Red Team Exercise Helps International Trade Organization Comply with FCA Cyber Security Mandates

Red Team Exercise Helps International Trade Organization Comply with FCA Cyber Security Mandates

Aware of his responsibility under the Financial Conduct Authority’s Senior Managers and Certification Regime to protect against data security breaches, the CEO of an international trading organization commissioned Kroll’s CREST-certified penetration testers to perform a real-world attack simulation.

The three-month-long, covert and exhaustive exercise revealed significant and fundamental information security risks. With this insight, the organization was able to prioritize security projects and improve board-level confidence in its ability to avert and detect breaches.

Overview

 

Industry
  • Finance
 
Challenges
  • At high risk of cyberattacks
  • Poor visibility of security effectiveness
  • Director liability for security breaches

 

 

Kroll Services
  • Penetration testing and red teaming
 
Impact
  • Comprehensive insight 
  • Clear remediation guidance
  • Key risk areas identified

The Challenge

The CEO and board of directors were fully aware of the damage a cyberattack could inflict on the organization's operations and reputation. Like most senior executives in their position, however, they felt that, although significant cyber security investments had been made, they still had no real visibility of the effectiveness of these defences and how their organization would respond to a real-world attack.

Legislation from the Financial Conduct Authority (FCA) makes senior managers personally accountable for ensuring that regulatory requirements pertaining to IT security are met in full. With this also in mind, the CEO and board of directors decided to engage Kroll to test the effectiveness of the company’s cyber security controls and its ability to both detect and respond to malicious behaviour.

The Solution

For this engagement, Kroll’s experts used modern adversarial tactics to emulate advanced threat actor activities within the organization's network environment. The project involved testing all facets of the financial company’s IT defences.

To ensure the engagement was conducted as realistically as possible, Kroll received no internal information or access to the client’s business. All knowledge was obtained leveraging open-source threat intelligence gathering techniques to identify valuable information that was available within the public domain. The engagement was also carried out over a period of three months to ensure it replicated the stealthy approach adopted by real-world attackers.

The Benefits

Comprehensive Reporting

At the end of the agreed simulated attack period, Kroll’s experts delivered a comprehensive report for the CEO and board of directors, highlighting the information security issues detected and ranking them according to the level of risk to the business.

Remediation Guidance

In each case, the Kroll team provided clear guidance on how to mitigate the risk, recommending specific solutions, policies or training courses as appropriate. Consequently, the business is now putting in place new measures to better protect its data, employees and customers.

Identified: Phishing Exposure

Kroll’s experts identified a particular exposure to phishing attacks, which could be used to acquire remote login credentials for IT systems and access to client transactional data.

 

Identified: Access Permission Failures

Kroll identified failures in the company’s access permissions, which could be exploited to disrupt multi-million-dollar trading transactions.

Identified: IDS Configuration Issues

Configuration issues in intrusion detection systems and a large number of false alerts meant that the company was unable to detect Kroll’s deliberately “noisy” attempts to break in.

Identified: Training Failures

Many employees were using weak passwords, demonstrating gaps in user education and training.

Identified: Lack of Monitoring

With no active monitoring of the internal network, once Kroll had successfully infiltrated there was no likelihood of discovery.

Identified: Inadequate Incident Response

Kroll found that the company’s responses to suspicious incidents were inadequate and engaged the firm’s information security and executive leadership in an incident response tabletop exercise to fine-tune their incident response plan.

High-value Service

In reviewing Kroll’s findings, the company was quick to recognize the high value delivered by the engagement. It is less likely to face the potentially huge cost of remedying a major security breach and can also avoid fines and penalties from the FCA.

Improved Awareness

The CEO and board members now have a far more enlightened view of cyber security weaknesses across the business and can better meet their information security obligations. They can provide documentary evidence that information security is of high priority, that they are aware of the risks, and that they are taking the appropriate action to mitigate them.

Learn more about Kroll Penetration Testing and red teaming services.

Stay Ahead with Kroll

Kroll Responder

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Cyber Risk Assessments

Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.

Cloud Security Services

Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivaled incident expertise.

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Penetration Testing Services

Malware. Ransomware. Social engineering schemes. Brute force attacks. How confident are you that your protective measures are effective against current and emerging cyberattacks?

Incident Response Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Incident Response Tabletop Exercises

Kroll’s field-proven incident response tabletop exercise scenarios are customized to test all aspects of your response plan and mature your program.