A medium-sized financial services encountered a severe ransomware attack that disrupted its operations and jeopardised sensitive financial data. This incident exposed vulnerabilities in their cybersecurity posture and their supply chain, prompting the need for a comprehensive response and security enhancements.
In response to the attack, the organisation engaged Toro to provide a comprehensive incident response service. Our first step was to coordinate a team of responders to implement the necessary remediation measures, contain the breach and oversee a swift return to BAU.
We were then required to conduct a detailed investigation to ascertain the root causes of the attack and the underlying vulnerabilities. This was necessary to ascertain legal liability and support in an insurance claim. It was also vital to ensure that weaknesses in security controls and their implementation by retained IT service providers were remediated.
As part of the work, we conducted a thorough review of the organisation’s cyber security controls against the CIS Critical Security Controls framework. We implemented control improvements to bolster the organisation’s ability to detect and respond to future threats effectively. We also conducted a critical evaluation of their 3rd party IT Managed Service Provider and Security Operations Centre capabilities, to ensure better readiness for future incidents.
Through our support the organisation identified critical process and technology gaps between supply chains responsible for monitoring, alerting, responding, isolating, and blocking attempts at intrusion into their systems. We have continued to support this organisation in a virtual CISO capacity, guiding the Board in strengthening security, conducting regular risk assessments, and updating security policies to manage future risks and vulnerabilities.