Case Studies For Management

Security Auditing

This section highlights the importance of information security and independent security audits for managers and business directors. Today many corporations hesitate to outsource IT security services and rely completely on the local IT department. This approach might affect negatively on the business, as security evaluation should be always independent not to create a conflict of interest. Security auditing should also be performed by certified and experienced professionals, which is not always the case with local IT staff.

The following Case Study illustrate our experience in just how dangerous a negligence in IT security can be and the enormous risk companies really do face today.

Case study: False Economies Lead to Losses

Convinced by their IT department that their computer systems were well protected from malicious attacks - and believing their money could be better spent, a West European Bank decided to make savings by not investing in external IT security services such as independent security audits and penetration tests.

Security audits were left to their own IT department who were systematic in reporting the high level of protection of all their systems to their top management. They also made flattering monthly statistics on successfully averted attacks and prevented frauds.

At one point, newspapers headlines abruptly warned bank management about scandalous thefts of money from a number of accounts. Though a few complaints had been received from customers previously, nobody had paid sufficient attention to them - because the IT department had systematically reassured management of the totally foolproof bank security systems. However, an independent security experts investigation revealed that several years before, hackers had actually penetrated their systems. For a period of time they had simply collected internal information concerning bank accounts, credit card details, top bank management email exchanges, and others.

The sum of losses proved to be dramatic, causing serious financial damage and bringing the bank to the edge of bankruptcy. Adding insult to injury, hackers also published the very personal letters of some of the top managers, distributing them throughout contacts stolen from their address books. The trust carefully developed between the bank and its clients over the years was shattered and their reputation was almost destroyed. The decision to make savings and delegate IT security management and evaluation entirely to the local IT department proved to be a very destructive idea.

Solution

To minimize IT risks and prevent security incidents High-Tech Bridge strongly recommends to perform an independent security audit by a third-party at least twice a year.

Security audit is the most efficient method to to discover, understand and remove existing IT threats and risks.
This approach can eliminate conflict's of interests when security testing and evaluation are both driven by the company's local IT department.

Please contact High-Tech Bridge or request a call back to get a personalized security audit offer within the next 24 working hours.