Cybersecurity Assessment for a Leading Bank in a GCC Country

A person sitting in front of the multiple computer screens

Industry

Banking
Fintech

Country

GCC

Type of Service

Cybersecurity Testing
Risk Consulting

Cooperation Type

By Estimate

Project Type

Cybersecurity Assessment

Overview

The client* is a major bank that operates in one of the countries of the Cooperation Council for the Arab States of the Gulf (also known as the Gulf Cooperation Council or GCC). It uses a complex technical and HR infrastructure and is a target for hackers per se, the quick pace of innovation creates a potential gap between the required level of security and the capability to counter such risks.

* We recognize the importance of protecting our clients’ privacy and follow the policies to maintain their confidentiality and security. That is why the company name will not be disclosed.

Challenge

The client needed to evaluate its company’s level of cybersecurity maturity. This required accessing the organization’s technological and human factors to prepare an effective strategy for early addressing and preventing potential risks. It was necessary to provide communication and tools that non-technical top-level managers would easily understand.

Solution

  1. Gap assessment audit to identify and evaluate the current state of the bank’s cyber security posture. The purpose was to identify gaps and vulnerabilities in the security controls with further recommendations for improvements.
  2. Risk management consulting to identify, assess, and manage potential risks that could impact business operations. The goal was to help the bank develop strategies to minimize potential losses or disruptions to its operations, assets, and reputation.
  3. External penetration test to evaluate the security of the external-facing systems and networks from the perspective of a potential attacker. The goal was to identify security weaknesses a malicious actor could exploit to gain unauthorized access to the organization’s sensitive data, systems, or applications.
  4. Internal penetration test to evaluate the security of internal systems and networks. The goal was to identify vulnerabilities and security weaknesses that could be exploited by a malicious insider or an external attacker who had gained unauthorized access to the bank’s internal network.
  5. Phishing attack simulation to evaluate vulnerability to phishing attacks. The goal was to check the reaction and response of the bank’s employees to fraudulent emails or messages that aim to compromise the security of their devices or networks.

Results

  • The client received a roadmap outlining a series of projects to enhance the organization’s cybersecurity defense and the related expense calculations.
  • The cyber security risk map was prepared, featuring 70+ major risks with the estimated cost of potential losses of about $10+ mln.
  • Technological weaknesses were revealed with penetration tests. The recommendations to address all identified vulnerabilities were provided.
  • The importance of the human factor in cyber security was underscored: over 15% of employees fell for phishing attacks. The need for comprehensive awareness training programs was highlighted.

Let’s Start a New Project Together

QA Madness helps tech companies strengthen their in-house teams by staffing dedicated manual and automated testing experts.

Anastasiia Letychivska

Head of Growth

Ready to speed up the testing process?

Ready to speed up the testing process?