Simply, Secured. Cyber Protection for All.
Contact us
CASE STUDIES

Reviewing and reinforcing an organisations’ security

Read more
Collaboration between our client and Criticalis proved pivotal.

The Challenge

A leading Business Process Management services company required a comprehensive third-party security review of their large, complex IT environment. Having seen competitors in their sector in the news due to a cyber security breach, they were keen to substantiate their own current cyber security posture with a trusted partner and take any remedial actions recommended to protect themselves from similar breaches. They found their way to Criticalis and we handled this sensitive work for them.

The Insight

A change of perspective:

The company already held ISO 27001 and PCI accreditations, so we intentionally used a different framework to benchmark their systems. This helped to identify areas of improvement or attention by looking at tools, software, systems and processes through a different, but equally valid, cyber security lens.

The Objective

The key objective was to obtain an accurate picture of the company’s current cyber security status, distilled into a consumable summary that could be reported to and clearly understood by the (non-expert) board executives. The secondary objective was to highlight current mitigations deployed against potential attack vectors, to identify areas of further improvement. Achieving both these aims would help the leadership team determine if the existing cyber security controls were sufficient, or if investing to enhance their cyber maturity was required and desired.

The Solution

The challenge for any company seeking this type of support is locating a trusted third-party partner with a cyber security heritage of expert experienced professionals. It’s vital to provide the confidence that the objectives would be comprehensively achieved. Fortunately, Criticalis was exactly what the client wanted. We delved into the details of the complex environment and, using our expert eye and experience, provided an impartial assessment and valuable feedback for the board.

We reviewed their systems against 18 different control areas and identified 15 main areas of recommendations by assessing against a differing framework to the existing benchmark, providing that all-important alternative perspective. Upon conclusion of the review, the clear and accessible report outlining the findings and the recommendations was followed by a call to discuss the detail and provide further insight and context. The report indicated high level areas and recommendations for improvement, as well as mapping attack vectors to control mitigations already deployed.

Results

The partnership proved to be highly successful, courtesy of the positive collaboration between our team and the client’s in-house technical teams, and benefited from the experience and expertise of our security consultants.

The client’s board has developed a programme to address the findings based around our report’s clear areas of recommendations. There is the expectation of working further with us in future so we can help them to ensure their business remains resilient in the face of a changing threat landscape.

“If I’d known the results in advance of the security analysis on our network, I would have taken half the time to instruct them and probably been willing to pay twice as much.”
IT Manager
Manufacturing Industry

Need service just like this?

Contact us
Over 45 years experience in defending businesses and reputations from cyber-attacks.

CYBER SECURITY SERVICES

COMPANY

© Critialis Ltd. Registered in England, no. 09846789. All staff are Security Screened BPSS BS7858.