NYC Skyline BW

Risk as a Service

To truly appreciate the risks to your business, it is extremely beneficial to have an external, independent, party look at your business, to identify any threats, review vulnerabilities and to understand the potential impacts should a threat actor exploit your identified vulnerabilities.


The threats to business can be both traditional and non-traditional:


  • Terrorism, Espionage, Sabotage, Subversion, Organised Crime.


  • Theft, Natural Disasters, Investigative Journalist, Amateur Hacker, etc.


​Each and every one of these 'Threat Actors' are continually on the prowl for opportunities, allowing them to exploit vulnerabilities and to fulfill their primary drivers:

  • Inquisitiveness

  • Challenge

  • Reward (Financial or Kudos)

Man Operating a Drone

Traditional Threats

  • (Cyber) Terrorism

Traditionally terrorism has been identified as any use, or threatened use of violence, against another​ in support of a political, ideological or political aim.  However the reality is (in a changing digital age) that modern terrorists are looking at other ways of exploiting vulnerabilities, to publicise their particular cause.

  • Espionage

The second oldest profession.  Espionage comes in various forms (State Sponsored, Industrial, Criminal, etc.).  The urge to 'have a peek' behind an ajar door/window is irresistable, as is the benefits of gaining a competitive advantage from gaining unauthorised access to your Intellectual Property (IP).  Why start from scratch, when you can use the development work stolen from a competitor?

  • Sabotage

This can be the bored teenager wanting to graffiti your website, the disaffected employee or the criminal looking to monetarise your data (e.g.  Ransomware).

  • Subversion ​

The exploitation of your vulnerabilities to subvert your IT systems, can provide a competitive advantage or allow a criminal to surreptitiously use your IT systems (e.g.  Phishing).

  • Organised Crime

Today's modern criminal has identified the ease and benefits of exploiting vulnerabilities in your business operations to gain unauthorised access to data (IP, Personal data, etc.).  Being able to gain undetected access to sensitive data, enables the criminals to work as a team to piece together the jigsaw and monetarise this data (Ransomware, Identity Theft, Phishing, Malware, etc.).

Non-Traditional Threats

  • Theft

Modern business often has increased reliance on digital assets (laptops, smartphones, tablets, etc.), which are valuable and attractive (V&A) items to opportunist criminals.  In most instances, these lost or stolen assets (although potentially containing sensitive data) are targeted because of their resale value.  Businesses that are mindful of resilience and remaining effective will typically maintain their digital assets, increasing the attractiveness of these assets.

  • Natural Disaster

Frequently an unseen threat but natural disasters (Fire, Flood, etc.) present a significant risk to both digital and physical data.  Failure to identify and safeguard critical IT assets and data could present a significant risk to the business.

  • Investigative Journalist

Always on the hunt for the next scoop, investigative journalists will happily exploit any data that make attractive reading (e.g.  Sensitive negotiations for an acquisition).

  • Amateur Hacker

The bored 'Generation Z' individual, acting like a 'Lone Wolf' who spend many hours surfing the net and who look at the internet as an opportunity to hone their skills and respond to new challenges.

Manage your threats

Don't be an easy victim. 

IS Centurion Consultancy can help you to understand the most important risks to your organisation and to assist you to understand your risk profiles, evaluating your risk exposure, to identify your return on investments (ROIs) and to identify any areas of concern.  Based on your levels of risk, you will be better served to develop a suitable security strategy.

As part of our service, we will work with your key stakeholders to identify those business services that are most important to your organisation and then to carry out some threat modelling, qualitiative risk assessments, quantitative risk assessments and impact analysis.

If you wish to discuss this further, please do not hesitate to get in touch.

Check out the list of useful resources...

A list of recommended vendors to help you identify solutions that can enhance your Cyber Defences