Cybersecurity program enables recovery from cyberattack

Snapshot

One of the world's largest suppliers of ophthalmic diagnostic, laser, and surgical lenses suffered a severe cyberattack. Kalles Group helped the client not only halt the attack, protect their data, and recover losses but also develop a cybersecurity program to strengthen protection of the clients data going forward. 

Risk Management Access and Control Weakness Concept
The Challenge

This global supplier of ophthalmic diagnostic, laser, and surgical lenses suffered a severe cyberattack. The cybersecurity attack was possible because the client lacked company security practices and had technical debt, which occurs when a company chooses an easier technological route for the immediate time, making them more vulnerable in the futureWhat the client needed from Kalles Group was twofold: 1) immediate help in securing their business and data from the attack, and 2) development of a program to reduce their risk and help prevent future losses. 

Our Approach:

Following best practices for incident response, Kalles Group first moved to contain the attack, mitigate damage, secure environments, and remove attackers. Next, they addressed acute vulnerabilities and remediated the effects of the attack. Once Kalles Group successfully contained the attack, they assessed the client’s entire security protocol to develop a custom security program. 

Kalles Group conducted discussions with key staff membersreviewed documentation, and observed company practicesThey assessed the client's current data security, information security policy, personnel awareness of security, and vendor security postures. Kalles Group helped the client understand security concepts and make decisions about: 

  • Program roles and responsibilities 
  • Processes in scope 
  • Regulatory and legal requirements 
  • Policies and standards 
  • Employee security education needs 
  • Data classification criteria 
  • Access to systems and network 
  • Third-party security 
  • Mobile and personal devices in use for work  
Quotation mark icon

Kalles Group recommended security improvements and helped the client create a plan to implement not only those improvements but also cultural changes

Our Solution

Kalles Group recommended security improvements and helped the client create a plan to implement not only those improvements but also cultural changes. The new cybersecurity plan helps the client confidently determine what they most value, where those things are, which processes support them, and the risks to all of those assets. The client now has a plan to operationalize the program and keep it running continuously, including periodic re-evaluation and fine-tuning so that it evolves to meet the organization’s ongoing needs. 

With the new cybersecurity program’s implementation, the client has secured their network and protected their data with smart technology, improved processes, and employee education. As a bonus, the client should experience cost savings after their initial investment as a result of eliminating ineffective or redundant activities and strategically allocating people, time, and money toward their ongoing data protection efforts.