An information security review to protect customer data and operations

In 2021, Evinact worked with an investment firm that provides full-service agricultural funds management to assess their cybersecurity maturity and build a more robust and secure environment to align with government regulations and investor expectations. Following this, Evinact was re-engaged in 2022 to perform a follow-up review on the client’s cybersecurity maturity and practices and devise an incident response plan.

The Annual Cyber Threat Report (2021-22) published by the Australian Cyber Security Centre (ACSC) found a 13 per cent increase in reported cybercrimes from the previous financial year. Without a greater focus on cyber security through both private industry, and government, organisations are vulnerable.

For the information security review, Evinact consultants conducted stakeholder discussions to understand the existing state of cybersecurity within the organisation. In addition, existing documentation relating to cybersecurity were reviewed to understand the current landscape. These elements were then measured against the Australian Government’s Essential Eight.

The Essential Eight has been designed to protect Microsoft Windows-based internet-connected networks to help organisations protect themselves against various cyber threats.

For the incident management plan, Evinact leveraged industry best practices and developed a fit-for-purpose plan for the client which aligned with their business continuity and disaster recovery plans.

The work done by Evinact supports the client in helping to prevent and respond to cyber threats. Providing an updated cybersecurity measure to the client, along with an updated set of recommendations to further increase the scoring in the future, re-establishes the organisational preparedness and seeks to address any outstanding identified vulnerabilities.

The incident management plan helps the client to prepare, detect, assess, respond, analyse and resolve information security incidents when they arise. Having a plan ensures that if an incident does occur, the client’s stakeholders will be able to follow a simple and specific set of steps to respond and minimise potential risks and implications of a cyber incident. The client can continue with the confidence of knowing their customer data and business operations are secure.

This engagement was originally completed as GWI.