Lives are regularly on the line for one growing aviation services company that operates around the world. Supporting customers in a wide variety of industries and locations, the organisation moves people, critical supplies and other assets to where they need to be. Whether it is helping first responders get to remote places, delivering life-saving medicines or simply transporting customers during the last leg of a journey, the company puts safety at the centre of its operations and services.
But when a ransomware attack brought the company’s operations nearly to a halt, that safety was threatened. Around the globe, key systems that the organisation relied on—to communicate, to plan, to schedule—became unavailable or unreliable, forcing its employees to find workarounds and quick solutions to support customers’ needs. But those solutions would have been unsustainable beyond a few days. The organisation needed to restore its critical systems quickly—to support new customer requests and ensure the ongoing safety of its operations. Rapid cyber incident response and recovery was crucial.
The ransomware attack, however, also revealed an array of gaps in the company’s overall cyber readiness—something that it would have to address so that it would be ready for the next potential cyber incident and become more resilient than before.
Factors in focus
Given the size and impact of the breach, the client sought out the rapid surge support capability of Deloitte’s Cyber Incident Readiness, Response and Recovery (CIR3) services to respond to and recover from the incident.
Initial focus fell on halting the active ransomware threat while seeking out any additional threat actors or malware that might compromise the aviation company’s systems or data. Deloitte worked closely with the organisation to define the path forward during response and recovery—to help determine which systems and data were most important for restoring critical business operations and to quickly create a detailed plan for response. The collaboration required the company and Deloitte to quickly make decisions on which systems to take off-line, which systems to restore and how key processes should be performed—whether manually or automated, for example.
In addition to deploying CrowdStrike and other tools for incident response and remediation, Deloitte leveraged its tested cybersecurity playbooks and methodologies, as well as a team of over 70 practitioners worldwide to help the organisation restore normal operations at eight locations. That team included those in legal, crisis communications and core cyber incident management, working in unison to establish privilege, to ensure that stakeholders were kept up to date on the event and to perform the hands-on work of cyber incident response and recovery.
The ransomware was stopped quickly to allow critical business operations to continue. And over the course of the succeeding month, the incident was well behind the company, with all essential systems restored to pre-incident levels. But the organisation’s leaders wanted to transform cyber readiness for the entire organisation. To do so, they once again enlisted Deloitte’s CIR3 services to define a strategy, establish governance principles and protocols and select and deploy technologies that would help the company to enhance its overall cyber posture.
To make its transformation vision real, the aviation company worked with Deloitte to assess global incident readiness and security capabilities, identify requirements and create a multi-year strategy and roadmap. This included using Deloitte’s managed Operate services 24 x 7 security event monitoring, analytics, cyber threat management and incident response. Deloitte also helped the organisation develop an incident readiness governance framework, processes, playbooks and technology standards. Also on the technology front, Deloitte worked with the aviation client to build a new global firewall and network architecture, migrate core workloads to the cloud and deploy continuous threat hunting capabilities.
Today, with the ransomware attack well in the past—and with a transformed cyber incident response, recovery and readiness posture—the aviation organisation can operate with greater levels of confidence and trust, all to support the safety and expectations of stakeholders.
Insights to inspire
Rapid response and recovery following a global ransomware attack
Restoration of trust for critical business operations
Extensive transformation of incident response, recovery and readiness capabilities—across strategy, governance and technology
24×7 cyber readiness Operate services—delivering critical talent, capabilities and technologies
Greater resilience through an enhanced cyber posture that supports safety and service continuity—for customers and employees
Opens in new window
How will your organisation respond to and recover from its next potential cyber incident? And how will your organisation transform its cyber capabilities to help safeguard your business and stakeholders and build trust from end to end?
Discover how Deloitte’s Cyber Incident Readiness, Response and Recovery (CIR3) services can help your organisation face the future with greater strength and resilience. Contact us to get the conversation started.
Opens in new window