Client company is a large organization that oversees over a dozen K-12 institutions.
The Challenge
In 2020, the United States saw K-12 schools hit by over 400 cyber incidents (more than two per school day). The client reached out to ProCircular to help them begin fortifying their environment against more significant attacks in the future. ProCircular’s engineers performed a complete External and Internal Network Penetration Test to find weaknesses in the network that malicious actors could use to gain access to private information that could harm the public’s trust in the organization if released.
People, Processes, & Technology
ProCircular’s External and Internal Penetration Test is a realistic simulation that identifies viable attack vectors while tactfully evading security defenses and obtaining unauthorized access to an organization’s trade secrets or sensitive data. The assessment relies heavily on Open-Source Intelligence (OSINT). It exploiters weaponization to stimulate a sophisticated threat actor that may likely target you using Advanced Persistent Threat (APT) methodologies.
Our Penetration Testing Process:
- Project Kick-off Meeting – confirm the goals, scope, and schedule of the project
- Virtual Social Engineering (Phishing/Vishing) – customized assessment to determine the security awareness and accountability of staff
- Automated vulnerability scanning and validation for low hanging fruit
- Manual testing for weak network configurations that can allow for exploitation or privilege escalation
- Final Report – critical findings and prioritized remediation roadmap, delivered in a meeting with the project engineer to provide clarity, as necessary
Results
During the penetration test, ProCricular documents critical cyber risks and creates a prioritized task list of remediation measures. The report includes a quantitative measure of your cyber risk to gauge your progress over time. The report is delivered by an engineer with expert insight into today’s most significant threats. ProCircular’s reports are designed to be highly digestible by upper management, with additional technical details available to help lead remediation.
After the engagement, the client had increased knowledge of risks and visibility into their environment. The company implemented ProCircular’s recommendations to strengthen their security posture and protect their own data as well as the client’s data. The client’s internal IT team is on the lookout for indicators of compromise and they know the process for dealing with security incidents.
Cost Summary
The client paid roughly $80,000 for penetration testing that covered all of the districts overseen.
Preventability
ProCircular identified and helped remediate issues that could have led to data exposure or ransomware attacks, affecting the organization’s reputation and leading to tens of thousands of dollars in recovery costs. We also identified weak login portals and legacy systems and exploited weak Active Directory configurations that led to unauthorized access to sensitive data and systems.
About Us
Proudly serving Iowa, Minnesota, and the entire Midwest, ProCircular is among the nation’s best penetration testing companies. Our full cybersecurity penetration testing process provides an in-depth look into the current security of your internal and external networks.
Our ethical hackers are committed to identifying vulnerabilities throughout your network and delivering actionable recommendations to strengthen your organization or school’s security posture.
