Finance: From Pen Testing to Constant Cyberattack Simulation
Proving how traditional pen testing was insufficient compared to our constant attack stimulation to find unknown vulnerabilities.
US & Canada | Financial Services | B2C
- Company size: 1,000 – 5,000 employees
- Service: Digital, physical and social attacks
- Client debt resolved: £10 billion+
- Client since: April 2024
Overview
Our client is a fintech company that has helped their customers resolve over $10 billion worth of debt, helping them control their finances.
After consulting with the Head of Governance, Risk and Compliance (GRC), the client recognized that their existing approach to pen testing was failing to identify vulnerability gaps within their estate. They could see a clear advantage in adapting their approach to CovertSwarm’s constant cyberattack simulation across their entire attack surface.
Challenge
The client was focused on just covering their compliance objectives and soon realized that their current pen testing was not discovering or addressing unknown risks within their estate.
Objectives
Replacing the traditional pen testing approach with CovertSwarm’s constant cyberattack service to better discover unidentified risks, whilst simultaneously meeting all of the compliance objectives.
Their primary asset and main concern was the client database, which contains significant amounts of personal identifiable information (PII), including names, financial data, housing details, background information, etc.
Our Approach
CovertSwarm began its service with a comprehensive Open-Source Intelligence (OSINT) review of all externally available information about the client.
Through this process, CovertSwarm has initially discovered more than 2000 potential areas of attack, which was then narrowed down into 10 focused attack plans.
The Results
- In collaboration with the client’s IT team, CovertSwarm created a priority list of vulnerabilities, starting with the most critical ones.
- The first target was the client’s mobile applications, where initial attacks from CovertSwarm uncovered exposed infrastructure that should have remained private and helped the client to promptly address and remediate these issues.
Conclusion
We demonstrated to the Head of GRC that their previous pen testing and compliance approach was insufficient. Exploring and adopting the CovertSwarm method has made their company more resilient and secure, providing more visibility over the unknows.
CovertSwarm successfully replaced their compliance-led pen testing approach with the threat-led approach carried out by our team.
After just three months working with them and with tangible results achieved towards their cybersecurity posture, the client was happy to become a reference when needed.
Insights from the SWArm mind
Radical thinking and constant research inform all we do. Think ahead with shared intelligence from the CovertSwarm experts.
Beware of Recruitment Scammers Impersonating CovertSwarm
Beware of individuals impersonating our company to issue fake job opportunities and associated offers.
CovertSwarm welcomes Nick Dibbern as Chief Financial Officer
CovertSwarm has announced the appointment of Nick Dibbern as Chief Financial Officer, joining the executive team at a time of significant growth and bringing extensive experience…
James Dale joins CovertSwarm as Head of Adversarial Simulation Testing
CovertSwarm is proud to announce the appointment of James Dale as its new Head of Adversarial Simulation Testing.