Why read this report
Client is a leading industrial enterprise in Automotive, Equipment, and Manufacturing & Engineering in Malaysia. Its industries are based across different regions in the country.
Since the company has a broad base, its main aim was to ensure that their critical IT infrastructure was secure against all kinds of cyber threats and vulnerabilities. Client also made sure that they were compliant with the best cybersecurity practices and guidelines in the industry.
The report explains how client identified and handled cybersecurity challenges. It also explains steps that they took to stay protected from external vulnerabilities and threats.
This report offers a lesson that CISOs and CIOs can follow to help manage cyber risks when a cybersecurity framework is needed.
Key takeaways:
- To identify potential gaps, critical components within the IT system and show the potential impact of those threats and vulnerabilities.
- Provide a vulnerability assessment report that defines, identifies, classifies, and prioritizes vulnerabilities faced by the enterprise’s computer system.
- Evaluate whether the security controls within the company’s operations streams followed guidelines.
- Evaluate if the systems were susceptible to any known risks or threats, assign severity levels to those risks or threats and recommend mitigation
CASE STUDY
HOW AN INDUSTRIAL ENTERPRISE IDENTIFIED CYBERSECURITY RISKS TO SECURE IT INFRASTRUCTURE 5 Min Read
Situation
Over the past few years, there has been a steady increase in the volume, severity, and complexity of cyber threats. client, a leading industrial enterprise, wanted to ensure that their whole security operation is reliable. Since their industries were located across different regions, they wanted to craft a strategic roadmap for cybersecurity to ensure that they used the best practices.
Client decided to guarantee that the security of their critical IT infrastructure was foolproof against all kinds of cyber threats and vulnerabilities.
To achieve their goal, client engaged EC-Council Global Services to check the strength of their critical IT infrastructure within a stringent time frame.
Solution
Based on the services deployed, the EGS team provided multiple reports to client, including recommendations to close any existing loopholes in the security strategy. The recommendations were divided into two groups: tactical recommendations for immediate improvement and long-term strategic recommendations for improvement.
- During the time frame, the team defined, identified, classified, and prioritized the vulnerabilities in the client workstreams.
- They tested the company’s security controls within client operations streams.
- Reports and feedbacks were given regularly about any critical findings that were based on the Common Vulnerability Scoring System (CVSS) severity scores
- The team also notified them of any critical vulnerabilities that could lead to significant negative impacts on their business operations.
- A final report was delivered to the client, along with a list of recommendations prioritized during the assessment process, ensuring that the client knew which threats to tackle first.
Services delivered
A comprehensive range of services was offered:
External Penetration Testing |
Internal Penetration Testing |
Web Application Security Assessment |
Database Assessment |
Endpoint Penetration Testing |
The trained security experts of the EGS team used industry-proven tools and techniques to perform quality assessments and evaluations. Further validation was done using the best industrial practices and guidelines such as CIS, DISA STIG, and NIST to identify any non-compliances.
Results
With the help of the solutions that were provided by the EGS team, client was able to find the gaps and misconfigurations in their existing IT systems, as well as several shortcomings in line with industry best practices and standards. Comprehensive remediation procedures were provided to the company based on the findings that were categorized into low, medium, high.
Engage with EGS: Gain greater confidence in your cybersecurity decisions by working with EC-Council Global Services’ thought leaders to apply our solutions to your specific business and technology initiatives.
Posture Assessment Survey
An independent expert assessment of the current state of information security environment is conducted against global standards and leading industry practices to measure the overall cybersecurity maturity of your organization. |
FREE Phishing Simulation
To assess your organization’s human error vulnerabilities, take OhPhish’s FREE subscription to run simulated Phishing attacks and get a detailed actionable report. |
Vulnerability Assessment & Penetration Testing (VAPT)
EGS offers a broad range of network infrastructure, web applications, and mobile application security assessment services designed to detect and gauge security vulnerabilities. Take the FREE VAPT for up to 10 external IPs, worth USD 5000 and get a customized report! |
Related Research Documents/Links
https://www.eccu.edu/threat-intelligence-how-to-future-proof-your-cybersecurity-strategy/
https://www.eccu.edu/developing-a-corporate-information-security-strategy-and-roadmap-that-aligned-with-business/
https://blog.eccouncil.org/5-essential-steps-to-improve-your-cybersecurity-strategy/
https://www.bakertilly.com/insights/monitoring-and-verifying-cybersecurity-controls-effectiveness/
https://www.energy.gov/sites/prod/files/2018/07/f53/EXEC-2018-003700%20DOE%20Cybersecurity%20Strategy%202018-2020-Final-FINAL-c2.pdf