Client’s business issue:
Following a severe ransomware attack that resulted in an extended business shutdown, a private equity-backed multinational financial services company urgently needed to gain fulsome visibility across its endpoints and bolster its cyber resilience. By reducing cyber risks, it also sought to preserve and enhance its overall enterprise valuation.
Our mandate:
We were engaged to advise on how best to:
- Achieve comprehensive, continuous visibility across 35,000 endpoints (desktops, laptops, and servers).
- Remediate gaps in patch management team’s operating processes, which caused an increasing number of unpatched, aging software vulnerabilities.
Our actions:
Our information security and cyber incident response experts deployed Tanium, a sophisticated endpoint monitoring and management tool, across the client’s infrastructure to assist with the:
- Identification of numerous unauthorized, high-risk applications, resulting in the development of a new “Approved Applications” policy.
- Redesign of a comprehensive patch and vulnerability management program within 90 days, including training workshops and process enhancements.
Impact:
Our efforts substantially enhanced the client’s resilience and reduced its cyber risk exposure by:
- Discovering over 2,500 previously unmanaged endpoints.
- Deploying approximately 2,000 critical patches across vulnerable systems.
- Removing dozens of high-risk, unauthorized third-party applications from thousands of endpoints.
- Customizing Tanium to support effective patching, change management, and performance monitoring.
- Developing training for key IT and information security leaders.
Resulting business benefits:
Our client confirmed significant gains, including:
- Strengthened cyber resilience and reduced risk exposure, ensuring alignment with regulatory compliance requirements.
- Enhanced readiness and response capabilities against future cyber threats.
- Increased operational stability, thereby minimizing downtime risk.
- Support for a higher company valuation in preparation for an upcoming liquidity event.
The engagement was co-led by Kristofer Swanson, CPA/CFF, CAMS, CFE, and Aniket Bhardwaj, GREM, GCIA, GNFA, GCFA; with invaluable assistance from colleagues including Carlo Lakay, Max Mantius, Steffen Otto, and Elizabeth Sieber.
CRA’s Forensic Services Practice advises on the prevention, detection, and correction of a broad range of risks and potential misconduct, helping companies to reaffirm their commitment to integrity and exemplary corporate governance. Other recent engagements have included responding to cyber incidents, investigating allegations of theft of trade secrets, serving as monitors in information security and privacy or theft of trade secret matters, and providing expert witness testimony in privacy-related litigation.