Security Weaknesses Fixed Using Optimised Remediation Method
“We ensured the issues in question were addressed much faster than if the organisation had tried to tackle them alone.”
Following the worldwide WannaCry ransomware attack in 2017, a large financial services client carried out a review of its third-party network connections.
The review identified 1000+ connections that could leave the organisation exposed to cyber breaches. This was due to control weaknesses at their ‘trusted’ third parties. The challenge faced by the organisation was how to quickly and effectively address such a high volume of issues. Large numbers of people across different operational and supplier teams needed to be mobilised, focused, and managed.
We were able to help the client using our in-house security remediation approach, an end-to-end methodology for rapidly addressing cyber weaknesses. It has been developed based on our experience of resolving cyber issues across many of the UK’s largest financial services companies.
The first step was to carry out a risk-based prioritisation of weaknesses and set up a governance forum. We then applied our remediation process to identify connection owners, determine and approve plans, and track activities to completion.
This process was underpinned by our remediation tracker, which provided transparent management information (MI) to the control owner and other key stakeholders. As well as tracking remediation progress, this MI included ‘non-responder’ data. This critical metric enabled the control owner to escalate performance issues as required, ensuring focus and priority was given to the required remediation activities across the whole organisation.
We also defined and delivered a robust ‘gatekeeper’ process. This is a key early deliverable of our security remediation engagements that stops weaknesses in the new, change-driven estate becoming worse while the legacy estate is addressed.
The client minimised costs and timescales for this activity because our remediation approach provided an improvement process already optimised to address its security weaknesses, and in multiple instances in its environment. Rather than start new projects to address these weaknesses, the client could hit the ground running.
We ensured the issues in question were addressed much faster than if the organisation had tried to tackle them alone. This was down to the combination of risk-based prioritisation, clear MI that helped to remove remediation blockers, and a dedicated i-confidential team driving the activity.
As well as leaving behind an auditable record of risk-accepted security weaknesses, we also provided the cyber security team with an effective third-party connection gateway and recertification process to maintain connection inventories and owners.