A team of cybersecurity engineers was brought in by a client in the Mine, Oil & Gas industry to help the company test their CRM system and ensure that the confidentiality of sensitive business information is preserved.
A renowned brand name in the Mine, Oil & Gas industry with operations across many markets, the company wanted to make sure their internal system was secure throughout all their locations and their sensitive data protected.
The company used a famous CRM system that held all their data, communications, classified corporate information, and allowed to manage and sign off on a number of operations in the company. The client engaged our cybersecurity consulting services to make sure the confidentiality of their data was not compromised, prevent breaches and all related risks, and check whether the company’s infrastructure was GDRP compliant.
A team of cybersecurity experts evaluated the company’s internal system in order to uncover potential vulnerabilities. The team conducted penetration testing and found a number of system faults. Our check helped identify several weak spots, the exploitation of which could give access to all data, cause information leaks modifications, and lead to considerable losses financially (GDPR fines) and operationally (frozen payments due to the inability to connect to the payments system), not to the loss of their stellar reputation. One of the weaknesses was due to the fact that all of their files were stored encrypted on a server that wasn’t protected enough, so the files could be reached through their infrastructure.
Relying on our team’s experience and MITREs best cybersecurity practices, we were able to provide recommendations on preventative measures. The full list of vulnerabilities and system weaknesses was provided to the client and to the developer of their CRM system. As a result, our client received compensation from the CRM provider and is now considering switching to another software.