EXL improves cyber threat management for a leading pharmaceutical and consumer products organization

EXL improves cyber threat management

for a leading pharmaceutical and consumer products organization

EXL improves cyber threat management

for a leading pharmaceutical and consumer products organization

Introduction

In 2022, a large healthcare company engaged EXL to assess its current state of cybersecurity risk and threat management capability, as well as gaps in its cybersecurity practices. The company was looking for a cybersecurity partner to review and enhance the existing threat management audit program to help improve effectiveness of the audit program while identifying new and emerging risks. With its domain and compliance experience, EXL’s cybersecurity risk service offering was chosen to help the company create a roadmap to optimize the client’s cyber incident prevention and management audit strategies.

Challenge

The healthcare company had originally outsourced its security operations center, limiting transparency and insights surrounding cyber threat behaviour and management. Its lack of in-house cybersecurity domain and compliance expertise had prevented an effective evaluation of any existing gaps in its cyber security practices, as well as ongoing cyber risk assessment. The client wanted a highly skilled global company to help achieve its cybersecurity assessment goals including best practices and proactive protection – and a company that could deliver a scalable cybersecurity environment at competitive cost.

Solution

EXL leveraged multiple industry leading frameworks to design a customized framework which was aligned to the customers’ distributed and heterogeneous technology environment. We began with the following four-tiered, end-to-end strategy design to detect, protect, monitor, and, when necessary, respond to cyber incidents.

Frameworks leverage

EXL’s CSAF Framework
NIST – Cybersecurity Framework
ISO 27001 – 2013
SANS – CIS Critical Security Controls
FFIEC – Cybersecurity Assessment
COBIT 5

Model threat behavior to analyze and detect vulnerabilities

Through cyber risk analysis and threat modelling, EXL was able to create cyber threat intelligence profiles while also defining best practices for intelligence distribution and sharing.

Protective technology review

With extensive domain experience, EXL was able to conduct a protective technology review to select tools for boundary protection and network scanning, patch management and remote access monitoring and authentication.

Threat identification and mitigation

EXL identified a way forward for full network traffic behavior monitoring systems, as well as external partner connection monitoring, and vulnerability assessment and penetration testing.

Incident management, response and recovery

EXL suggested a proactive cyber incident response process, including cyber forensics and employee awareness training to build on key learnings from cyber incidents.

Outcomes

Actionable outcomes utilizing industry best practices and EXL’s expertise to find and create a strategy for addressing any issues

Highlighted significant issues for security threat management and risk management

Addressed reporting and accountability issues that could create cyber risks across multiple groups

Determined configuration issues in border protection devices such as border router, interfacing firewalls

Remedied a lack of appropriate standards and procedures regarding the general administration of critical systems

Created a roadmap for continuous training and awareness exercises for cybersecurity threats that had been limiting the team’s ability to adequately assess cyber risks