Industry: Manufacturing & Distribution
Service: Professional Services
Location: North America
Organization Type: Private
Employees: 1,001-5,000
Dedicated IT Staff: 5
Needs And Requirements:
The pharmaceutical manufacturing and distribution firm, a leader in its industry, suffered a ransomware attack on their network and required immediate intervention. After recognizing the extent of the attack, they sought for external cybersecurity experts specialized in Post Breach remediation. With the full support of these experts, they organized a plan to identify, contain and recover all threats on their network. They also required the source of the breach to be found to avoid any potential follow-up attacks.
Main Challenges:
Lack of Robust Incident Response and Recovery Plans: Recovering from an attack was challenging because of the lack of recovery plans.
Inadequate Patch Management and System Updates: Frequent updates were necessary to address security vulnerabilities effectively.
Insufficient Employee Training and Awareness: Employee training against phishing and ransomware attacks was necessary because of how common they are.
Solution:
Cyber Resilience & Incident Response: Hitachi Cyber identified the threats and assisted in containment and recovery. They identified the specific ransomware variants present on different systems and created a list of ransomwares compromised systems to successfully recover from the attack. After identifying any other malicious software present on systems, they determined the source of the attack and its ransomware infection. Hitachi Cyber then successfully planned a containment, isolation and cleanup strategy. Following cleanup, they provided consulting services to support with remediation of any servers, workstations, applications and more.
Hitachi Cyber worked with the company’s cybersecurity team to ascertain if any PII, Personal Data or Confidential Information was accessed and exfiltrated in an unauthorized manner. They then determined attack vectors, outlining how the malicious actors accessed the environment. Hitachi Cyber then provided guidance throughout the incident life cycle.
Architecture Security: Hitachi Cyber’s extensive experience in handling thousands of security breaches, coupled with their threat intelligence, helped the company identify intrusions, security gaps in existing architecture and provide a far more comprehensive assessment than any single vendor tool could. Hitachi Cyber performed vulnerability and malware scans to determine the network’s resiliency to malware, such as ransomwares. They reviewed O365 configurations to identify security flaws and optimization opportunities including Azure.
Outcomes:
Following Hitachi Cyber’s intervention, the client fully recovered from the ransomware attack on their network. The solutions provided helped fortify their cyber defenses and massively reduce any risks of future breaches.
Next Steps:
Moving forward, the company will establish solid recovery plans and ensure their team is trained and aware of risks. The company will also use Hitachi Cyber’s recommendations and support to ensure their architecture is secure and assets are up to date, guaranteeing a minimal surface of attack for any malicious actors. The company will also use Hitachi Cyber’s 24/7 Managed Security Services for a full coverage of their network to discover any attacks as soon as possible, before they have the chance to inflict any damage.
