Penetration test for an insurance company

Colonnade is a Luxembourg-based non-life insurance company fully owned by Fairfax and established for a strategic expansion of the Fairfax insurance business in Central & Eastern Europe. It has over 450 employees, with a premium income exceeding 160 million euros.

Colonnade operates through branches in Ukraine, the Czech Republic, Slovakia, Hungary, Poland, Romania, and Bulgaria.

Financial companies are always subject to regulations from national governments within their operating markets and to international industry standards. Conducting regular penetration tests is a mandatory procedure for Colonnade to confirm that client data is protected.

During pentesting, a full set of common pentester tools was used — but the main key to success was manual analysis: interconnecting individual vulnerability exploitation results to escalate privileges and demonstrate practical IT-infrastructure compromise.

The cybersecurity assessment focused Colonnade IT staff's attention on the most critical risks and options for compromising the network perimeter, providing a detailed Technical Report with recommendations for handling the identified risks.

The Executive Report — as the main element — contains recommendations for improving the Information Security Management System: namely, processes and procedures whose implementation will prevent the occurrence of such vulnerabilities in the future.