Skip to main content

Improve

Training

Bridge your organisation’s skills gap with expert-led training tailored to the role, knowledge and requirements of the individuals involved. 

Thomas Murray’s cyber risk management and resilience training focuses on enhancing the knowledge and awareness of teams, regardless of the starting point.

Training types

Temp

Executive briefings

Temp

Table-top exercises

Temp

First Responder Training

Temp

Cyber awareness workshops

Table-top exercises

Table-top exercises can be directed at boards, operational management and/or technical response teams in your organisation. The objective is to run through a cyber security incident scenario, stress-testing current response procedures, decision-making, and thought processes to develop incident response ‘muscle memory’ in a safe and supportive environment.  ​

Cyber security briefings

Cyber security briefings can be tailored for any sector and geography, educating executive teams on current threats and relevant recent incidents, drawing out lessons to be learnt, and recommendations for good practice in incident response and cyber security controls.  

Thomas Murray cyber alerts

Thomas Murray cyber alerts

Subscribe to stay up to date with developing threats in the cyber landscape

Proactive security

Attack simulation: Red Teaming and Purple Teaming

Our attack simulations consist of planned exercises which attempt to cover relevant threat actor’s methods.

Red team 

A red team exercise demonstrates the art of the possible and tests the ability of your preventive and detective controls. We challenge the current security posture of your organisation in a controlled way, using our experience and threat intelligence of how organisations in each industry and sector are being compromised. ​

Our objective will be to gain persistent access to networks and ultimately access business critical functions and sensitive data. ​

The exercise will test the ability of client teams and their controls to react under pressure, and is a learning experience that highlights and identifies areas for improvement.  ​

Purple team

A purple team exercise works in collaboration with your security team to:

  • ensure that controls are acting as expected; and
  • highlight any potential gaps in defences. ​

Thomas Murray’s approach takes our knowledge of real-world attacks and the threats faced by your sector to produce a realistic, but risk managed, cyber-attack against your defences.

Planning often uses the standard Mitre ATT&CK framework in collaboration with threat intelligence to articulate the objectives of the exercise in replicating real-world malicious activities.​

Attack simulation exercises are carefully presented as a learning experience, enabling your organisation to have confidence in its defences and identifying areas for improvement. ​

Our objective will be to simulate the various attack vectors seen in the real world, and work with your team to ensure that effective preventive and detective measures are in place.

Thomas Murray simulates the most common attack vectors during the following stages

Simulate social engineering via phishing

Simulate social engineering via phishing

  • Identify high-value targets using internet reconnaissance.
  • Craft realistic emails that appear to come from a legitimate source and containing legitimate content.
  • Weaponise emails to install our custom malware on the target’s computer or steal authorisation credentials our team will use to access the network.
Simulate insider threat

Simulate insider threat

  • Mimic an internal user who has authorised access to the internal network.
  • Assess the level of access that can be achieved using authorised equipment, such as laptops.
  • Determine whether abuses of policies and procedures can be detected by your organisation.
Simulate insider threat

Attack path validation

Using standard frameworks, such as the Mitre ATT&CK framework, we work with your teams to identify and test specific attack paths that might be relevant to them. 

This may be because of a previous breach and a need to re-test new or tightened controls, or because of an industry or sector-wide cyber security campaign being waged by adversaries.

Cyber risk consulting

Our cyber risk advisory services help organisations to address fundamental challenges and opportunities around cyber risk, resilience and regulation. 

The increasing frequency, sophistication and severity of cyber incidents is driving awareness across the business landscape. Thomas Murray’s Cyber Risk team takes a threat-intelligence-led approach to solving our clients’ most complex challenges: 

Temp

Strategy

Temp

Governance

Temp

Audit

Temp

Compliance

Temp

Assessments

Temp

Controls

vCISO services

Virtual CISOs (vCISOs) act as a friendly challenger and partner to organisations’ executive management and board as they seek to mature their cyber security posture.

The vCISO acts as your single point of contact, supported by our team of experts which brings its experience across all the cyber domains. The team provides regular advice and support to any cyber security initiatives, while keeping management up-to-date on key cyber threats and issues. 

Cyber risk management

Cyber risk management

Management reporting

Management reporting

Ad hoc SME advice and support

As-needed subject matter expertise advice and support

Advice and support cyber programme and transformation

Cyber programmes and transformation

Maturity assessment

Our skilled team members use subject matter expertise (SMEs) as the basis for a comprehensive approach to conducting cyber security reviews against industry frameworks (such as ISO 27001, NIST, CIS etc).

We combine interviews with output from Thomas Murray’s Orbit Risk platform to provide strategic and operational views of cyber security across the business. We seek to answer key questions: 

Question mark

Are cyber security controls implemented across the whole business?

Question mark

Are the adopted practices aligned to good practices?

Question mark

Are current security-related initiatives sufficient? What more does the organisation need to invest in?

Question mark

How is the business organised to ensure appropriate resources, responsibilities and accountabilities are in place?

Question mark

Is the organisation managing cyber risk appropriately?

Question mark

Does the organisation have good capabilities to detect and respond to cyber attacks?

Question mark

What is involved in undertaking a cyber security transformation journey?

We safeguard clients and their communities

Petroleum Development Oman Pension Fund

Petroleum Development Oman Pension Fund

“Thomas Murray has been a very valuable partner in the selection process of our new custodian for Petroleum Development Oman Pension Fund.”

ATHEX

ATHEX

"Thomas Murray now plays a key role in helping us to detect and remediate issues in our security posture, and to quantify ATHEX's security performance to our directors and customers."

Communities Logo 02

Northern Trust

“Thomas Murray provides Northern Trust with a range of RFP products, services and technology, delivering an efficient and cost-effective solution that frees our network managers up to focus on higher Value activities.”

Thomas Murray is a proud member of the North West Cyber Security Cluster

The North West Cyber Security Cluster (NWCSC) is a collaboration of cyber security professionals and experts in the North West region. The NWCSC aims to promote innovation, support skills growth, and develop a robust cyber security ecosystem.

NWCSC Members Badge