Real-World Cybersecurity Success

Explore Neko Security's Case Studies and see our proven cybersecurity solutions in action. From advanced threat detection to robust security infrastructure design, these stories demonstrate how our specialist team delivers tangible results. Discover how we protect businesses from evolving cyber threats with our expert-led approach.

CLlENT

The client is a national retailer with multiple brands, stores located across Australia, and a thriving web business. This retailer faced continual challenges from cyber attacks. Their retail stores were regularly the victims of ransomware, forcing them offline for over three days each time to rebuild their systems. Furthermore, the web store suffered from account compromises, which resulted in unauthorised access to the order processing and customer records. The financial impact of these ransomware events was significant, stemming from the loss of sales whilst the stores were down, the resources and time required to rebuild them, and also the lost staff hours. More concerning to the business was the potential for future loss of sales. Operating in a highly competitive specialty goods business, the retailer understood that a lost customer, especially to a competitor, results in a long cycle for them to return.

CHALLENGE

With a high cost of doing business, a lighlty resourced IT team, limited centralised management, and a large national footprint, the retailer struggled to address the cyber security gaps. They did not know where to start in addressing the gaps and risks.

The retailer faced persistent and escalating cyber threats.

• Frequent Ransomware Attacks: Retail stores were regularly crippled by ransomware, leading to system rebuilds and an average downtime of over three days per incident.

• Web Store Breaches: The online store suffered account compromises, resulting in unauthorized access to sensitive order processing systems and customer records.

• Significant Financial & Reputational Losses: These incidents caused substantial loss of sales, high costs for system restoration, and lost staff productivity. There was a major concern regarding future sales decline and customer attrition to competitors.

• Operational Constraints: The company grappled with a high cost of doing business, a thinly stretched IT team with limited resources, and a lack of centralized IT management across its large national footprint.

• Lack of Visibility & Direction: There was an inability to effectively identify attack vectors and security gaps due to limited and non-centralized logging and monitoring. The IT team was unsure how to begin addressing these widespread risks.

• Budgetary Pressures: Solutions needed to be cost-efficient due to tight margins and high operational costs.

SOLUTION

Neko Security developed an approach whereby a cyber security assessment, across the business landscape, provided the business with clear insight into the key risk areas. This informed the recommendations and solutions inline with all business requirements.

Our comprehensive approach included:

• CYBER SECURITY ASSESSMENT

The Cyber Security Assessment was conducted over a two week period and covered the retail store environment and the office environment. All aspects of the business security were assessed. The team at Neko Security managed and conducted the assessment with minimal impact to the business and the internal IT team. Initial findings and observations were clarified with the business to ensure accuracy. The final report detailed the risks and recommendation to address them. Quick wins, such as Microsoft M365 secure configuration were implemented immediately to improve security. the quick to deploy tactical solutions, provided through Cisco technologies were applied to prevent the key risks related to phishing & ransomware, amongst other security benefits. Further tactical recommendations and strategic, longer term items, set the roadmap for future and ongoing maturity improvements to protect the business and customer data.

• PHISHING PROTECTION

Phishing was the main entry point for ransomware and account compromise. Phishing protection was limited to Microsoft M365 out of the box configuration which is very permissive. Neko Security configured M365 to be more secure and implemented Cisco Email Threat Detection that leverages more advanced threat intelligence to prevent Phishing attacks that Microsoft misses. Cisco Duo phishing-resistant identity & access protection was used to both protect accounts, and provide an easier way for retail staff to access the systems they needed. More secure Yubikey tokens were used to add a simpler and more secure layer.

• RANSOMWARE PROTECTION

Ransomware attacks were the most impacting to the business and were the key priority to address. A further layer of phishing protection, and malware command & control was implemented via Cisco Umbrella Security. This protected user internet activity, and was extended to cover malicious, suspicious, and porn sites, which were important for retail stores.

• THREAT RESPONSE

Ensuring someone was watching for threats, Neko Security provided their 24/7 Threat Monitoring & Response service. This service took all of the data from the Cisco solutions, Microsoft M365 activity and correlated the information to detect threats. Neko Security's SOAR was configured to direct rapid action upon a new threat.

TECHNOLOGIES USED

• Microsoft M365 (Secure Configuration)

• Cisco Email Threat Detection

• Cisco Duo Identity & Access Protection

• Yubikey Tokens

• Cisco Umbrella Security

• Neko Security's SOAR Platform

• Splunk-based Automated Analysis & Response System

• Cisco Meraki (for an extended secure national network project)

"Small Robot and Neko Security team have become a trusted partner and key technology advisor for our retail business. Their assistance has gone beyond consulting with their team providing invaluable hands-on technical and security assistance. As a result of their work and guidance, our business has become leaner, smarter and more secure. Users are happier with their day to day systems experience and not needing to remember multiple passwords. Of course it is great that we no longer have ransomware interrupt our business."

John Maxwell

CEO