How we helped
A large global retailer suffered a high-impact network breach that resulted in a costly extended outage and ongoing investigations.
After the initial assessment had been resolved, the executive team asked AlixPartners to investigate the response as well as the level and capabilities of cybersecurity. What they wanted to know was whether risk had been managed appropriately.
AlixPartners was brought in independently of cybersecurity, working with the internal audit team to provide an independent view and recommendations. Our approach encompassed a mixture of questionnaires, business-focused interviews with executives, technical interviews, document assessments, as well as working with other risk functions. We reviewed the incident, controls, and process that had allowed the attack to succeed, as well as the responses.
Through interviews and artifact analysis, we were able to create a timeline of the incident with failed or missing controls showing multiple missed opportunities to prevent the attack. Using the National Institute of Standards & Technology Cybersecurity Framework (NIST CSF), we assessed the cyber controls and were able to identify significant weaknesses. Looking deeply at key assets, we demonstrated that the company had been exposed to significant risk, well outside of the risk tolerance. That had to be remedied.
We developed a three-stage remediation plan with immediate risk reduction and medium- and long-term actions to bring assets within risk tolerance. We developed a new structure for cyber and risk management, creating governance over cyber.