiple vertical sectors. Our specialists come with a broad range of experience and with industry accreditation and security clearances. In simple terms, Information Security is all that we do!

Security is all about trust. From the initial conversation through to delivery, our services will be private and conducted in total confidence. We built trust through, engagement, service, quality, expertise, delivery and management. We are not affiliated to any hardware or software vendor, so are able to provide trustworthy, independent, impartial advice.

All businesses and situations are different and a single method or approach can not work for all. We form strong partnerships with all of our customers, work hard and deliver results to ensure that we are seen as part of your internal security team. Always going an extra mile to make sure that long term business relationships are formed with each and every customer. A true business Partner that you can trust!

Our rich hands-on experience and agile working method allows us to implement appropriate countermeasures in versatile environments in close to no time. We ensure that every project is completed in an open and transparent manner, while our extensive organisational flexibility permits the provision of individually tailored services for every single clients.