A construction and real estate conglomerate with over 1,200 employees and 25 business entities with operations in 35 locations.
In 2016, this client recognized the need for a formal security program to ensure the integrity and availability of their data and systems.
With help from Sirius, the client developed a solid foundation for—and implemented ongoing processes to ensure—a strong security program.
Beginning in 2016, Sirius helped the client establish a layered defense strategy focused on employee awareness, processes and technology. The organization took advantage of a wide array of Sirius security program development services. Vendor-agnostic threat assessments were conducted to identify security gaps and provide specific actionable remediation plans for the organization of over 1,200 employees who use a wide variety of computing devices spread throughout 25 businesses in 35 locations. A security management team was developed, a security awareness program was launched, and improvements were made to internal processes such as a routine vulnerability scanning, review of configurations, patch management and more.
The work included a network penetration testing with internal and external attacker perspectives of the client’s systems. Reconnaissance, network and asset mapping, the discovering of vulnerabilities, and manual exploitation to gain privileged access were all tested. As part of this work, Sirius also provided a “Purple Team” exercise, where testing consultants stepped the client’s IT stakeholders through the various phases of the testing processes to show the activities taking place in real-time. This work led to prioritized remediation recommendations to mitigate identified risks and to increase protection of the client’s IT assets.
The results were outstanding; the client reduced critical vulnerabilities by 92%, and risky clicks were reduced by 20%. Heightened security awareness was a major contributor to the results; over 90% of the client company’s employees participate in routine security essentials training. “Security is everyone’s business, not just an IT function,” said the client’s Chief Information Officer. “Sirius was critical to the success of our security program. They are a trusted advisor with the right level of expertise in all aspects of security program development. They are responsive. They understand our culture and they gave us tools, roadmaps and training so we always know what we’ve accomplished and what to focus on next.”