case studies
Financial Institutions
HomeCase Studies → A Bank’s Vault Is Meant to Be Locked and Secured

A Bank’s Vault Is Meant to Be Locked and Secured

Threat Landscape

The financial services industry is a lucrative and frequent target for cyber criminals. For banks, the funds and valuable data they hold, high dependency on electronic processes and networks, pressure to win digitally, and third-party reliance, escalate their cyber risk.

Challenge

Banks operate in a highly regulated industry. They bear tremendous fiduciary and legal responsibility to protect customer data, requiring sophisticated cyber security programs. Suspecting a potential breach, the bank’s chief privacy officer wanted to assess their preparedness. Timing was critical.

Solution

We worked onsite to understand the bank’s system inside and out. Our team performed a data mapping exercise to define sensitive data, track its location, and recommend controls. During technical validation, we uncovered strange activity in the bank’s security information and event management (SIEM) solution. High volumes of traffic were going to international locations – odd for a domestic bank.

Our incident response team focused in on a web server hosting a test website with unintentional internet access, and possibly real customer data. Working hand-in-hand with the internal team, we found the intruder was conducting reconnaissance, hunting for vulnerabilities to exploit later. We cut off the server’s internet access before any data was stolen.

Results
  • In less than 24 hours, we contained a security breach and ensured no data was stolen
  • We completed a thorough cyber security assessment in one week, enabled by access to the bank’s network and knowledge of their data storage protocols
  • We adjusted misconfigured hardware to ensure only internal traffic could access it

Protect your assets today. Call us:
Americas: +1.212.981.6540
EMEA: +44.20.7061.2200



Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.


Copyright 2021 Aon plc. All Rights Reserved.


Copyright 2021 Aon plc. All Rights Reserved.
Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.