The financial services industry is a lucrative and frequent target for cyber criminals. For banks, the funds and valuable data they hold, high dependency on electronic processes and networks, pressure to win digitally, and third-party reliance, escalate their cyber risk.
Banks operate in a highly regulated industry. They bear tremendous fiduciary and legal responsibility to protect customer data, requiring sophisticated cyber security programs. Suspecting a potential breach, the bank’s chief privacy officer wanted to assess their preparedness. Timing was critical.
We worked onsite to understand the bank’s system inside and out. Our team performed a data mapping exercise to define sensitive data, track its location, and recommend controls. During technical validation, we uncovered strange activity in the bank’s security information and event management (SIEM) solution. High volumes of traffic were going to international locations – odd for a domestic bank.
Our incident response team focused in on a web server hosting a test website with unintentional internet access, and possibly real customer data. Working hand-in-hand with the internal team, we found the intruder was conducting reconnaissance, hunting for vulnerabilities to exploit later. We cut off the server’s internet access before any data was stolen.
- In less than 24 hours, we contained a security breach and ensured no data was stolen
- We completed a thorough cyber security assessment in one week, enabled by access to the bank’s network and knowledge of their data storage protocols
- We adjusted misconfigured hardware to ensure only internal traffic could access it