Bouncing back better and stronger from a Cyber Attack

Situation

Our client, a packaged goods supplier, is a conglomerate of multiple food brands that have been acquired over time. This structure and method of growth led to a relatively decentralised business with most brands using their own IT suppliers - seven different providers across the business units (1 600 users in total). As a result, the individual business units had varying levels of functionality, security and capability.

Impact/Catalyst

Cyberlogic was the managed service provider for one of the business units but was consulted by the group when another business unit suffered a targeted security hack. This incident, which compromised their systems, destroyed data backups and caused 10 days of downtime, exposed their security weaknesses and the potentially catastrophic consequences thereof.

As the overall business runs on a shared cloud-based enterprise resource planning (ERP) solution at a group level, the fact that the other business units had not suffered the same fate was only due to sheer good fortune. The operational centre of the organisation realised this and engaged Cyberlogic for help.

We were brought in to conduct a penetration test, vulnerability assessment and best practice architecture review at group level. The implications of the findings were translated into easy-to-understand business language and were accompanied by recommendations that were prioritised and practical to implement.

What we did

Cyberlogic’s team engaged with each business unit which equipped us with an intimate level of knowledge, not only of each brand’s individual IT and security needs, but with those of the organisation as a whole. We made recommendations regarding the security standards each business unit should adopt and implemented a cloud disaster recovery (DR) site in Azure (a fully redundant and resilient environment).

Resolution

We began with an inside-out approach and conducted a Vulnerability Management assessment of the company. Following our investigations, we were able to alert operations that a dedicated hacker could access the broader network and incapacitate the enterprise resource planning (ERP) system used across the organisation and so shut down their whole business for several days.

Next we focused on improving the company’s security posture. Reducing the level of vulnerability for organisations requires a constant cycle of detection and remediation as new vulnerabilities emerge daily. We use a trusted 3^rd party toolset to keep our scanning references up to date. Our secured service ensures continual scanning, and an easy-to-understand dashboard displaying vulnerabilities for each business unit that are prioritised and actionable. Thereafter we deployed an Intrusion and Detection System into their Azure environment. Based on the vulnerabilities found, the Cyberlogic team assisted with remediation planning to reduce the client’s attack surface. 

Finally, we set up a secure disaster recovery site in Azure which replicated the entire client production environment offsite. Over time, this has grown to 70-80 servers across two sites ensuring a fully redundant, resilient environment in case of future disaster.

Conclusion

As an outsourced service, Cyberlogic has the capability to ramp resources up or down as necessary to meet client needs - so for smaller firms in particular it makes economic sense to outsource cyber security. Making such a decision, however, can seem risky as it entails giving an outside party access to and visibility of sensitive information. Understandably clients only want to work with a reliable provider who can be trusted with their organisation, its systems and its data. We’ve worked hard to build that trust, and our relationship with this particular client is ongoing, three years after our initial consultation,  more and more of their business units are transferring their outsourced IT needs to us.

Fore More information please see our ebook