Skip to main content

Taking flight as a more cyber-ready organization

Aviation services company repels widescale attack, undertakes broader transformation focused on cyber resilience

Securing Success in the Skies

The starting point

Lives are regularly on the line for one growing aviation services company that operates around the world. Supporting customers in a wide variety of industries and locations, the organization moves people, critical supplies, and other assets to where they need to be. Whether it is helping first responders get to remote places, delivering life-saving medicines, or simply transporting customers during the last leg of a journey, the company puts safety at the center of its operations and services.

But when a ransomware attack brought the company’s operations nearly to a halt, that safety was threatened. Around the globe, key systems that the organization relied on—to communicate, to plan, to schedule—became unavailable or unreliable, forcing its employees to find workarounds and quick solutions to support customers’ needs. But those solutions would have been unsustainable beyond a few days. The organization needed to restore its critical systems quickly—to support new customer requests and ensure the ongoing safety of its operations. Rapid cyber incident response and recovery was crucial.

The ransomware attack, however, also revealed an array of gaps in the company’s overall cyber readiness—something that it would have to address so that it would be ready for the next potential cyber incident and become more resilient than before.

Factors in focus

  • Customer safety and service perennial concerns—as well as reliance on systems integrity
  • Scarcity of talent for rapid incident response and recovery
  • Need for end-to-end strategies and capabilities to support future cyber readiness

The way forward

Given the size and impact of the breach, the client sought out the rapid surge support capability of Deloitte’s Cyber Incident Readiness, Response, and Recovery (CIR3) services to respond to and recover from the incident.

Initial focus fell on halting the active ransomware threat while seeking out any additional threat actors or malware that might compromise the aviation company’s systems or data. Deloitte worked closely with the organization to define the path forward during response and recovery—to help determine which systems and data were most important for restoring critical business operations and to rapidly create a detailed plan for response. The collaboration required the company and Deloitte to quickly make decisions on which systems to take offline, which systems to restore, and how key processes should be performed—whether manually or automated, for example.

In addition to deploying CrowdStrike and other tools for incident response and remediation, Deloitte leveraged its tested cybersecurity playbooks and methodologies, as well as a team of over 70 practitioners worldwide to help the organization restore normal operations at eight locations. That team included those in legal, crisis communications, and core cyber incident management, working in unison to establish privilege, to ensure that stakeholders were kept up to date on the event, and to perform the hands-on work of cyber incident response and recovery.

The ransomware was stopped quickly to allow critical business operations to continue. And over the course of the succeeding month, the incident was well behind the company, with all essential systems restored to pre-incident levels. But the organization’s leaders wanted to transform cyber readiness for the entire organization. To do so, they once again enlisted Deloitte’s CIR3 services to define a strategy, establish governance principles and protocols, and select and deploy technologies that would help the company to enhance its overall cyber posture.

To make its transformation vision real, the aviation company worked with Deloitte to assess global incident readiness and security capabilities, identify requirements, and create a multiyear strategy and roadmap. This included using Deloitte’s managed Operate services 24x7 security event monitoring, analytics, cyber threat management, and incident response. Deloitte also helped the organization develop an incident readiness governance framework, processes, playbooks, and technology standards. Also on the technology front, Deloitte worked with the aviation client to build a new global firewall and network architecture, migrate core workloads to the cloud, and deploy continuous threat hunting capabilities.

Today, with the ransomware attack well in the past—and with a transformed cyber incident response, recovery, and readiness posture—the aviation organization can operate with greater levels of confidence and trust, all to support the safety and expectations of stakeholders.


Bryson Tan - Partner, Deloitte Canada

Robert Bloomfield - Senior Manager, Deloitte Canada

Insights to inspire

  • Any new strategies or capabilities for cyber incidents should focus on the three R’s: Readiness. Response. Recovery. 
  • Cyber talent shortages do not always mean that you must limit your ambitions. Outsourcing cyber incident management to a managed security services provider can alleviate pressure on your workforce while providing 24×7 support

The achievements

Let’s talk cyber

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey