A financial services organisation needed Mitie Global Security Operations to conduct a group-wide assessment of their exposure to cyber security risks.
The customers two main business divisions were operating separately from one another, and whilst there was individually a strong attention to risk management, there had never previously been a group wide assessment. With offices and operations in over 50 countries around the world, the size of the task was vast. With key hubs being located in London, Chicago, Switzerland and Singapore, it was a truly global undertaking that required extensive planning and organisation to ensure a comprehensive review could be done.
The organisation had previously experienced some low-level cyber security breaches across different locations and business divisions, making the need for a full group wide assessment critical. Whilst none of these incidents had been a major cause for concern, the risk was evident that a bigger, broader scale incident was a possibility, so it was essential that a complete review was done across all business divisions and locations, as quickly as possible.
The GSO team devised a custom-made, structured and repeatable methodology to identify the inherent cyber security risks in a highly complex and business critical environment. Engaging with all stakeholders, including C-Suite level, and holding regular check ins with the steering committee to provide updates on the findings as a key part of the process.
Developing a custom-made methodology was necessary for the customer given the size and scale of its operations, as well as the separate nature of the two divisions that required the review. Ensuring that the method was repeatable was also essential, to ensure that the customer could continue reviews in future and action any findings to strengthen their cyber security profile.
Mitie Global Security Operations delivered a detailed and lengthy report, presented to the CISO and board, identifying key areas of potential risk to the business, as well as our proposed solutions and remedial actions to mitigate and manage them
The team defined a strategy that would help the customer better manage cyber risks on an ongoing basis, including the implementation of a leadership team to oversee group-wide governance and delivering cyber security training to all employees. By creating a dedicated governance group, the business could better manage their cyber security profile in future and embed the practices in their security strategy.
Furthermore, by including all employees in cyber security training, the business ensured that cyber security was engrained throughout the business, making them more resilient against any potential cyber attack.