CASE STUDY: MEASURABLE GAINS
Cross-business testing and improvement program
Background and Challenges
Our client is responsible for the administration of multiple businesses, and they engaged dotSec to address a very interesting and critical cybersecurity challenge: Each business had previously functioned as an independent business unit, and over time, this had resulted in varied levels of security maturity and differing IT infrastructures. Our client recognised that the lack of consistency made it difficult to coordinate security initiatives effectively across all locations, and asked dotSec if we could help..
dotSec observed the following pain points:
Visibility:
The client lacked insight into the current cybersecurity maturity levels of the various businesses, making it more difficult to prioritize and implement security measures.
Inconsistency:
Security efforts across businesses were siloed, with little centralized oversight or strategy.
Risk Management:
Handling sensitive PII for thousands of individuals created a significant compliance burden for our client, and this was of course compounded by the potential reputational and financial damage of data breaches.
Budgetary Constraints:
Each business operated under its own budget, adding complexity to funding and implementing standardized security measures.
dotSec conducted a security assessment initiative that focussed on two assessment periods that together spanned a period of two years. dotSec’s work would establish a consistent and effective security baseline across all businesses and the head office – not just to reduce risks in the shorter term, but also to understand and measure the effectiveness of security initiatives and improvements in the longer term.
The Solution and Outcomes
dotSec conducted a security assessment initiative that focussed on two assessment periods that together spanned a period of two years.
What we delivered (as planned)
Security Assessments:
Comprehensive penetration tests and informed security reviews. Our assessment work was aligned with standards and guidelines such as the CIS Critical Controls and benchmarks. The Implementation Groups or maturity levels of these guidelines and configuration baselines provided a framework for measuring improvements over time.
Tailored Recommendations:
Detailed reports prioritized remediation recommendations, addressing both immediate high-risk vulnerabilities and underlying process deficiencies.
Consistency Across Locations:
By using standardized frameworks and techniques, dotSec provided a consistent evaluation, allowing the client to compare progress across the businesses, objectively and consistently.
And an unexpected deliverable!
A breach investigation:
As part of the testing and assessment work, dotSec uncovered evidence of a prior breach which had gone un-noticed by the affected business.
The assessment exercise therefore shifted gears, and for a time focussed on incident containment and response, leveraging tools like Splunk to analyze historical logs and discover the extent of the breach.
While the breach had occurred over a year prior, dotSec’s investigation revealed no signs of ongoing compromise, and we could return to the planned testing role once more.
While not directly related to our original project plan, dotSec’s ability to pivot from standard assessments to incident response demonstrates our capability, experience and readiness to tackle unforeseen challenges in both the testing and assessment, and MSIEM lines of work
Key outcomes
The benefits and outcomes became increasingly clear over the two year period, and follow-up testing demonstrated an improved level of security maturity across the businesses.
All businesses showed marked improvements in their cybersecurity posture after implementing dotSec’s recommendations. And because the same assessors used the same guidelines and frameworks consistently across the various businesses over a two year period, our client could be certain that the improvements were real, and were not the result of a change in assessor or technique, or a case of inconsistent assessment of one or more of the targeted businesses.
Identifying common vulnerabilities across the businesses has enabled our client to better integrate the businesses as parts of one group, rather than as stand-alone organisations. Our client and the businesses have regular update and planning meetings and in at least one case, have developed a shared service-solution that addressed a major shortcoming in logging, monitoring, reporting and alerting capabilities.
The next steps
Expertise Across Diverse Environments:
dotSec’s ability to work across varied IT infrastructures and deliver consistent evaluations provides a reliable basis for organizations to measure and enhance security maturity, and maturity improvements over time.Building Confidence in Improvements:
Having the same assessors conduct consecutive assessments using identical guidelines and frameworks allowed our client to trust that improvements reflected genuine progress rather than differing methodologies or subjective evaluations.Adaptability and Depth:
dotSec’s ability to pivot from standard assessments to incident response demonstrates our capability, experience and readiness to tackle unforeseen challenges in both the testing and assessment, and MSIEM lines of work.Strategic Recommendations:
By leveraging group-wide insights, our client can now adopt scalable, cost-effective solutions tailored to their unique structure. This has already happened in the MSIEM space.Conclusions
As described above, dotSec’s unique mix of technical skill, strategic insight, and flexibility ensures that our clients achieve measurable and sustainable improvements in their cybersecurity landscape. This proven capability should instill confidence in any organization considering dotSec as their security partner and we welcome any questions or comments you may have.