The security department of a critical government institution was struggling to gain traction with its board of directors on the need to have an effective insider programme to complement their already strong cyber defences. They brought Blacksmiths in to demonstrate how cyber defences can be undermined from within through the use of a recruited insider and a technical attack.
The team identified a suitable insider through open-source research and held simulated meetings with this individual. These exercises provided sufficient understanding of the institution’s network to gain access to sensitive board-level material.
The security department was able to use the evidence produced by the simulation to raise the board’s understanding of the need to establish effective physical and personnel security measures in order to maintain cyber security of staff. The exercise also highlighted to the department that they had not previously recognised that staff cyber security represented a threat to the organisation’s secure network.
Blacksmiths' team of insider risk experts specialise in providing insights into threat actor motivations and methodologies to enable you to understand where to prioritise resources and protect your most valuable assets. Contact us at firstname.lastname@example.org to learn more.