For its first nine years in business, Spokane-based Global CompuSearch focused on computer forensics: Hired by lawyers, its investigators poked into the insides of PCs and tried to find how data was destroyed, changed or copied.
This year the Spokane investigators took a 90-degree turn and launched a business that tests the strength of businesses’ computer networks to fend off potential attacks by hackers.
As more small businesses find themselves vulnerable to savvy hackers, more firms such as Global CompuSearch offer a systematic analysis of how to stop the bad guys from breaking into a corporate network.
The idea started after a Spokane-area client suffered a cyberhacking incident, resulting in the theft of roughly $30,000.
In the Global CompuSearch’s downtown Spokane office, president Marcus Lawson met with some of his eight co-workers and discussed how that incident happened. The next thought, Lawson said, was to identify ways Global CompuSearch might help stop the bad guys from breaking into and misuing a client’s computer data.
They bought a sophisticated package of tools that can be used to simulate a full-scale network attack.
After testing the toolkit, the company started offering its services to its first group of customers, primarily those in the financial services area.
“We’re mostly looking to help small to midsized companies, those with as few as five or six workers, on up to about 50,” Lawson said.
What the company offers also nicely dovetails with federal and state requirements that firms in certain sectors, such as financial services, perform regular assessments to establish that they are properly protecting customer information.
Notably, every company that has hired Global CompuSearch for a so-called “network-penetration” test has had some degree of vulnerability, said Josiah Roloff, the company’s vice president.
“None of them had wide-open network doors,” said Roloff. “But some had serious vulnerabilities that might have been serious if they had been compromised,” he said.
Global CompuSearch charges according to the complexity of the network, said Lawson, with the low end starting around $2,500 and the higher end coming in around $7,000.
The testing starts with efforts to probe the network for open ports, or access points. In some cases the client will provide the names of some employees and Global CompuSearch then will try to find passwords, based on obvious or poorly chosen phrases.
Another level involves server software, and tries to find any exposed areas where a virus, sometimes referred to as a “Trojan horse,” might be inserted in the company network, to be exploited later.
Lawson said the strategy is to develop the penetration-testing business plan over the next several months. The next step, he said, is to expand the service to the company’s two other branch offices in Portland and Palm Beach, Calif.