A financial institution was subject to repeated attempts to retrieve sensitive information from the CEO’s office.  The client’s team asked our Resilience practice head to review its overall asset protection capability and C-level information protection specifically.  The request also included an assessment of possible threat actors, their capabilities, and methods for future attacks.

The gap analysis identified several opportunities for improvement, including but not limited to implementation of deception techniques, moving from paper-based to actionable incident management, and adjusting available technical protection measures for more proactive monitoring and notification.

Since the completion of the project, the organization has had only one incident related to information protection with no significant impact on its operations, financial status, and reputation.