Incident Response
Problem:
A medium-sized financial services encountered a severe ransomware attack that disrupted its operations and jeopardised sensitive financial data. This incident exposed vulnerabilities in their cybersecurity posture and their supply chain, prompting the need for a comprehensive response and security enhancements.
Response:
In response to the attack, the organisation engaged Toro to provide a comprehensive incident response service. Our first step was to coordinate a team of responders to implement the necessary remediation measures, contain the breach and oversee a swift return to BAU.
We were then required to conduct a detailed investigation to ascertain the root causes of the attack and the underlying vulnerabilities. This was necessary to ascertain legal liability and support in an insurance claim. It was also vital to ensure that weaknesses in security controls and their implementation by retained IT service providers were remediated.
As part of the work, we conducted a thorough review of the organisation’s cyber security controls against the CIS Critical Security Controls framework. We implemented control improvements to bolster the organisation’s ability to detect and respond to future threats effectively. We also conducted a critical evaluation of their 3rd party IT Managed Service Provider and Security Operations Centre capabilities, to ensure better readiness for future incidents.
Outcome:
Through our support the organisation identified critical process and technology gaps between supply chains responsible for monitoring, alerting, responding, isolating, and blocking attempts at intrusion into their systems. We have continued to support this organisation in a virtual CISO capacity, guiding the Board in strengthening security, conducting regular risk assessments, and updating security policies to manage future risks and vulnerabilities.
Problem:
A medium-sized manufacturer fell victim to a ransomware and extortion attack, and one of the contributory factors was identified as the flat structure of their network. In response, the company partnered with Toro to do an incident response and investigation to understand the extent of the breach and the vulnerabilities that led to the attack.
Response:
Toro immediately isolated the affected systems to prevent further spread of the ransomware and to limit unauthorised access. To enhance security, deter future compromises, and address vulnerabilities, Toro meticulously designed a new network architecture.
Outcome:
The new network adopted a Zero Trust approach, implementing strict access controls and verification mechanisms. It was organized into zones, each with its own security policies and restrictions. A hybrid approach to service delivery was established to balance accessibility and security. The design emphasized visibility, providing the IT team with comprehensive insights. This design was implemented applying the concept of a global area network utilising mesh network technologies and software designed networking. The manufacturer's enhanced security posture positioned them to operate securely and efficiently while deterring future cyber threats.