A prominent entertainment and public facilities management company fell victim to an outside ransomware attack and was unable to determine the origin of the attack incurred upon its network. The company had no protocols or effective measures in place to mitigate such threats or reduce network vulnerability. And there was no plan to prevent such an attack from occurring again. The company’s cyber security posture lacked hardening measures, providing an open opportunity for hackers to steal and/or expose sensitive information for illicit gain.
Guidepost was engaged to investigate and determine how the ransomware attack occurred and provide cyber hardening measures that would help mitigate and prevent future attacks from occurring. Our team used the GearBox network cybersecurity performance and vulnerability assessment tool to perform a comprehensive network device inventory, vulnerability assessment, external and internal penetration testing, and router and switch configuration assessments. By implementing the GearBox on the network, we can find, assess, and report security and performance vulnerabilities of Internet-of-Things (IoT) network devices simply by connecting to the network and performing a comprehensive scan. The efficiency of the portable GearBox device allows our team to respond quickly and efficiently, and to produce a vulnerability report for immediate action.
Benefit to the Client
Working diligently and collaboratively with the company’s IT department, we were able to identify several areas of risk including security cameras, printers, end of life equipment, and firewall policies, across the operational technology infrastructure. Utilizing the information discovered, we implemented and recommended solutions including patching and network management software, a vulnerabilities mitigation plan, and a network and physical security hardening plan, to enhance network security measures and significantly reduce the network devices vulnerabilities that were exposed with ransomware. Guidepost has also been retained for a multi-year consulting engagement that will provide continuation of services aimed at continual risk and threat vulnerability review and implementation of remediation measures to mitigate and eliminate risk.