Supporting a FTSE 250 Asset Manager through “ethical hacking” assessment

We supported a FTSE 250 Asset Manager through a Red Team “ethical hacking” assessment. The client were of the view that they were reasonably secure and were expecting to receive a clean bill of health.

The exercise highlighted major deficiencies in many areas of the client’s defences. Including physical premises, people, process and technology controls.

Findings included easy physical entry into the office location, the ability to move into restricted areas of the network and key trading systems. Senior stakeholders’ personal bank details and National Insurance numbers were even discovered.

This enabled the CISO to develop a business case for a cyber resilience programme.

We then kicked off an initial six month rapid response plan to get the situation under control and established a solid understanding with Board level stakeholders.

The risk mitigation gained from the quick wins work helped to secure investment in a programme of strategic change, helping the organisation address long term foundational issues.

At the end of the programme, the client was in a significantly improved risk position and had a strategic capability to help keep them secure.

If you would like our help to identify deficiencies in your defences, then please get in touch with us at info@324consultancy.com or by phoning  +44 203 603 4733.