Following a ransomware attack, a pharmaceutical company approached us, requesting that we work with them to develop a cybersecurity strategy, policies and solutions that would both address the immediate threat and offer future protection.
Rapid testing and assessment
Our client is a global pharmaceutical bio-sciences company that also does research and laboratory testing. During the COVID-19 pandemic, their work was part of the vaccine rollout in the United States. In late 2020, the company experienced a ransomware attack that left a sizable portion of their testing and lab facilities unavailable.
When the company approached us following the ransomware attack, we engaged in a rapid and iterative process of testing and assessing their cybersecurity defenses. As weaknesses were discovered, we were able to quickly deploy controls, not only to help them resolve the immediate attack, but also to implement prevention processes and technologies that would help the company in the future.
Building more effective cybersecurity
In addition to helping our client address the cybersecurity gaps exposed by the ransomware attack, we also helped them discover other vulnerabilities. Most importantly, we performed a digital forensics examination on some systems that were potentially compromised but where the threat hadn’t yet manifested.
Because ransomware attacks often happen slowly over a period of days, weeks, or even months, the threat actors have ample time to uncover all the weaknesses or vulnerabilities in an organization. While this initial approach is underway, they will take advantage of any weaknesses and spread laterally within networks, accessing as many systems as possible, and increasing their chances of success once they launch the actual attack.
As a result, ransomware attacks often result in successive waves of issues and problems, because while the targeted organizations may have responded to the obvious threats, they may not have resolved the underlying security weaknesses. In addition to creating an effective barrier protecting our client against threats, we deliver ongoing 24/7/365 monitoring and response capabilities which range from detection and response all the way to digital forensics.
Supplying a wide range of services
In addition to increasing our client’s detection and response capabilities, we have also given them that additional layer of protection so if there is a breach, we can investigate it and find all the areas where an attack could have spread before severe problems emerge. Our combination of vulnerability detection and extended detection and response has allowed this company to clean up their immediate problems while also preventing any other issues from developing into ongoing threats. We also provided the company with threat intelligence, giving them vital information about the threat actors who had targeted them. This intelligence included access to more detailed information about dark web sources, and the company was able to use that information to prevent further attacks.
CGI’s protection also extends beyond traditional computer equipment and networks: our client operates a wide range of specialized devices, both on premises and in the cloud, including laboratory equipment, bio-informatics processing equipment and laboratory information management systems (LIMS) that are hooked up to specialized hardware. In order to give our client good coverage when it comes to detection and response across these critical systems, we rapidly deployed endpoint and network protection to create layers of protective security.
Our ability to offer security in this highly specialized context has been critical to meeting our client’s extensive cybersecurity needs. We quickly and effectively increased their security posture across a range of facilities and business processes, and the company was so happy with the security work we performed that they subsequently contracted with us to do all of their IT work. Our full range of services, as well as our ability to be agile and nimble, have been a clear differentiating factor for this company.