Ensuring Cybersecurity in the face of Business Growth

Case Study
 

Electronic Transaction Consultants (ETC) specializes in information systems for the transportation industry. ETC services three of the top 15 toll authorities in the U.S. and processes over 2 billion toll transactions per year at highly advanced toll authorities.

Requirements

With major business growth occurring, senior management at ETC wanted to make sure that their information security was keeping up with the growth. Protecting company reputation was a board-level concern.

In addition to general information security concerns, ETC was specifically concerned about both phishing attacks and Microsoft 365 breaches. Company management had heard a rash of media reports highlighting compromises of Microsoft 365 via misconfigurations. Given the importance of Microsoft 365 to their organization, they were particularly concerned about potential compromises of their environment.
 

Solution

Initially, Celsior provided an Information Security Assessment program to benchmark ETC’s current security posture and develop a roadmap for improving it. This assessment leveraged the NIST Framework at its core as this maps to all other standards and frameworks—allowing an “assess once, map to many” approach. As part of this, we used a review and an automated scan to identify technical vulnerabilities and identify capability gaps.

To deal with the Microsoft 365 concerns, we also conducted Microsoft 365 log reviews of key personnel to identify subtle indicators of compromise which could escape the automated analysis.

The assessment determined that while technical vulnerabilities were being adequately addressed, gaps still existed from a programmatic standpoint that needed attention.

Result

Celsior worked with the customer to develop a customized roadmap based upon their plans for growth over the next three to five years. This ensures that cybersecurity is “baked in” rather than “bolted on.”

The roadmap also indicated areas where ETC could further enhance their cybersecurity posture by utilizing some advanced features Microsoft offers at a higher license capability. The additional license cost was offset by identified license savings resulting in increased security for roughly the same price as they were already spending.

Based on strong delivery, ETC later contracted with Celsior for a Virtual CISO. They have been very happy with this arrangement and have significantly increased the contracted hours of the Virtual CISO based on the strong value that he has been providing.

Download the PDF version of this case study. For more information, please contact us.