A Chicago-based logistics company with over 750 employees wanted to improve its responses to increasingly stringent customer cybersecurity audits as well as protect its network. They knew if they could respond to customer audits with a strong score, they would continue or increase business from current customers as well as be in a better position to attract new business.
Security audit questionnaires were being sent from each customer to each of the company's current and potential vendors. The responses were a factor in determining whether or not the customer should do business with the logistics company, and therefore impacted the company's ability to grow the business.
Forming a Partnership
The logistics company partnered with BDO Digital to review their points of security controls and provide a baseline rating of their current environment. From there, the logistics company and BDO Digital worked in partnership to devise a plan-of-action to close the gaps and improve their overall security posture.
BDO Digital started by discussing the network and working with the customer to define a sampling approach to vulnerability assessment. The analysis included workstations, servers, network devices, external-facing systems and web applications.
Exposing the gaps
BDO Digital’s vulnerability assessment offering identifies and verifies technical security holes (vulnerabilities) in a computer or network. The issues identified were gaps the software developer was not aware of until after being published. Common examples of vulnerabilities are accessing data without the need for a username and password (authentication). Some vulnerabilities have known exploits publicly available that can be used by anyone from “script-kiddies” to nation states to attack a network or system.
After initial discovery, BDO Digital’s ethical penetration testing team analyzes and tests the vulnerabilities to determine a real risk severity rating. The result is a risk rating backed by a BDO Digital as a security professional services firm.
Securing your Website
The logistics company wanted to include analysis of their public-facing web applications. BDO Digital used a network vulnerability assessment to review how the web application responds to various types of attack attempts.
To start, BDO Digital tested for vulnerabilities published in the “OWASP Top 10.” The Open Web Application Security Project (OWASP) is a not-for-profit charitable organization focused on improving the security of software. The organization publishes the most common vulnerabilities found in web applications worldwide and provide this list as a public service to help all web developers and security professionals protect new and existing web applications. Beyond the OWASP top 10, BDO Digital tested for thousands of known web application and website vulnerabilities. After compiling a master list, security experts compare the results with what type of service or information the web application is storing or providing.
Gaining Visibility and Moving Forward
The results of the vulnerability assessment were eye-opening. The logistics company previously had no visibility to the critical vulnerabilities and risks. BDO Digital's reports provided clear detail to fix the issues that were found.
The results of the vulnerability assessment made BDO Digital and the logistics company start to question what other areas of their security program might be a high risk. For example, most details of their security and network architecture were still unknown.
With the foundation for a stronger security posture in place, strategic initiatives such as starting a routine vulnerability management program as well as implementing compensating controls and hardening have begun. The value of BDO Digital’s managed security services were also discussed.
BDO Digital’s security practice helps many customers in many industries identify and treat cybersecurity and compliance risk. This logistics company is one of many organizations on its way to minimizing risk with the help of BDO Digital.