Red Teaming at an Insurance Company
Case Study
> Industries > Financial Sector > Red Teaming at an Insurance Company - Case Study
Case Study: Red Teaming at an Insurance Company
Our client, a top insurance company in the Netherlands, wants to keep up with ever-changing cyber threats. The Security Officers recognize that standard penetration tests aren't covering all the cyber risks.
The Challenge: How to test cyber resilience
The insurance company wants an integrated approach to find weak spots in the cyber security. The organization decides to do a simulated 'real-life' attack with Bureau Veritas Cybersecurity's Red Teaming Assessment.
The Approach: A simulated attack
Together with the insurance company's security team, we perform a Red Teaming Assessment to deeply check the insurance company's cybersecurity. These are the steps:
01
Develop Real-Life Scenarios
We create realistic attack scenarios that insurance companies likely face.
02
Use the Unified Cyber Kill Chain
Our tests go through all stages of a real cyber attack, as described in the Unified Cyber Kill Chain. We check every part carefully.
03
Discover the Weak Spots
We discover new ways hackers could get to the company's most important data.
04
Work Closely with the Insurance Company's Security Team
We use the MITRE ATTandCK framework and worked with the company's security team.
05
Plan Next Steps
After finding weak spots, we provide the insurance company with a plan to mitigate the risks.
06
Improve SIEM (Security Incident and Event Management)
We help the company add new use cases to the Security Incident and Event Management platform (SIEM). This improves threat detection.
07
Train Staff
We train employees of the insurance company to spot phishing emails, a common way hackers get in.
08
Tabletop Cyber Crisis Management Workshop
We run a Tabletop Cyber Crisis Management Workshop to see how well the insurance company handles a real cybersecurity attack.
The Result: Increased Cyber Resilience
Result 1: Priority list of Vulnerabilities
The priority list of vulnerabilities provides a framework for remediation planning.
Result 2: Enhanced Detection and Response
The new SIEM use cases and employee training improve the organization's ability to respond promptly to cyber threats.
Result 3: Improved Incident Response
The client's response teams are better prepared for cyber incidents after the Tabletop Crisis Management Workshop.
Result 4: Roadmap to Cyber Resilience
Our recommendations provide a clear roadmap for strengthening cybersecurity resilience.
Related Services
Red Teaming Assessment
Tabletop Crisis Management
How does your organization perform in case of a severe cyber incident? Find out with Bureau Veritas Cybersecurity's Tabletop Cyber Crisis Management Workshop.
Why choose Bureau Veritas Cybersecurity
Bureau Veritas Cybersecurity is your expert partner in cybersecurity. We help organizations identify risks, strengthen defenses and comply with cybersecurity standards and regulations. Our services cover people, processes and technology, ranging from awareness training and social engineering to security advice, compliance and penetration testing.
We operate across IT, OT and IoT environments, supporting both digital systems and connected products. With over 300 cybersecurity professionals worldwide, we combine deep technical expertise with a global presence. Bureau Veritas Cybersecurity is part of the Bureau Veritas Group, a global leader in testing, inspection and certification.