“My message for companies that think they haven’t been attacked is: You’re not looking hard enough”

James Snook – Deputy Director of OCSIA (Cabinet Office)

“There are only two types of companies: Those that have been hacked and those that will be”

Robert Meuller – former FBI Director and currently Special Council

M9 treats security seriously.  We take a multiple rings of protection approach.  The first is threat prevention using state of the art tools, up to date patching and maintenance and encouraging robust and effective security policies.  The second is detection and containment, should a threat get through the prevention layer.  The third is backup and recovery, designed to minimise downtime and data loss.  The final layer is user education, which is probably the most important, as the bulk of attacks are non-technical, such as phishing and whaling.  We train users and provide tools which help users understand and manage potential threats.

Prevent

Contain

Recover

Educate

We provide:

  • Security Assessments
  • Security Audits
  • Policy, procedure and best practice advice
  • Threat prevention strategies, tools and services
  • Threat detection and containment
  • Effective backup and recovery tailored to your requirements as a business
  • Our focus is on small multi-national/multi-location organisations

M9 Cyber Security Narrative 

At M9 Group our goal is to be a world class Managed Service Provider putting your business needs at the heart of our service.  To be world class we must protect your systems and your people 24/7.  So one of our biggest priorities is to deliver an effective cyber security response across the full spectrum of threats we face.  We know an army of hackers from across the globe are targeting the UK every minute of every day.  We know we have to be at the top of our game every minute of every day to stay ahead of them. 

At M9 Group we take cyber security extremely seriously and believe we are industry leaders in the holistic approach we take to cyber security.  We understand the range of different threats organisations face from a variety of threat actors.  We access the latest up to the minute threat intelligence from GCHQ through our relationship with the National Cyber Security Centre and participation in its Cyber Security Information Sharing Partnership (CiSP) platform.  Our membership of the CiSP gives us access to cyber threat information shared between industry and government in real time, in a secure, confidential and dynamic environment increasing our situational awareness and allowing us access to GCHQ mitigation tools and advice which we then use to protect our clients.

Through working with you to understand your organisation’s business needs we develop and deliver bespoke networks, functionality and solutions matched to your particular requirements.  The service we provide enables your organisation to work at the peak of its effectiveness and efficiency whilst locking down and securing your networks and devices to offer the smallest, hardest target for cyber criminals to attack.  One of the most critical ways to prevent a successful attack is to patch.  We know most successful attacks occur through cyber criminals exploiting industry known vulnerabilities to gain access or take control.  Many of these vulnerabilities have been recognised for months or even years but out of date systems leave organisations wide open.  We quickly patch your hardware and software delivering the latest vendor security upgrades as soon as vulnerabilities are uncovered. At M9 Group we agree a patching policy and process with all our clients that swiftly delivers those vital security updates without compromising business as usual.  So whether that’s through automation or a managed process we ensure our clients are protected from the latest threat vectors.

But we don’t just wait for vendor updates to patch to protect clients systems.  Our 24/7 endpoint monitoring and vulnerability scanning means we proactively test for vulnerabilities in our client’s hardware and software using the same tools the hackers use.  We auto map all your hardware and software versions continuously which means any changes your staff make that may create new vulnerabilities and risks are identified and remediated.  As well as human intervention to protect our infrastructure and devices we use automated threat hunting and self-healing based on the latest advances in Artificial Intelligence and Machine Learning. This enables our software to automatically seek out weaknesses and fix them across our clients’ networks and devices without our clients even knowing we’re there.

At M9 Group we know the majority of successful cyber attacks take place not through sophisticated hacking techniques but old fashioned social engineering to trick staff to do things they otherwise would not do.  One of the most common business cybercrimes is Business Email Compromise where cyber criminals trick staff to click on links to download malware to give them all kinds of access or transfer money to criminals by pretending to be business associates, clients or creditors.  Both of these types of Business Email Compromise are often facilitated through a technique known as email spoofing whereby cyber criminals use readily available software to fake an email address to trick victims into thinking the message is from a legitimate entity.  We deploy a mixture of technical tools to stop these emails and links ever reaching staff.  These tools identify spoof emails and malware at our clients’ perimeter and stop them from entering their systems and causing danger or loss to our clients.

At M9 Group we take your business continuity and disaster recovery seriously.  We regularly back up your data off site using two different systems.  So we back up the back up to make sure you can carry on in a crisis. Our comprehensive approach means in the past five years no clients have suffered the negative effects of ransomware, lost any data or had to pay a ransom to get access to it back. 

But good cyber security is not just about wrapping good security around technology.  An organisation that thinks cyber security is a tech problem is an organisation that is going to fall victim to a cyber attack.  At M9 Group we know good cyber security is as much about your people and your processes as it is about your technology.  So to help protect our clients we provide and follow the latest National Cyber Security Centre advice and provide clients with guidance on policy and processes such as for passwords or the EU General Data Protection Regulation.  M9 Group also provides innovative phishing training for staff that uses machine learning and nudge theory to constantly monitor staff, encourage them to develop the right cyber security habits and helps them make the right decisions online when they are making those decisions.  The beauty of our approach is that it doesn’t just deliver training that is quickly forgotten but monitors users’ behaviour in real time then prompts them to rethink what they are doing if they start to engage in risky behaviour.  We also provide our clients with a Consolidated Risk Report and Plan to explain in plain English the cyber security vulnerabilities they hold and advise on how best to reduce them.

As a responsible Managed Service Provider M9 Group is fully accredited to ISO Information Security Management Standard 27001.  We also have significant expertise at a Board level.

At M9 Group we are confident in the holistic approach we take to cyber security.  We use GCHQ threat intelligence and industry leading technology and combine it with a focus on training our people and having the right policy and processes in place.  This three pronged approach delivers highly effective cyber security and protects our clients.  So successful that in the last five years no M9 Group client has been the victim of a successful cyber attack.