Consultancy
Problem:
A UK-headquartered broker reached out to to discuss concerns regarding one of their overseas multinational oil and gas clients.
Response:
Toro’s team was deployed to conduct a comprehensive review of the client's business's endpoint security, encompassing approximately 5,000 computers. This review culminated in the delivery of a cyber maturity audit, evaluating strategy, governance, systems, processes, and controls. The project resulted in notable changes and improvements to cyber controls.
Outcome:
In collaboration with the client, we helped to introduce changes to the global security policy. These changes aligned security practices more closely with industry standards and ensured a more robust and uniform approach to cybersecurity across the organisation.
The review also identified vulnerabilities in the client's network security. As a result, recommendations were made and implemented to enhance network defences. As part of this, we facilitated a mass migration of the client's computer systems to Windows 10. This migration ensured that the organisation was running a more secure and up-to-date operating system, reducing exposure to known vulnerabilities. A dedicated Security Incident and Monitoring Team was established to provide real-time monitoring and response to security incidents. To enhance visibility and incident tracking across multiple sources, the team also deployed a Security Information and Event Management (SIEM) solution. This SIEM solution enabled the client to aggregate and analyse security events, detect anomalies, and respond to potential threats effectively.
As a result of these initiatives, the client significantly strengthened its cybersecurity posture. The changes in security policy, network improvements, operating system migration, dedicated incident response teams, and the SIEM solution collectively enhanced the client's ability to detect, respond to, and mitigate cybersecurity threats, ultimately safeguarding its critical assets and operations.
Problem:
A medium-sized Internet Service Provider (ISP) utilising Microsoft 365 and Azure infrastructure had a specific requirement to enhance the security of their IT environment. Their challenge was to determine the appropriate security controls for Azure and Microsoft 365 while aligning with their risk appetite. Their chosen framework was ISO 27001.
Response:
In response to the client's requirement, Toro assessed the organisation's threat profile to gain a comprehensive understanding of potential risks and vulnerabilities in their Azure and Microsoft 365 environments. The organisation's risk appetite was carefully evaluated to determine the appropriate levels of security controls needed to protect its infrastructure effectively. Based on the threat assessment and risk appetite determination, ISO 27001 was then leveraged to guide the implementation of security measures.
Outcome:
The implementation efforts led to several noteworthy outcomes. We helped apply enhanced security controls within the Microsoft environment.
To enhance the security posture and remediate vulnerabilities, the implementation of Microsoft Defender for Cloud was recommended. This tool seamlessly integrated with Azure and provided advanced threat protection capabilities.
We also supported the implementation of the Microsoft Cloud Security Benchmark, which encompasses a wide range of security domains, including Network Security, Identity Management, Privileged Access, Data Protection, Asset Management, Logging and Threat Detection, Incident Response, Posture and Vulnerability Management, Endpoint Security, Backup and Recovery, DevOps Security, Governance, and Strategy.
By assessing their threat profile, determining risk appetite, and aligning with the Microsoft Cloud Security Benchmark, the medium-sized challenger ISP successfully enhanced its security posture for Azure and Microsoft 365. The application of Microsoft baselines and the adoption of Defender for Cloud further fortified their defences, ensuring comprehensive protection against a wide range of cybersecurity threats.
Problem:
A medium-sized financial services company sought assurance regarding the security measures taken by their third-party IT Managed Service Provider (MSP). This was prompted by a previous compromise of their machine builds and remote desktop environment by attackers. The client aimed to validate the hardening of their systems, review firewall and group policy settings for remote desktop environments, and assess machine build security controls.
Response:
To complete a thorough review Toro delivered the following:
- Reviewed machine hardening process and procedure.
- Reviewed and tested local firewall and group policy applied to remote desktop environment.
- Reviewed and tested machine build security controls applied by Microsoft Intune.
- Baselined all machine hardening controls against the CIS Critical Security Controls benchmark.
Outcome:
During the assessment, Toro identified two significant issues:
- Several security controls were found to be misconfigured, leaving potential vulnerabilities open for exploitation.
- The existing monitoring, event management, and alerting mechanisms were inadequate, making it challenging to detect and respond to security incidents effectively.
To address the identified issues Toro took the following steps:
- Work packages were prepared to implement remediations for misconfigured controls and to enhance monitoring, event management, and alerting capabilities.
- Endpoint security solutions, including Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR), were deployed to secure all devices. These solutions enabled continuous monitoring, alerting, and event management functions.
- Group policies were utilized to ensure the correct configuration of relevant devices, including the application of vulnerability fixes and security updates.
- The organisations proactive approach to assessing and enhancing their security controls and monitoring capabilities enabled them to address past security incidents and significantly reduce the risk of future compromises.
Problem:
A company working in the design, new media, and digital marketing space wished to develop their approach to risk and incident management, in both the physical and cyber security domains.
Response:
Using Toro’s experience in risk management and crisis response, Toro developed a tailored training programme based on the organisation’s most likely threats and risks. The conclusion of the training package involved an exercise in incident and crisis response.
Outcome:
By employing a training provider with extensive experience in risk management and global crisis response, the organisation were able to use the training and exercise to develop their exercise plan into a fully-formed incident response playbook.
Problem:
An asset management company wanted to ensure its outsourced IT managed service provider was keeping it secure and that best practices were in place for information security.
Response:
Toro was engaged as the organisation’s trusted security assurance partner, developing a bespoke programme of annual assurance activities including penetration testing, staff training, supply chain risk management, policy and procedure review and security advisory.
Outcome:
The holistic approach to reviewing people, process, and technology, ensures that the organisation maintains and continues to strengthen its security posture. Toro understands the business, its priorities, and its people, meaning we can continue to deliver relevant and impactful services that assure and improve security defences. It also means the internal IT stakeholders have a trusted source of information and advice to respond to incidents or queries that are raised by customers.
Problem:
A global learning platform servicing hundreds of thousands of customers required cyber security assurance to maintain its ISO 27001 accreditation, attain Cyber Essentials certification and reassure its customers that it was taking their data protection and security seriously.
Response:
Toro was engaged to provide managed virtual CISO services. This involved conducting an initial gap analysis of the organisation’s processes and controls against the ISO 27001 standard to ensure documentation was up to date, accurate and being effectively implemented.
Outcome:
An ongoing programme of work that supports the organisation’s security compliance requirements. We work closely with the senior management team to respond to data protection and information security questions for their clients. We proactively ensure that ISO 27001 documentation is being updated and maintained. We act as a sounding board for security concerns and flex our services up and down to meet the business need.
Problem:
After a series of defaults by a service provider, and concern over the use of relief staff not aware of local security arrangements across their estate, a professional services partnership engaged Toro to engage their provider to conduct assurance and testing of staff.
Response:
Using realistic scenarios based on threats faced by the organisation, Toro developed a testing methodology involving an evolving scenario designed to test service provider staff based in front line, operations room, and management roles. A custom grading rubric was created to ensure transparency and objectivity, and unannounced testing was conducted over two days.
Outcome:
The Toro team provided detail statistical analysis of the findings to the organisation to allow them to demonstrate to their service provider where improvements could be made to their service delivery and identify excellence amongst staff tested.
Problem:
A large financial services company recognised the critical need to assess its incident readiness and digital forensic capabilities. They sought a comprehensive review of their incident management capabilities to ensure they were well-prepared to respond to cybersecurity incidents.
Response:
Toro prepared a comprehensive review, assessing the financial services company's incident management capabilities, encompassing monitoring, logging, threat intelligence, detection, and response capabilities.
The assessment covered the following critical components:
- Isolation and Preservation of Endpoint Devices:
- Endpoint Monitoring, Response, and Analytics
- SIEM and SOAR
- Vulnerability Management
Outcome:
The outcome of the assessment led to the identification of multiple recommendations and enhancements: These included:
- Enhanced communication processes with business stakeholders to ensure that incident response efforts align with business objectives and minimize disruption.
- Strengthening supply chain risk management practices to mitigate third-party cybersecurity risks. Implementation of data classification measures to categorize data based on its sensitivity and importance, allowing for targeted protection.
- Role-based access control policies were refined to limit access to sensitive data and systems, reducing the risk of unauthorized access.
- The backup regime was improved to ensure data availability and business continuity in the event of a cybersecurity incident.
- Documentation of detailed procedures for incident response and forensic investigations was emphasized, enhancing the team's ability to respond effectively.
- Regular testing of log availability and integrity was initiated to ensure that critical logs were available for analysis during incident investigations.
- A thorough review of coding practices and cloud infrastructure configurations was performed to identify and remediate security vulnerabilities.
- The financial services company's proactive approach to assessing and enhancing its incident readiness and digital forensic capabilities positioned them to respond effectively to cybersecurity incidents. The identified recommendations and improvements across various areas of their cybersecurity operations strengthened their overall security posture.
Problem:
A capacity building and media development organisation were arranging a conference where there was the threat of state-sponsored action against the conference or the delegates.
Response:
Toro was engaged to develop a risk assessment and deploy a low-profile security team to the venue to liaise with local security staff and conduct a review of physical and cyber security arrangements for the conference. Additionally, the team conduced protective surveillance around the venue and vicinity and provided close protection to delegates during conference social events.
Outcome:
Despite intelligence reports of possible hostile-state interference, the conference was completed without incident. Toro’s holistic approach, early integration into conference planning, and effective delivery of a joined-up physical and cyber security operation has resulted in Toro remaining a trusted partner for future events.
Problem:
An organisation creating media content travel to regions with political instability, geographic and seismic threats, and infrastructure issues, and wanted to establish what controls should be put in place to ensure the safety of their travellers.
Response:
Toro was employed to conduct threat and risk analysis activities, deliver country and venue threat assessments, and provide in-country security assistance using trusted local partners. Both pre-travel and in-country briefings were provided to ensure that travellers were fully prepared prior to leaving their home nation.
Outcome:
Toro was employed to conduct threat and risk analysis activities, deliver country and venue threat assessments, and provide in-country security assistance using trusted local partners. Both pre-travel and in-country briefings were provided to ensure that travellers were fully prepared prior to leaving their home nation.