Supporting a FTSE 250 Asset Manager through “ethical hacking” assessment
The exercise highlighted major deficiencies in many areas of the client’s defences. Including physical premises, people, process and technology controls.
Findings included easy physical entry into the office location, the ability to move into restricted areas of the network and key trading systems. Senior stakeholders’ personal bank details and National Insurance numbers were even discovered.
This enabled the CISO to develop a business case for a cyber resilience programme.
We then kicked off an initial six month rapid response plan to get the situation under control and established a solid understanding with Board level stakeholders.
The risk mitigation gained from the quick wins work helped to secure investment in a programme of strategic change, helping the organisation address long term foundational issues.
At the end of the programme, the client was in a significantly improved risk position and had a strategic capability to help keep them secure.