The aim of this engagement was to test the integrity of Grimshaw Global’s security architecture by attempting to discover and exploit any vulnerabilities on the Grimshaw Global network infrastructure.
Gridware was also asked to determine the likelihood of an attacker gaining unauthorised access to the network.
Background
Grimshaw Global is an international architectural firm which covers all major sectors and has been honoured with over 200 international design awards for its commitment to design excellence. The company’s work is characterised by strong conceptual legibility, innovation and a rigorous approach to detailing, all underpinned by the principles of humane, enduring and sustainable design. The practice is dedicated to the deepest level of involvement in the design of its buildings in order to deliver projects which meet the highest possible standards of excellence. In order to continue delivering meaningful designs that bring value and joy to their clients while implementing the highest level of cybersecurity controls, Grimshaw Global engaged Gridware for a Network Security Penetration Test.
Challenge
Operating globally and employing over 600+ staff comes with significant challenges. One of the difficulties associated with having offices globally means that malicious threat actors are presented with multiple points of entry. In addition, the organisation works with several larger clients who increasingly look for partners/suppliers who share the same level of concern relating to cybersecurity.
Many clients now require cybersecurity reports to be filled out before signing up with the organisation. The IT team needed to make sure they could complete these questionnaires confidently, knowing that they had addressed any vulnerabilities found.
While Grimshaw Global already had some capabilities to assess their own applications’ security, they also needed to ensure that their security solutions are up to industry standards. Grimshaw Global sought an external cyber security vendor in Gridware that could identify any potential security vulnerabilities and offer solutions.
The Solution
The IT Manager established that an annual Penetration Test was needed to assure customers that security was always a focus. In line with best practice, they looked to move to a different provider to ensure that a range of tests were conducted to unearth any new vulnerabilities. The Penetration Testers work completely independently of the account management team, so they have a fresh perspective when undertaking a new test. Prior to the start date the Testing team undertake a project review of the scope to establish what parts of the network need to be tested and any specific timeframes that need to be considered (e.g. out of hours).
The Penetration Testers did a full range of tests utilising the most up to date tools and technology. This included both automated Vulnerability Scanning and manual Penetration Testing.
Once the testing was completed, detailed reports were compiled that highlighted all vulnerabilities present within the network. Each vulnerability was assigned a rating from critical, high, medium or low, allowing the organisation to address any issues in a systematic way, dealing with the most important vulnerabilities first.
Once the client has confirmed that all vulnerabilities have been addressed, Gridware conducts a re-verification test to confirm that all changes have been made correctly.
The Outcome
The whole test was delivered on time and with no disruption caused to the business, which meant the remediation stage could begin immediately. The IT team were keen to address the vulnerabilities in-house as quickly as possible to reduce their exposure to any external threat actors.
The tests have allowed the company to maintain their regulatory compliance and provided added confidence to prospective clients.
