Why read this report
Client is one of the largest Independent Power Producers (IPP) in Malaysia, with six power plants that run on oil, coal, and gas. Internationally, client also develops Waste-to-Energy (“WTE”) projects. As an independent water and power producer (IWPP), the firm manages overseas projects in Bahrain, Saudi Arabia, and Oman.
Concerned about the rampant IT security challenges the organization was regularly facing, client decided to assess its current cybersecurity posture and enhance defense technology.
Recognizing that human error was its biggest challenge, client decided to create awareness and train its employees on cybersecurity best practices, risks, and threats.
This report explains a review and assessment of the overall maturity of client cybersecurity posture (covering people, processes, and technology) with an actionable plan to stay at par with the security guidelines. It offers lessons that CISOs and CIOs can apply to their organizations as they look to similarly assess their cybersecurity posture and awareness.
Key takeaways:
- Identify all the potential gaps within the network security system and show the potential impact of those threats & vulnerabilities.
- Evaluate whether the servers in the organization followed security standards and guidelines.
- Set up a network access control list to add a layer of security to a virtual private cloud.
- Review the configuration of the database server operating system within the network; the server software and configuration of the database and its settings to ensure they are compliant to the industry prescribed standards.
CASE STUDY
LESSONS FROM A POWER PRODUCER: HOW TO REDUCE CYBERSECURITY RISK IN JUST 4 STEPS 5 min read
Situation
In a world of evolving technology and frequent threats, client – a growing Independent Power Producer, is looking to measure its current state of security.
Concerned about the rampant IT security challenges the organization was regularly facing, client decided to assess its current cybersecurity posture and gauge how its existing security strategy held against an outside attacker.
Recognizing that human error was one of its biggest challenges, client also decided to assess cybersecurity awareness levels on risks, threats, and best practices.
To do so, client engaged EC-Council Global Services to check the robustness of security controls on their IT infrastructure within a stringent timeline of two months.
Solution
EGS engaged a team of qualified security consultants to manage and work parallelly to ensure that the assessment at client various sites was completed as per plan.
- During this period, the team provided guidance and support to the person-in-charge of every site, and the SPOC ensured the collection of relevant information and managed the configuration and conduct of the necessary tests as per technical guidelines defined.
- Reports and Feedback were provided daily to track the progress of each site.
Services Delivered
EGS offered the customer a suite of cybersecurity services:
| Internal Vulnerability Assessment |
| External Vulnerability Assessment and Penetration Test |
| Host Security Configuration Review |
| Network Architecture Review |
| Firewall ACL Review |
| Database Configuration Review |
| Physical Security Assessment |
| Security Awareness Training |
| Vishing Simulation |
Recommendations
EGS offered the customer a suite of cybersecurity services:
Based on the services deployed, EGS then provided a thorough report, including recommendations to close any existing loopholes in the security strategy. The recommendations gave the company a clear, realistic view of its cybersecurity position and a path to improvement. The customer now has an effective action plan to reduce risk, as well as a sustainable framework to tackle current and emerging cyber threats.
- Post assessment and review, a detailed report with an action plan was provided to the customer.
- A risk report with appropriate ratings helped the client prioritize remediation efforts.
- A Security Awareness campaign that included simulated Vishing calls was conducted to select employees to enhance their awareness of social engineering attacks across the company. The heightened level of awareness is expected to:
- Make security tangible and relevant to employees in their daily work
- Ensure that the security maturity level is gradually increased
- Ensure that leadership on all levels understand the critical role they play in showing clear support, involvement in – and adherence to the initiative
- Lay the foundation for a lasting security culture, anchored in the core values and strategy of the organization.
Result
The evaluation of the customer’s IT Infrastructure and the subsequent remediation ensured that the security risks of the customer were mitigated to acceptable levels. We worked closely with the client to improve their cyber status, policies, procedures, and employee awareness programs to increase their cyber maturity.
Engage with EGS: Gain greater confidence in your cybersecurity decisions by working with EC-Council Global Services’ thought leaders to apply our solutions to your specific business and technology initiatives.
| Posture Assessment Survey
An independent expert assessment of the current state of information security environment is conducted against global standards and leading industry practices to measure the overall cybersecurity maturity of your organization. Connect with us to take this FREE 15-Minute Survey. This will be followed by a remediation plan of the identified gaps and the development of a roadmap for transformation. |
FREE Phishing Simulation
To assess your organization’s human error vulnerabilities, take OhPhish’s FREE subscription to run simulated Phishing attacks and get a detailed actionable report. OhPhish is the fastest growing integrated platform for security awareness training. You can train your users, phish them, review results and repeat to ensure your company is on top of this game. |
Vulnerability Assessment & Penetration Testing (VAPT)
EGS offers a broad range of network infrastructure, web applications, and mobile application security assessment services designed to detect and gauge security vulnerabilities. Take the FREE VAPT for up to 10 external IPs, worth USD 5000 and get a customized report! |
Related Research Documents/Links
https://www.sciencedirect.com/science/article/abs/pii/S0378779610002634
https://www.accenture.com/us-en/insights/security/cyber-threatscape-report
https://blog.eccouncil.org/a-passage-to-penetration-testing/
https://blog.eccouncil.org/wireless-pen-testing-to-protect-wireless-networks-using-wpa2-over-advanced-wpa3/
https://blog.eccouncil.org/5-reasons-why-penetration-testing-is-imperative-for-your-organization/
https://blog.eccouncil.org/how-strong-is-your-anti-phishing-strategy/
https://blog.eccouncil.org/the-risks-of-phishing-to-organizations/
https://blog.eccouncil.org/spear-phishing-101-how-it-differs-from-phishing/