Express Delivery Company Case Study

Organisation

This express delivery company employees over 25,000+ staff and operates close to 3,000
depots including a large number of automated parcel delivery terminals.

Challenge

The company’s newly appointed CISO and CIO required an accurate overview of their
existing cyber security posture and any potential cyber risk exposure.

The newly installed team needed to know any if any previously undetected vulnerabilities
existed on their network, as if there were, these vulnerabilities may impede the
organisation’s future development.

The company wanted to conduct a comprehensive cyber audit that could be delivered
outside of their existing framework and so would not involve costly and time-consuming
integrations with existing cyber solutions, nor did they want the assessment to tie up
valuable internal resources.

Approach

The company decided to undertake its first in-depth cyber health check-up and chose a
Compromise Assessment as it would deliver upon the project parameters, would fall
within existing budgetary guidelines and deliver results within their preferred time frame.

The Compromise Assessment audit would deliver the following:

  • A full Asset Discovery
  • In-depth analysis of cyber threats and Indicators of Compromise
  • Analysis of existing IT and Cyber policies to identify if best practices were being met
  • Highlight any violations of company compliance policies within the organisation

Process

The Artefact Collector module gathered and encrypted over six months of log data that
would help identify any behavioural anomalies relating to employees, services, apps and
network traffic.

The gathered data was then uploaded to a private instance within Microsoft Azure to
ensure the highest levels of security.

Proprietary algorithms then prepared the data for analysis and the results were sent to
the analytics engine which generated the final assessment report.

Throughout the Compromise Assessment, the company’s security team had full visibility of
proceedings via their secure private dashboard, allowing them to monitor each phase of
the assessment.

Once the machine learning process was completed and initial findings were made
available, an expert security Data Analyst validated the results and added any additional
context that was relevant before the report was released to the company’s security team.

The final version of the Audit was delivered in PDF format. The report shared all relevant
metrics highlighting the nature of the vulnerabilities found, how serious they were and
recommendations on how to address them.

Compromise Assessment Results

As a result of the Compromise Assessment, the company received enhanced visibility of
their network topology.

Examples of some of the findings made by the Compromise Assessment were:

  •  10 instances of business-critical cyber threats were detected
  • Multiple Indicators of Compromise (IOC’s) were identified
  • Multiple vulnerabilities in IT and Cyber practices were identified
  • Direct communication between external IP addresses and the company’s internal network were identified
  • The use of Potentially Unwanted Programs (PUPs) such as TeamViewer was highlighted
  • A high amount of PSEXEC activity highlighted the possibility of compromised User Accounts
  • The deletion of windows log files indicated an attempt to hide malicious activity

A strategic long-term plan and corrective actions were proposed based on the
information shared in the final report.

Conclusion

The Compromise Assessment confirmed that the company’s existing level of cyber security
was not fit for purpose and there was a high chance that any future attacks would go
undetected.

The results of the Compromise Assessment were of real value to the newly appointed
Information Security Management team as they were given a clear picture of the
organisation’s true Cyber Posture and now had a list of issues that needed to be
addressed as a priority.

As a result of the recommendations found in the report, the company was able to
significantly reduce the number of active threats to their network.

This gave the company’s Information Security team a great foundation to secure the
organisation against future threats to their business.

 

STIC – Express Delivery Company Case Study