Having a security strategy that will keep your enterprise safe.
Client Challenge –
After experiencing a cyber breach our client was struggling to address the fallout. Typical technologies, such as firewalls, Intrusion Detection Systems (IDS) Security Information and Event Manager (SIEM) tools had failed them. They were overwhelmed with information and did not have a solid grasp of how the attack happened, nor the best way to prevent such an event in the future.
Our team analyzed the scope, method, and focus of the breach to determine why it was so successful. After reviewing the architecture drawing and comparing them to the actual network mapping output, it became clear that there were significant discrepancies with the types, locations and authorizations of rogue devices being connected to the enterprise. We also discovered that the clients’ IT security budget was being spent by disparate managers across the enterprise. While each was focused on securing their independent functions, there was little to no communication as to what was actually being implemented. This caused duplicative spending, inconsistency with device placement and configurations, a significant increase in the number of users with elevated administrative access permissions and a complete lack of awareness as to the types, locations and authorizations of personal devices being used to access the network.
Our team, meeting with the C-suite executives and other senior leaders of the company, clearly explained the situation and provided multiple solutions for them to consider. Ultimately, we developed and provided a detailed Strategy Roadmap for implementing a robust security program that would greatly improve their posture, restore confidence with their customers and keep stakeholders involved in the monitoring of their environment. The key to the success of this strategy was the level of involvement, understanding, communication, and the accepted accountability at the C-Suite level. With this established we were able guide them through the successful implementation of the new Strategy Roadmap and develop a better security profile.
Business Impact –
Our strategy provided for a centralized management of security funding, formal change and configuration control, a mandatory security awareness program for their employees, and a clearly defined Bring Your Own Device (BYOD) policy. After 5 months, the program was completely integrated as part of the business operating plan. Duplicative spending had been removed resulting in a decrease in requested budget numbers for IT Security for the following years. More importantly, through routine review and practice, the strategy led to a true reduction in risk and a ROI that is still being realized today.
if you’re interested in learning more about our Cyber Security Services you can contact Stanley Goldman by email at Stanley Goldman or 201.573.0400 Ext.14