Situation
NCC Group was enlisted by a leading FTSE 100 company to perform breach containment following a large-scale security incident from advanced attackers. The incident investigation highlighted some resource challenges for the IT Security team to be able to keep pace with the increasing demand of cyber threats. These challenges required attention from the senior decision-makers of the organization.
NCC Group successfully identified the threats, managed the response to the breach, and implemented measures to contain the threat during the course of the investigation. Security improvements were implemented as part of an agile bespoke program which significantly reduced the risk of a future incident occurring.
At a Glance
Organization: FTSE 100
Industry: FTSE 100
Challenge: Perform breach containment following a large-scale security incident
Solution: NCC Group brought in senior advisors to liaise with the client and contain and secure the wider security estate to prevent the attackers from returning
Result: The incident was dealt with, and areas of improvement were identified, enhancing the security posture of the organization and helping to ensure similar attacks can be handled in the future
Challenge
The incident demonstrated to the organization that it needed to prioritize its IT security systems to mitigate potential vulnerabilities going forward.
The complexity of the estate and the requirements to maintain business-as-usual operations made improvements slow and unwieldy. NCC Group successfully prioritized, implemented, and managed the response as well as provided longer term improvements to dramatically reduce risk exposure.
Solution
The organization enlisted the support of NCC Group's Cyber Incident Response Team (CIRT) service to perform Digital Forensics and Incident Response (DFIR) and threat hunting across hosts, logs, and networks to fully understand the extent of infiltration.
As the extent of the incident was revealed, NCC Group's senior advisors were also drafted in to liaise with the board of the organization and manage the incident from a technical standpoint while providing valuable insight to the senior non-technical audience.
The in-house IT team was not able to act on the findings that NCC Group had presented during the course of the investigation due to resource constraints and a lack of advanced security knowledge. This led to the organization engaging with NCC Group's Security Improvement and Remediation (SIR) team.
The SIR team included a senior cyber advisor and program manager who were able to contextualize the broader issues to the senior board of the organization. The team also planned out the remediation steps for the containment and eradication phase and the critical priorities for implementing security improvement fixes.
The main priority for the SIR team was to secure the wider security estate of the organization to prevent the attackers from returning by rapidly reducing risk exposure. This was done by tasking the in-house IT function with concise work packages, as well as putting in place floating IT security gurus who acted as troubleshooters. This ensured the recommended changes could be implemented seamlessly and rapidly.
Result
The initial incident was dealt with rapidly and comprehensively thanks to NCC Group's incident response team and the close integration with senior cyber advisors and the SIR team. The attackers were fully removed from the environment, and the security posture of the estate was raised to prevent and detect similar activity.
The vulnerabilities and areas of improvement for the organization's overall security environment, identified during the course of the investigation, were acted upon by the SIR team, which accounted for a third of the work the NCC Group conducted for the company.
Critically, the prioritized work packages implemented cooperatively by NCC Group's SIR team and the client's in-house IT team rapidly enhanced the security posture.
This not only ensured that the implemented changes were appropriately prioritized and fit for the purpose but also that the organization managed to put in place a more strategic direction for security improvement going forward. These improvements include long-term monitoring through MDR from NCC Group.
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 14,000 customers worldwide to protect their most critical assets from the ever-changing threat landscape.
Get Started on Your Cyber Security Journey
Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what NCC Group can do for your organization's unique cybersecurity needs.