Recovering from a major cybersecurity attack
A major cyber attack shut down a bank’s online system for hours, leaving thousands of customers without access to their accounts.
As the blackout spread, senior executives rushed to understand and contain it. After service was restored later in the day, management breathed a sigh of relief. But despite recovering relatively quickly this time, they felt in the dark about the kinds of vulnerabilities they’d been exposed to, and they knew it could easily happen again. We were asked to help diagnose and prioritize cybersecurity risks, and implement a cybersecurity program to protect the bank and its customers from future attacks.
In 12 weeks we built and implemented a new cybersecurity program
diagnosed current cyber capabilities and gaps using interviews, benchmarking data and software-enabled modeling
redesigned security protocols to match the level of risk in each process or asset
aligned senior stakeholders and business-unit leaders around the cybersecurity vision and implementation plan
worked with business and IT teams to put the new program into action, using workshops to test the new communication and decision-making approach