Our client is a multinational private equity firm holding substantial investments in various entities stretching all over Europe. Growing through multiple mergers with other firms saw a moulding of multiple infrastructures, teams and processes.
Working with the private equity firm presented two clear challenges:
- The Corporate Environment – With various infrastructures now working within the same corporate network, multiple vulnerabilities became apparent requiring a concise and focussed resolution plan to be created. Additionally, there were multiple standard training programmes requiring a replacement with a single solution.
- The Portfolio – By constantly growing their investment portfolio, there was a prevalent danger of investing in entities without a structured approach to information security. Such risks could also have significant financial and reputational implications.
CyberCrowd were initially able to conduct a security posture review of the corporate environment as a whole. This report highlighted all of the shortcomings that were identified and provided a concise remediation process for each individual issue. By using our team of specialists, we were able to assist in implementing various policies, controls and training programmes. We were then able to work with our client to undertake penetration tests, vulnerability assessments and social engineering simulations to ensure such issues were indeed resolved.
With regards to the portfolio, the initial approach was to undertake a security posture review for each of their investments and then deliver a process resolving these issues. Once the portfolio was seen to be in line with the firms risk appetite, a process for undertaking cyber security due diligence process for all new investments was initiated. In doing so our client was able to ensure, maintain and enforce the correct security controls right across their portfolio.