Risk Crew Case Studies
Risk Management – Security Awareness Training
We conducted security awareness training through Risk Crew’s eRiskology platform for an international automotive parts distributor. It was a 3-year, organic program applying simple, intuitive, personal multi-media messaging through 4 harmonised “pathways”: Inspire, Empower, Engage and Measure.
Pathways were designed to measure existing and changing awareness states by capturing key performance indicators collected to confirm & measure cultural change. We leveraged social engineering activities to collect phishing and telephone pre-texting KPIs. By the end of the 3-year engagement, the assessment pass rate increased by 140% and the organisation is working towards ensuring organisation assets remain safe and protected from threat actors.Learn more about the service
Governance, Risk and Compliance
Red Team Testing
A major United Kingdom-based retail banking organisation that provides a wide range of personal, business and wealth management financial services identified an immediate need to ensure that their physical, information and cyber security controls could withstand a “real-world attack” from current cyber criminal threat actor tools and methodologies.
The organisation required efficacy confirmation of the Information Security Management System (ISMS) deployed to protect the information assets they processed, stored and transmitted. It was imperative that the effectiveness of all the controls implemented in their business processes, staff, facilities and IT systems that prevent unauthorised access to their sensitive data be verified as “fit for purpose”.
Risk Crew designed and delivered a comprehensive Red Team security test in response to this requirement. The testing took place over 3 months and comprised the collection of Open-Source Intelligence (OSINT) associated with the customer, their business processes, staff and operating locations.
The testing resulted in identifying numerous and significant security flaws, which were easily exploited and allowed unauthorised access and data exfiltration which had not been identified in previous security audits or tests.Learn more about the service