Accelerating security in a fast-paced industry

After recovering from a business email compromise (BEC), a global automotive manufacturer realized they needed to shore up their defenses and be better prepared should a more significant incident occur. It was a wake-up call—the incident response effort had exposed key gaps in their IR plan.

While no company wants a cybersecurity event to occur, occasionally the event can serve as a catalyst for the organization to refocus its attention on security and the overall resilience of the company. For this automotive manufacturer, a business email compromise prompted the enterprise to get more proactive about incident response.

Post-breach, they wanted to take the lessons learned and better prepare for the next time the plan was put into action. A key first step was to identify a long-term partner able to help them not only better defend and prepare for future incidents but be at the ready to assist them every step of the way should an incident occur again.

After interviewing a number of incident response consulting firms, this manufacturer chose the team they had come to trust during their business email compromise investigation. They called in the Unit 42 experts to assist them in developing an incident response plan.

The Unit 42 team conducted an in-depth review of the manufacturer’s IT environment, security tools, processes, procedures, and documentation. They identified security gaps as well as incident response plan deficiencies and assisted the company in bolstering its security defenses and building a complete, tailored IR plan to better protect the business. Once the teams were comfortable with the IR plan, Unit 42 tested it through a series of tabletop exercises to better familiarize the teams with the new workstreams and validate that the plan works. The organization viewed the retainer and these proactive services as the beginning of a long-term relationship. This client can rely on Unit 42 to be ready to assist should a future incident occur.

Unit 42 created a “Go Book” for the client that provides information for both Unit 42 and the client on key contacts, processes, and resources, which will help expedite the response to an incident if needed.

A Unit 42 “security advisory group”—including staff from risk management, forensics, leadership, and more— meets with the client team quarterly to perform a security health check, make any needed adjustments or assessments (such as vulnerability scans or penetration testing), ensure the “Go Book” is still up to date, and carry out periodical tabletop exercises.

Thanks to the expertise of the Unit 42 team, this automotive manufacturer is better able to defend against cyberattacks as well as more quickly and confidently respond to a cybersecurity incident. They now have well-defined, documented, and regularly updated processes and procedures plus a team of experts on speed dial who can quickly help in containing, responding, and recovering from cyberattacks.

To learn more about Unit 42, visit paloaltonetworks.com/unit42.

If you’d like to learn more about how Unit 42 can help your organization defend against and respond to severe cyberthreats, visit start.paloaltonetworks.com/contact-unit42 to connect with a team member

If you think you may have been breached or have an urgent matter, please email unit42-investigations@paloaltonetworks.com or call US Toll-Free: 1.866.486.4842 (866.4.UNIT42), EMEA: +31.20.299.3130, and JAPAC: +65.6983.8730