Flore Albo is a boutique cybersecurity consultancy focused on solving the complex organizational problems that make companies vulnerable to attacks.
A Fortune 500 Financial Services Client based in New York suffered a breach in a regional office located in the Midwest. The central corporate organization was receiving mixed messages about the cause of the breach. The Board of Directors was concerned the right leadership was not in place regionally to handle the post-breach fallout and reporting requirements, as well as future programs meant to address the root cause of the breach.
Flore Albo conducted numerous, detailed remote interviews with cybersecurity, physical security and technology staff both in New York and the Midwest. Some of the interviews were under confidentiality agreement as to allow the employees to speak freely to inform the decision making process. Flore Albo discovered a highly capable team of security professionals with strong communications skills had been reassigned to a security review for a new application being built by a line of business. These team members were not only able to provide a better and more accurate representation of what happened in the breach after reviewing information from the core investigators, and were able to accurately portray the organizational difficulties taking place at the firm.
Flore Albo recommended the line-of-business team be elevated within the organization to provide governance and communications assistance to other cybersecurity functions, under the auspices of a central cyber risk committee, which in turn now reports to the company’s board of directors directly.
Clients of a large Midwestern real estate company suffered 20 successful incidents of wire fraud at home closings within a three-month period. First, Flore Albo engaged two experienced real estate wire fraud investigators from our network of thousands of top cybersecurity contractors. The incidents resulted in litigation threats and negative reviews by the affected clients, some of whom blamed their realtors for the compromise.
Through their work we determined the incidents of fraud were random and the result of compromised accounts at third parties, such as accountants, bankers, attorneys and servicers, and not the result of compromise at the real estate company.
Flore Albo then organized an informational email campaign and launched it across the firm’s network of third-party service providers. Though challenging to compile lists of common service providers for hundreds of independent realtors, the campaign garnered a positive response from the recipients, many of whom reported unsuccessful wire fraud attempts against their email accounts, as well as pervasive phishing attacks.
Flore Albo also prepared digital and hard assets realtors could use to further inform their clients about the risk of wire fraud.
With this new awareness, the company only had one successful wire fraud attempt in the following quarter; with none reported so far this quarter.
A CIO working for a private equity fund was tasked to create and manage an entire cybersecurity organization from scratch. Having only experience in the application development side of technology, he was inundated by vendors and confused by the lack of ratings systems or reviews for specific security products.
Flore Albo conducted a high-level cyber gap assessment using the NIST framework, as well as a list provided by the CIO of the company’s most valuable assets, processes and tools. Simultaneously, Flore Albo conducted double blind background interviews with executives of companies of similar size and scope to determine the most commonly used frameworks, organizational structures and vendors used by those companies. Using both, we were able to create a 30-day benchmark of existing gaps versus competitors.
Next, we created a program of outsourcing the fund’s cybersecurity program to managed service providers, with a focus on using service providers already under contract by the company. We fully documented the cybersecurity program framework, and are currently under contract to virtually manage the rollout of the new program, including all projects and deliverables, but with the goal of creating a program that can be managed internally once a CISO is hired full-time.