Red Teaming at an Insurance Company
Case Study
> Markets > Financial Sector > Red Teaming at an Insurance Company - Case Study
Case Study: Red Teaming at an Insurance Company
Our client, a top insurance company in the Netherlands, wants to keep up with ever-changing cyber threats. The Security Officers recognize that standard penetration tests aren't covering all the cyber risks.
The Challenge: How to test cyber resilience
The insurance company wants an integrated approach to find weak spots in the cyber security. The organization decides to do a simulated 'real-life' attack with Secura's Red Teaming Assessment.
The Approach: A simulated attack
Together with the insurance company's security team, we perform a Red Teaming Assessment to deeply check the insurance company's cybersecurity. These are the steps:
01
Develop Real-Life Scenarios
We create realistic attack scenarios that insurance companies likely face.
02
Use the Unified Cyber Kill Chain
Our tests go through all stages of a real cyber attack, as described in the Unified Cyber Kill Chain. We check every part carefully.
03
Discover the Weak Spots
We discover new ways hackers could get to the company's most important data.
04
Work Closely with the Insurance Company's Security Team
We use the MITRE ATT&CK framework and worked with the company's security team.
05
Plan Next Steps
After finding weak spots, we provide the insurance company with a plan to mitigate the risks.
06
Improve SIEM (Security Incident and Event Management)
We help the company add new use cases to the Security Incident and Event Management platform (SIEM). This improves threat detection.
07
Train Staff
We train employees of the insurance company to spot phishing emails, a common way hackers get in.
08
Tabletop Cyber Crisis Management Workshop
We run a Tabletop Cyber Crisis Management Workshop to see how well the insurance company handles a real cybersecurity attack.
The Result: Increased Cyber Resilience
Result 1: Priority list of Vulnerabilities
The priority list of vulnerabilities provides a framework for remediation planning.
Result 2: Enhanced Detection and Response
The new SIEM use cases and employee training improve the organization's ability to respond promptly to cyber threats.
Result 3: Improved Incident Response
The client's response teams are better prepared for cyber incidents after the Tabletop Crisis Management Workshop.
Result 4: Roadmap to Cyber Resilience
Our recommendations provide a clear roadmap for strengthening cybersecurity resilience.
Related Services
Red Teaming Assessment
Tabletop Crisis Management
ABOUT SECURA
Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.
Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.
Why choose Secura | Bureau Veritas
At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.
Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.