Industry: Insurance
Service: Professional Services
Location: Europe
Organization Type: Private
Employees: 1,001-5,000
Dedicated IT Staff: 5
Needs And Requirements:
In response to the rising threat of cyberattacks, this leading insurance company sought to strengthen its cybersecurity defenses by addressing potential vulnerabilities through a series of targeted penetration tests. The objective was to ensure comprehensive protection of sensitive information and critical systems.
To achieve this, the company requested an external penetration test in a blackbox setting to simulate an attack by an external adversary with no prior knowledge of the company’s systems, identifying potential entry points and vulnerabilities that could be exploited.
The company also requested a Multi-Factor Authentication (MFA) test, a focused penetration test to assess the robustness of their MFA system and confirm that only authorized individuals could access sensitive data, safeguarding against unauthorized access even if credentials were compromised. Finally, this insurance company requested a “Stolen Laptop” scenario simulation, which tests the company’s ability to protect sensitive information in the event of a stolen device.
Main Challenges:
Regulatory Compliance: The company needed to meet strict regulatory requirements, necessitating rigorous security measures for their web applications handling sensitive client data.
Diverse Application Landscape: The company has multiple web pages, including an MFA page that had to be tested.
Insider Threats and Unauthorized Access: The company had to ensure they were secure in the event of any unauthorized access to their premises or network.
Solution:
Penetration Testing: Hitachi Cyber executed a meticulous external penetration test in a blackbox setting, simulating a real-world external attack to identify and address vulnerabilities. Using a combination of automated tools and manual testing techniques, the process ensured the detection and prioritization of exploitable vulnerabilities.
Following this, Hitachi Cyber conducted an extensive evaluation of the client’s MFA system. This test included attempts to bypass security controls, brute-force credentials, and explore other potential attack vectors to assess the robustness of the MFA solution.
Finally, a “stolen laptop” scenario was simulated, testing whether a locked company device could be accessed and to what extent its data and systems could be compromised once unlocked. This simulation provided critical insights into the company’s endpoint security and data protection measures. The findings were compiled into a comprehensive report, detailing every step taken, the vulnerabilities discovered, and actionable recommendations for remediation.
Outcomes:
The detailed penetration test reports were delivered on time, including an executive summary for immediate attention areas, technical review phases, a list of identified vulnerabilities ranked by criticality, and specific recommendations for enhancing asset protection. These measures ensured they remained compliant with various standards and regulations, bolstering their security posture.
Next Steps:
The company plans to continue to partner with Hitachi Cyber, to monitor its security posture with regular security audits and compliance checks to ensure ongoing protection and adherence to evolving regulatory requirements. The company also plans to explore other types of Professional Services proposed by Hitachi Cyber in the future.
