Responding to a cybersecurity breach
Snapshot
A transportation company suffered a security breach that appeared to involve the theft of company funds, and called in Kalles Group to help with the response. Given the emergency nature of the situation, our consultants dropped everything and got straight to work – and so did the client. Kalles Group launched an incident response, running a forensic investigation into what happened, advising the client and their IT partner on how to harden their security procedures, and filling in the gaps in the company’s capabilities where needed. Thanks in no small part to this company’s openness and eagerness to address the problem, Kalles Group was able to build a very strong rapport between our consultants and the client’s staff. We were able to provide the company and its IT partner with the tools needed to defend against breaches of this sort in the future, and to respond to situations like this in near-real time – something that was proven when the company successfully defended itself against a series of follow-up cybersecurity incidents.
Challenge
In a situation where an IT security breach has occurred, time is of the essence. Kalles Group’s consultants jumped in at the earliest possible moment and got to work. Fortunately, the client was just as willing to work quickly – and to provide Kalles Group’s consultants with the resources and access we needed to respond to the incident. The key was to understand what had happened and how it had happened. We began a forensic investigation, focused on online identity and credentials. Among other things, we looked into sign-in logs to see who was signing in and from where. The investigation found several anomalies in the sign-in logs, giving us an idea of where the company’s security was in need of improvement.
It was important to improve the client’s approach to their operations, which relies on the Microsoft 365 suite of cloud-based services. Kalles Group consultants brought their in-depth understanding of Microsoft 365 products to advise the client on the various security controls available to them, making them aware of state-of-the-art cybersecurity solutions that can drastically reduce the high-risk activities – such as phishing and spam – that are often the gateway to serious cybersecurity breaches.
Approach
A security breach can be a terribly traumatic event for a business. Our team engages in these situations with an attitude of empathy and inclusiveness, and works to ensure that all the relevant people involved are included and kept up to date. Thanks to the client’s eagerness to address the problem, and their openness and accessibility to our consultants, we were able to develop a strong rapport with the company and its IT partner, which gave us the ability to identify vulnerabilities within the company’s procedures, and led to longer-term cooperation beyond the initial incident response. We pivoted to a security hardening project, showing the client where they could improve their procedures to avoid future cyberattacks, for instance with improved email security, updated anti-virus software and enhanced cybersecurity training for staff.
Most importantly, we identified the gaps in the client’s ability to address security issues, and filled them where needed.
Results
As was our goal, this transportation company and its IT partner are now well-equipped to address cybersecurity incidents in near-real time – as proven by the fact the client’s IT partner was able to successfully address several attempted follow-up cyberattacks. And while the company can now stand on its own two feet with respect to securing its systems, its staff know they can come to Kalles Group anytime if they are in need of further help or advice.