We supported a FTSE 250 client through a Red Team “ethical hacking” assessment. The client were of the view that they were reasonably secure and were expecting to receive a clean bill of health.
The exercise highlighted major deficiencies in many areas of the client’s defences. Including physical premises, people, process and technology controls.
Findings included easy physical entry into the office location, the ability to move into restricted areas of the network and key trading systems. Senior stakeholders’ personal bank details and National Insurance numbers were even discovered.
This enabled the CISO to develop a business case for a cyber resilience programme.
We then kicked off an initial six month rapid response plan to get the situation under control and established a solid understanding with Board level stakeholders.
The risk mitigation gained from the quick wins work helped to secure investment in a programme of strategic change, helping the organisation address long term foundational issues.
At the end of the programme, the client was in a significantly improved risk position and had a strategic capability to help keep them secure.
The regulatory burden is ever-increasing, with cyber risk a particular focus, due to the recent spate of high-profile breaches.