Cybersecurity Assessment and Remediation Removes Malicious Files and Reduces IT Risk

According to Cybersecurity Ventures, more than 50% of cyberattacks are committed against small-to-mid-sized businesses.

The Challenge

During the due diligence process, a private equity firm discovered the target – a leader in the design and manufacture of packaging products and equipment for consumer and industrial applications – lacked cybersecurity insurance which was a requirement for the deal to proceed. TriVista was brought in to conduct a vulnerability scan of the target’s IT environment and assist in obtaining the necessary insurance. Following the successful acquisition, we continued cybersecurity enhancements and worked to consolidate infrastructure and applications.

Our Approach

As part of the cybersecurity assessment and insurance process, we:

• Worked with third-party vendors and Managed Service Providers (MSPs) to ensure all had appropriate access to the client’s environment
• Installed cybersecurity scanning agents on all servers and client computers
• Initiated vulnerability scan to identify security threats
• Took steps to remediate barriers to obtaining insurance
• Worked with partners to secure cybersecurity insurance

After the transaction closed, we created a roadmap outlining future-state processes, procedures and policies. This included a consolidation of infrastructure and integration, as well as risk mitigation through additional cybersecurity enhancements.

The Results

Through the assessment of 50+ assets in the client environment, we identified 3 malicious or potentially malicious files. One of these files was determined to be a 3-year-old malicious document tied to the Emotet malware family – indicating the client may have been targeted by a sophisticated threat actor in the past.

All high and moderate IT risks were identified and actions were taken to remove malicious applications and files. Applications that required patching were noted and remediated by partnering with managed service providers.

Finally, systems from all divisions within the company were integrated including the network, email setup, user identity management system, and more.