Helping a CISO overhaul his company’s cybersecurity structure

Situation

The chief information security officer (CISO) of an alternative asset management firm is reconsidering the company’s state of security after a significant layoff. Feeling that the company was more vulnerable than ever to potential threats from disgruntled former employees with insider knowledge, the CISO officially requested a budget increase in order to develop and fund a security operations center (SOC). Not having any tangible proof of the company’s current vulnerabilities to use as the basis for his cost estimates, the CISO eventually submits a $50 million proposal that is rejected outright by the executive leadership and board of directors. This setback also raises doubt among board members about the CISO’s other budget allocation requests.

Action

To validate his concerns about cyber vulnerabilities, the CISO hired GRA Quantum to complete a total evaluation of the company’s network security. Our dedicated team of penetration testers and network security architects began their work by first identifying all access points and devices on the company’s network, and mapping the various connections between them. They then conducted multiple rounds of penetration testing against the client’s public, private, and perimeter networks in addition to electronic and telephonic social engineering attacks against a number of company employees. Throughout the evaluation our staff stayed in regular contact with the CISO, holding regular meetings to provide status updates, and alerting him to any gaping vulnerabilities posing an immediate threat as they were discovered.

Outcome

The final report confirmed the initial suspicions of the CISO. During the penetration testing, weak security configurations allowed GRA Quantum’s technicians to access hundreds of internal files, including previous transaction records and highly confidential plans for future acquisitions. After the executive boardroom presentation, the CISO was granted the funds needed to acquire newer, more secure software and hardware for the company. GRA Quantum was retained by the client to act as a technology consultant and assist with the selection of future inventory as well as to help revise and strengthen the client’s overarching security policies. After the CISO sought GRA quantum’s help, the firm went forward with its technology acquisitions and tightened its security with a SOC manned around the clock – all at a fraction of the of the original $50 million estimation.