The client company was established in 1964 and has a presence in 15 locations across India. The head office became a victim of cyber attack, despite having various security tools installed. The attack was in the form of ransomware. The ransomware attack not only encrypted the entire data of the organisation, since the data and operations were centralised, but the entire business across India was also impacted for four days.
This caused disruption in normal business working and direct financial loss. Although the IT team reacted, it was necessary for the client to know the cause of the breach and to seriously understand cybersecurity and their cyber resilience capabilities.
Matrix3D Complete IT Infrastructure Assessment (CIIA) checked all the boxes and helped the client restructure and conduct business with the assurance that IT is monitored, and various gaps have been evaluated and plugged to prevent future attacks.
The client had already invested in the enterprise-level firewall, virtualised server software, and quality hardware, yet the attack happened. Matrix3D suggested assessing the current IT infrastructure to understand the deployed IT system and how is it used. The client agreed with the approach and the study revealed various gaps in the current network which shows vulnerabilities due to configuration errors or inadequate vendor support and other controls that had not been updated. It may also have an impact in the future if those findings were not addressed in a timely manner.
Matrix3D Infocom has used its structured audit and assessment framework to analyse the vulnerabilities. The framework looks at technical, organisational and operational aspects of the IT landscape, which helped to understand the root cause and not just the symptoms and vulnerabilities. The framework brought in security by design and a strict control process in the IT Landscape. Matrix3D redesigned the business processes and defined the policies at the user-end for the IT team.
The client had already invested in various technologies that would suffice the business requirements. This investment needed a technical architect to connect the dots and make it work. Also, during the process, the client had not looked at security holistically and expected that the system would have inherent and default protection.
The client now understood the mapping of business needs to the IT equipment that fulfills it. This has brought down investments and inclusion of unnecessary IT devices. Equipment and licences lying across for meeting compliance were brought into use, to increase productivity. Finding the optimum use of services in internet bandwidth, firewall, server, and other IT areas has saved the client over 60 per cent in the total annual budget and the impact will be far-reaching.
Post-deployment, the business reduced its annual expenditure by 30 per cent as they don’t need to renew or upgrade licenses that they do not use and retire various obsolete software and hardware. The client has improved its security framework by putting policies and monitoring controls in place. The client is assured that there is zero per cent malware or hidden vulnerabilities in the IT landscape.