Bank Opens Door for Potential Breach (case study)
|Asset Holdings: ||$850 million |
|Industry: ||Financial Institution |
|Geographic Footprint: ||9 locations in Kansas City metro |
|Employee Headcount: ||100+ |
Concerned about the potential fallout from a breach, a bank wanted to test how well its branch employees complied with the bank’s information security program.
Our social engineering team posed as one of the bank’s vendors to perform a pretexting/facility breach exercise. Disguised as a vendor, we went into one of the bank’s branches and asked to be admitted to secure locations. Bank employees directed, but did not accompany us, to the branch’s server control room, which included all of the branch’s Web servers, its alarm system and its surveillance system. Our team was also able to move freely in the teller area where the bank kept unlocked drawers of money.
Following the exercise, the bank received a report detailing the pretexting procedures our team employed to gain access to the bank’s data. The report also included suggested policy improvements. Findings from the report helped the bank to strengthen its information security protocol for visitors. We re-conducted the exercise later and found that on the second go-around, branch employees prevented a pretexting-style attack.
Outside users masquerading as authorized users, also known as pretexting, can lead to breaches of confidential information, theft and other cybersecurity attacks. Through our services, the bank heightened its awareness of pretexting and other sources of data loss, potentially limiting its risk of a real-life breach.
Mitigate Your Risks
Learn more about how our team’s comprehensive social engineering assessments help you mitigate threats to your information security.
Copyright © 2016, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.
CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).