Cybersecurity: Safeguarding Businesses, People and Assets Online
SGS helps you meet the cybersecurity risks and challenges from the increased connectivity of devices, systems and applications.
Cybercrime is an ever-expanding threat for increasingly connected businesses, consumers and society. From new industry 4.0 factories to connected home devices, protecting networks and online services, securing customer data and demonstrating compliance are key challenges. As a result, the demand for trustworthy products, systems, networks, communications, services, companies and professionals is growing.
Yet, as industries – such as automotive, electronics and software companies – move to produce trusted products to meet these challenges, they must also comply with increasingly stringent cybersecurity regulatory and certification requirements. Plus, the increasing need for skilled cybersecurity professionals is driving demand for specific training that covers evolving industry best practice and the latest cyberthreats.
SGS – at the forefront of cybersecurity expertise
We combine cybersecurity expertise and technical resources with our proven track record as a world-leading, independent third-party certification provider.
We are at the forefront of cybersecurity advocacy and research for products, Internet-of-Things (IoT) and network assessment and monitoring. We are also a member of several initiatives and working groups, focused on the creation of future cybersecurity legislation and standardisation, including:
- European Public-Private Partnership (PPP) for Cyber Security of the European Commission
- European Cyber Security Organisation (ECSO);
- Charter of Trust
- Cybersecurity Cluster of Spain (AEI Ciberseguridad)
- German Alliance for Cyber Security
The SGS CyberLab aims to meet the challenges of IT security, helping and supporting customers all over the world, in a consistent and standardised manner, 24/7/365. Inside our state-of-the-art facilities, we deliver services to help you understand and address the challenges you face in the digital economy:
As the largest operator of independent testing labs, we deliver services globally with a dedicated focus on time to market, independence, transparency and confidentiality. We help you understand cybersecurity threats and how to counter them to meet security criteria – from the smallest component up to the most complex system. Our services include:
- Common Criteria
- IEC 62443 Industrial Cybersecurity
- SAE J3061 Automotive Cybersecurity
- IEC 62351 Smart Grid
Understanding your organisation’s inventory of connected assets and level of security is vital. In addition, bring your own device (BYOD) programmes and the use of WiFi hotspots can cause a range of additional cybersecurity issues. We offer a range of solutions to help, including:
- Network Mapping and Vulnerability Assessment (NMA): an independent security assessment of the most relevant assets in any network. Delivered remotely or onsite, our NMA package can be deployed over any infrastructure, from minimum to no intervention by your personnel
- Web Applications Vulnerability Assessment (WVA): an independent assessment for security flaws in web applications which could lead to data loss. Checks are conducted against the minimum requirements of the OWASP standard’s top 10 web application and top 25 CWE/SANS vulnerabilities
- Industrial Network SCADA/ICS Assessment (SMA): an independent assessment focusing on PLCs, process controls and protocols and any access to the system (either physical, local or remote) by using the same basic methodology as that of the SGS Network Assessment
Using advanced artificial intelligence (AI), we carry out assessments, mostly automated, by comparing your settings and architecture to previous versions to get a deeper understanding of vulnerabilities, and a rating of your company network. This can then be benchmarked against other assessments, and the average in your industry/sector.
Penetration testing provides an exact picture of your cybersecurity resilience, and the weak points in infrastructure and processes. Typically delivered after a network mapping and assessment, penetration testing makes possible to determine the impact of vulnerabilities and security flaws found during the assessment phase. The results enable you to understand how to address vulnerabilities, and whether your applications or web services have the required resilience against cybercrime. Our service includes:
- External Penetration Test (EPT): independent verification of your Internet IT and OT network and infrastructure security. EPT is verified through an intrusion test where the vulnerabilities identified during the assessment phase will be exploited. The intrusion test is conducted using the techniques and tools used by real attackers
- Web Applications Penetration Test (WPT): independent verification of the security and resilience capability of your web applications. It is verified through an intrusion test where the vulnerabilities identified during the assessment phase will be exploited. The intrusion test is conducted using the techniques and tools used by real attackers
- Mobile Application Penetration Test (MPT): independent assessment of your mobile and desktop applications, reviewing code, communications, data storage, and different sets of attacks to challenge the security architecture
Cybersecurity threats are active 24/7. Though many occur are on the internet, they mainly come from inside organisations. That is why our SOC services provides you with the real-time continuous monitoring needed to control your assets. We help you to re-gain control over your networks and system activities, and to deploy a consistent response in the event of a security incident. As an accredited and independent third party, we provide services without conflicts of interest, organised into three levels:
- SOC Level I – external perimeter monitoring: real-time monitoring, investigation and remediation of external threats and attacks from the internet
- SOC Level II – external and internal monitoring: as with SOC Level II, with the addition of real-time monitoring, investigation and remediation of internal threats and attacks from inside your organisation
- SOC Level III – incident response team: as with SOC Level I and II, with the addition of neutralising the threat from the source, including gathering valid legal evidence
SGS provides enterprises with an array of IT certification, including:
- ISO 20000
- ISO/IEC 27001
- CSA STAR Certification
- Euro Cloud
- Seal of Cybersecurity
- IEC 62443
To meet the growing needs of cloud service providers, we provide third-party certification assurance services. This independent assessment enables you to demonstrate that your cloud services meet appropriate service standards across a range of criteria – for example: data protection, security, environment, infrastructure, applications and compatibility.
As the global leader in professional training, we offer worldwide centres of excellence, providing the very best learning and development solutions customised to your exact needs. We offer high-quality training and development at every level of your organisation – anywhere in the world.
In a digital economy, one of the most valuable assets is data. The need to trust in data (its veracity), as well as to demonstrate proper handling (privacy) and intactness (integrity) is key for organisations. The ability to detect, withstand, respond to and recover from attacks or security breaches is a cornerstone for business continuity. We help you to build, develop and improve your data handling capacity. From online solutions to assist data management to the assessment of data handling policies for mobile applications, we enable you to confirm that you handle customer data in a sensitive, secure and compliant manner.