Client Background
Colonnade is a Luxembourg-based non-life insurance company fully owned by Fairfax and established for a strategic expansion of the Fairfax insurance business in Central & Eastern Europe. It has over 450 employees, with a premium income exceeding 160 million euros.
Colonnade operates through branches in Ukraine, Czech Republic, Slovakia, Hungary, Poland, Romania, and Bulgaria.
What triggered the project launch
Financial companies are always subject to regulations from national governments within the operating markets and international industry standards. Conducting regular penetration tests is a mandatory procedure for Colonnade to confirm that client data is protected.
Solution
An External & Cloud Pentest was performed, including Wireless infrastructure assessment.
Additionally, a phishing campaign, as an element of social engineering attacks, was carried out against the customer’s employees to compromise the company’s cybersecurity protection.
Methodologies
Our pentesting methodology is based on leading standards like PTES, NIST SP 800-115, OSSTMM, OWASP and improved by our own 15 years of experience.
Tools used
During pentesting, a full set of common pentester tools was used, but the main key to success was manual analysis, interconnecting individual vulnerabilities exploitation results to escalate privileges and demonstrate practical IT-infrastructure compromise.
Results
The cybersecurity assessment allowed us to focus Colonnade IT-staff’s attention on the most critical risks and options for compromising the Network perimeter, providing a detailed Technical Report with recommendations for handling the identified risks.
The Executive Report, as the main element, contains recommendations for improving the Information Security Management System – namely, processes and procedures, the implementation of which will prevent the occurrence of such vulnerabilities in the future.
