Cybersecurity Services

Protecting your company’s data has never been more important. Cybersecurity and privacy breaches can impact the reliability and availability of your systems and data, leading to potential financial loss, reputational damage, legal consequences, and the disruption of business operations. A comprehensive approach to cybersecurity protects sensitive information, customer data, and systems from unauthorized access, theft or disruption. Your cybersecurity program needs to address a broad range of compliance, technology and program components, including:

• Risk, Governance and Audit
• Advanced Threat Protection
• Network Security
• Data Security
• Infrastructure Security
• System Security
• Application Security
• Mobile Security

Cherry Bekaert’s Information Assurance & Cybersecurity practice offers a range of cybersecurity services to help protect your information systems and data from cyber threats. We can help you identify relevant cyber and privacy risks and develop realistic solutions and strategies to help minimize the likelihood and impact of your systems, operations, and data being impacted.

Compliance Readiness

Regulatory Compliance

• Banking (FFIEC, GLBA, NYDFS)
• Privacy and Cyber (GDPR, CCPA, SEC Cyber Disclosure)

Contractual and Third-Party Requirements

• Service Organization Controls (SOC) Services
• ISO 27001, 27701, 27017
• CMMC and NIST 800-171
• NIST CSF and NIST 800-53
• HITRUST CSF
• Microsoft SSPA
• Payment Card Industry (PCI-DSS)
• Cloud Security Alliance CCM
• Cyber Due Diligence

Attestations Examinations Certifications

Cybersecurity Risk & Technical Services

Penetration Testing

• Network (internal, external, wireless)
• Application (web, API, mobile)
• Social Engineering

Cybersecurity Assessments

• Cyber and Privacy Risk Assessments
• Vulnerability Scanning (network, web, mobile)
• Network Segmentation
• Cloud and On-Prem Security Architecture
• Security Configuration Assessments
• Ransomware Readiness
• Identity and Access Management

Cybersecurity Process Improvement

• Business Continuity and System Resiliency
• Incident Response and Threat Hunting
• Risk Mitigation/Cyber Insurance

Managed Cybersecurity Compliance

Compliance-as-a-Service

• Virtual Information Security Officer
• Security Awareness Training and Programs
• Cyber Governance, Strategy, Policies and Procedures
• Fully Integrated GRC

The Cherry Bekaert Difference

Our experienced professionals help organizations defend their information assets by quickly assessing, auditing, transforming and securing their IT environment. Utilizing a flexible and business-friendly approach, we collaborate with you based on your priorities, strategic plans and budget. Our experienced professionals utilize leading tools, processes, and frameworks to achieve your cybersecurity and privacy goals.

Cyber Transformation Journey

Cherry Bekaert’s customized engagement structures meet a variety of client objectives:

• Compliance readiness across all cyber and privacy domains, policy frameworks and regulatory requirements
• Certifications and audits of key cyber and privacy frameworks and regulations
• Internal audit technical assistance in support of your efforts to meet your cyber and privacy audit needs
• Cyber process improvement to improve the people, process and technology elements of your cyber program
• Cyber due diligence assessments to identify and manage cyber risks in business transactions
• 24×7 cyber support for network and endpoint protection, monitoring, threat detection and incident response
• Point-in-time cyber assessments to identify and prioritize threats to your IT systems, applications and operations.

Common Use Cases

Assessing Your Cyber Posture and Risk

Organizations need to know the ins and outs of their critical data – what types they have, where it is stored, where it travels, who can access it, and who can change it. To help you understand your organization’s security posture, a Cherry Bekaert Cyber Risk Assessment will identify, assess, and prioritize threats to your IT systems, applications, and operations. These may include security/privacy threats, fraud, and abuse exposures, and inefficient or ineffective operational vulnerabilities.

Obtaining a Service Organization Controls (SOC) Report or Other Attest Standards

As an independent CPA firm, we provide detailed, thorough and efficient SOC attestations. These attest services may provide assurance to applicable stakeholders that various controls can be relied upon for financial reporting (SOC 1) or in compliance with operational criteria (SOC 2, SOC for Cybersecurity and SOC for Supply Chain) as specified by the AICPA Trust Service Criteria. Assurance may also be delivered in the form of other non-traditional attest services.

Cyber Due Diligence for Business Transactions

Cyber breaches, and the risks they pose, are costly to any organization. They can drastically impact the value of a business deal, even after the transaction has closed. Astute investors assess the health and safety of an organization’s data prior to committing a substantial investment. Sellers can benefit by performing due diligence to demonstrate a mature security posture prior to engaging in a transaction. Cherry Bekaert professionals produce third party reports on cybersecurity maturity, which can increase investor confidence and expedite the closing of a deal. We assess across all elements of an organization’s cyber posture – all levels of governance, compliance, risk, vulnerability, technical, and physical controls can and should be assessed before any merger or acquisition.

Training Your Workforce To Be “Cyber-Ready”

Ransomware attacks are costly and pervasive. Building and maintaining a resilient technology platform relies on security policies, procedures, and protocols consistently applied and enforced. Security Awareness Training Programs are designed to empower your employees and contractors with appropriate guidance on how to fulfill their responsibilities to protect your information systems. Periodically assessing the knowledge and compliance of your “insiders” helps them identify and avoid potential social engineering threats like phishing scams.

Complying With DoD Cyber Requirements

Government contractors play a critical role in securing and protecting our nation’s data. Achieving cyber compliance is a necessary step in the Department of Defense’s procurement process, and certification is required prior to bidding on certain contracts or supporting contractors.

Understanding the Cybersecurity Maturity Model Certification (CMMC) requirements and diligent preparation is key to undergoing a successful certification assessment. Cherry Bekaert’s team of CMMC Certified Assessors and Professionals understand the intricacies and demands of transforming your cyber program to achieve certification.

Penetration Testing your Networks and Systems

Cyber threats exist inside and outside an organization, and the risks that these threats pose cannot be fully quantified without detailed technical testing. A penetration test (also known as “ethical hacking”) is used to determine the feasibility of an attack as well as the impact should one of these attacks be successful. Cherry Bekaert cybersecurity specialists perform tests to mimic how a real-world attacker exploits the security weaknesses across your IT landscape. Beyond just identifying vulnerabilities, we apply human expertise to exploring the effects of real-world attacks that link individual vulnerabilities in the context of your overall environment. This level of expertise is what determined attackers will have, and often results in a catastrophic compromise.

Reducing your Compliance Burden

Technology teams are burdened with numerous cyber requirements from regulators, customers, and internal stakeholders. To increase the success of an audit or certification, Cherry Bekaert can act as facilitator, interpreter, and liaison between you, your auditors, and your regulators. Our experience allows us to simplify the compliance process, create greater efficiencies, and minimize disruptions – all while identifying and mitigating risks before your auditors and regulators arrive. We eliminate distractions, confusion, and stress on the key personnel at your organization prior to and during the actual audit/review.

Finding the Vulnerabilities in your IT Environment

Every IT environment has inherent vulnerabilities, and new ones are being discovered every day. Vulnerabilities result from a variety of issues; anything from an unpatched application or operating system to a small misconfiguration in a firewall or router can put your systems at risk. When a hacker exploits these vulnerabilities, the impact is damaging. When organizations fall victim to a cyber-attack, usually the vulnerability could have been easily avoided.

Questions? Contact Us