Identified prior unknown attack surface, reduced annual cost by $240K, and achieve significant maturity in Cyber-protection.A Client in Financial Services Industry
We helped our client identify prior unknown attack surface surrounding their operational and financial data. The same client also reduced 3 redundant tools that resulted in $240,000 annual cost savings, while achieving significantly high Cybersecurity maturity level than before. As a result, this client is better protected with annual rolling costs savings as well a strong Cybersecurity protection framework.
Our client being in a highly regulated Financial Services industry, had a standard model of cybersecurity protection. The client had tools and some processes in place but keen were aware that there were many unknowns. The IT leaders stayed awake at night wondering how could they have the proof point that their technology protections were truly effective. More specifically they struggled with:
- Having too many tools with large expense and no synchronicity:
The team had invested significantly in point solutions of protection. While these solutions individually were good, these tools did not work together to surface holistic picture. Additionally this lead to tremendous amount of data that required significant time to process and make sense.
- Lack of visibility in overall protection and posture or maturity level:
The team feared not knowing how they were protection across their complete IT operations. As a result they were concerned failing an upcoming industry audit.
- Lack of understanding around Cyberthreat life-cycle and threat monitoring and traceability:
The team were concerned about their ability to monitor, detect, and remediate threat to their operations. They were unaware of their holistic attack surface and how to begin to define such.
Our engagement process allowed for incremental assessment, and remediation while exposing critical threats early and providing transparent data to justify cost, and allowed incremental prioritization and rollout. Below are some, but not all solutions that were implemented:
- Digital traceability of client’s adherence to industry controls as required by applicable regulations. This lead to clarity around client’s strengths and areas of opportunities around critical controls.
- Assessment across the horizontal and vertical of client’s IT operations whereby looking at the intersections of People, Tools, Processes, Third-Party, and Infrastructure and not just at those as segmented pieces.
- Ransomware emulation to test and validate protection of each type of end-points in client’s IT operations. This lead to several discoveries around prior unknown attack surface.
- Assessment and evaluation of protection configurations across several key Cybersecurity tools.
- Re-writing several key policies and composing several new ones to help streamline Data sharing and data access controls.
- Third-party risk assessment to validate security controls of data are maintained per regulatory compliance.
The results speak for themselves.
- Client’s cybersecurity maturity grew from Foundational to near Actualization level.
- Consolidation and reduction of tools leading to an annual cost savings of $240,000.
- Identify and protect ALL attack surfaces and most importantly better understand how to quality and identify any new attack surface with growth.
- Client’s ability to accurately monitor known threats in the industry as well as up-and-coming threats. More importantly their demonstrative ability to test their protection against these threats as often as weekly.
- Client’s ability to proactively measure adherence to all critical regulatory controls, mitigate all immediate and short-term challenges and have a prioritized mitigation plan for any mid to long term mitigations.
- Complete protection and ability to monitor 28+ areas of IT operations that exist in the intersections of People, Process, Third-Party, Tools, and Infrastructure.