Use Case: Real Estate
CLIENT Real Estate
In 2017, this publicly listed property development and investment company recorded revenues of over $600 million. Founded 110 years ago, the $2 Billion Hong Kong headquartered company develops upmarket real estate projects, creating homes reflecting the philosophy of lavish and modern living.
Insider threat and disgruntled employee behavior
Defend sensitive client data
Sophisticated and intelligent attackers
As many of its clients are extremely wealthy and prominent members of society, the Company understood it was a high value target for attacks. As a real estate investment trust, the Company also manages its own intellectual property and critical data, and a failure to manage attacks could lead to financial, legal, and reputational damage.
In February 2018, the Company was alerted to emails sent to its HNW customers with the right fonts and logos but included malicious links and attachments.
After conducting a cyber exposure assessment, CIH identified the specific threats:
- A disgruntled employee had obtained access to personal information of its Board of Directors, 102 high net worth customers and info for 36 property deals in the pipeline.
- Working with a syndicate, the employee targeted HNW clients of the Company for ransom and said ‘If you each pay us $2 Million we won’t release your bank details and highly sensitive personal information on the Internet’.
- Leaked source code of internal company application. The employee knew where the weak points were in the Company’s network, what software it was using and obtainedhighly sensitive information, such as proprietary code, client and prospect information.
Using the forum post and added context, CIH worked with the Company which was conducting an internal investigation. The investigation correlated user access and other identifiers to detect and stop the perpetrator from doing further damage.
The Assessment solution proved to the organization that its legacy monitoring tools and perimeter defences offered limited protection. After analysing an array of solutions available in the marketplace, the Company subscribed to the Monitoring service for ongoing, robust protection. The platform was implemented in March 2018, and included:
- Quick and easy implementation
The Company found the alerts that CIH sends to its’ IT Team and Security staff relevant and well received. The notifications are cleanly designed, simple to understand and actionable. This increased engagement with its Exec team and both internal staff and clients which took action quickly to mitigate subsequent threats.
- Knowledgeable, Effective, Compassionate Customer Service
Our team is known within the industry for its high service standards. We use simple everyday language when addressing customers’ needs – after hours with a question about an alert or an in-depth assessment.