Real-World Cyber Attack Simulation for Global Trading Organisation
- Analytics & Modeling - Digital Twin / Simulation
- Cybersecurity & Privacy - Application Security
- Education
- National Security & Defense
- Quality Assurance
- Cybersecurity
- Intrusion Detection Systems
- Cybersecurity Services
- Training
The CEO and board of directors of an international trading organisation were concerned about the potential damage a cyber-attack could inflict on their operations and reputation. Despite significant investments in cyber security, they lacked visibility into the effectiveness of these defences and how their organisation would respond to a real-world attack. The Financial Conduct Authority (FCA) legislation holds senior managers personally accountable for ensuring that IT security regulatory requirements are met. Therefore, the CEO and board decided to engage Redscan’s Red Team to test the effectiveness of the company’s cyber security controls and its ability to detect and respond to malicious behaviour.
The customer is a global trading organisation with its headquarters in the UK. The company operates in the finance industry and is subject to regulations from the Financial Conduct Authority (FCA). The CEO and board of directors are aware of the potential damage a cyber-attack could inflict on their operations and reputation. Despite significant investments in cyber security, they lacked visibility into the effectiveness of these defences and how their organisation would respond to a real-world attack.
Redscan’s Red Team used modern adversarial tactics to emulate advanced threat actor activities within the organisation’s network environment. The project involved testing all aspects of the financial company’s IT defences. To ensure the engagement was as realistic as possible, Redscan received no internal information or access to the client’s business. All knowledge was obtained leveraging open source threat intelligence gathering techniques to identify valuable information available within the public domain. The engagement was carried out over a period of three months to replicate the stealthy approach adopted by real-world attackers.