Language change icon for desktop
English  |  Dutch  |  French
/ / Business Consulting

Cyber Resilience Program

/ / Customer Challenge

A top tier US Bank was concerned that their Cyber Resilience capabilities for Response and Recoverability of their critical LOB services were insufficient to meet the increasing risks of Cyber Security exploits considering Ransomware, Malware, Denial of Service, Software Vulnerabilities, Supply Chain Compromise, and Insider Threat scenarios. The client required a holistic view on the recovery and resilience profile of 500+ individual business applications and dial-tone technology services supporting their critical lines of business, and a repeatable set of Cyber Resiliency Assessment, Disaster Recovery Testing and Training capabilities.

/ / How Synechron Helped

Synechron provided a small team of consultants across the US and UK with combined deep infrastructure, application architecture, DevSecOps, security architecture and enterprise risk management experience to design the applicable controls, assessment framework, data model, and execution approach. We used our Application Risk Assessment framework, combined with the bank’s Technology Control Framework, NIST 800-53, and industry Better Practices across Architecture & Operations. The result was a complete methodology for executing full-or-partial Cyber Resiliency assessments with targeted control statements, validation criteria, and evidence-driven assessments designed to minimize impact on application owners.

Cyber Resiliency assessments were ran over a 6 month period, scaling to 500+ application assessments and their employed IT infrastructure platforms. A small team of experienced assessors worked across each Line of Business, leveraging existing documentation, evidence and artifacts collected across the organizational CMDB, SDLC Tollgates (Permit to Build, Permit to Operate), ITSM, CI/CD Tools, and their existing BCDR documentation and exercises. Application profiles were built in advance to provide a ‘low-touch’ assessment that avoided unnecessary disruption of application development teams, enabling a target goal of <15 minutes for the use of each individual application owners’ time.

Each assessment was data warehoused for analysis and correlation of themes, root causes, and gaps in control implementation that could be visualized by senior leadership and effectively prioritized with investment constraints.

Additionally, a roadmap of improvement on existing DR exercises, tabletops and training was developed, emphasizing the modern implications and effects of Cyber Scenarios, lateral movement, and data theft.

/ / Results
  • A repeatable framework and factory approach was built that could scale a 100+ cyber resiliency control statement assessment to 500+ critical business applications within the required timeframe
  • Analytic tooling was built that could cover evidence-driven assessments for Cyber Resiliency and be adapted to other Risk Assessments
  • Education and acceptance across Business Continuity and Disaster Recovery leadership around key enhancements needed to bridge the gap from traditional Disaster Recovery to recovery from Cyber Exploits
  • Enhancements to existing Technology Control framework, Architectural Standards, and Backup and Recovery strategy to accommodate for improved Recoverability from Cyber attacks
  • A prioritized list of actionable gaps and recommendations across IT service provider teams and Application owners, netted against existing organizational improvement programs

Interested in joining us?

See our current openings

How we’ve helped our clients achieve their transformation goals for other large-scale, global programs