Case StudyRecovery of a Global Cybersecurity Program for a Financial Services Client
A major financial services institution with global operations was tasked with the remediation of regulatory finding. The matter of the finding was to secure network access across all physical locations of my client and to prevent unauthorized network access.
The transformation complexity of the change was very high, as it has impacted nearly 3,000 real estate locations worldwide. Due to such complexity, even though several project managers were changed, the initiative stalled.
Our Solution and Result
To address the situation, we established a partnership with the Facilities team, and jointly – inventoried and analyzed all of the physical locations based on what was known about those locations. After that, we correlated findings with the network map that was provided by the network engineering team. Following that, geographical locations were grouped based on the availability of support staff (in-house and outsourced). We established a staggered incremental rollout approach to avoid any impacts. Initially, after the system went live, only the detection of unauthorized devices was turned on. After such devices were detected, notifications were sent to device owners and regional support staff. Following the three weeks, network access to unauthorized devices was turned off. At the same time, escalation and exemption processes were implemented to prevent any business impacts. As a result – effective remediation of the regulatory finding was underway, and the regulator fully accepted the remediation approach.