SITUATION
A sovereign wealth fund that manages and invests in government-owned businesses, including critical infrastructure organizations, tracked the cybersecurity maturity of each asset in their portfolio through questionnaires. The questionnaires reported strong cybersecurity health, but when the companies underwent a penetration test, vulnerabilities were discovered. As a result, the client wanted to address this issue and to support the uplift of cybersecurity maturity across each of the state-owned entities. FTI Cybersecurity was hired to conduct a feasibility study that identified the key themes and issues, both on the technical level and on the macro/business level, that were making it difficult to secure the environment, and to also identify and propose the optimal model and solution going forward to support the state-owned entities.
OUR ROLE
FTI Cybersecurity conducted a thorough interview with numerous state-owned entities, spanning various areas of national and critical infrastructure (water & energy, oil & gas, food & agriculture, environmental services, transport, tourism, logistics etc.). Our interview covered a broad range of technical controls, as well as a section to understand how each business operates and the struggles they are facing when trying to enforce change.
We performed a detailed analysis that compared the technical strengths and weaknesses between the entities, quantified the level of risk to the entities and to the client overall, and overlaid business context onto the technical data to identify the key drivers of success and the causes of weakness. We used the results to propose various models, along with a cost-benefit analysis of each option.
OUR IMPACT
The client received insight into the challenges faced by their entities, and a clear and concise overview that provided a high-level picture, as well detailed entity-level information. Through our translation of technical information into business risks, the client’s top-level executives could view the key themes without being overloaded with technical details. This analysis was then used to provide a justified proposal for the solution and an evidence-supported cost-benefit analysis that can be used to make easy decisions regarding next steps.