Conflict Zone NGO

We were engaged by an international non-profit organization that provides humanitarian support to those living in and/or seeking asylum from conflict zones. This organization, like many other NGOs working in areas of conflict, has significant political enemies — including highly-resourced nation state actors — and found itself under nearly constant assault from technical and social engineering campaigns against their boots-on-the-ground mission.

We performed a comprehensive vulnerability assessment across four of the organization’s international office locations and identified a number of vulnerabilities in the infrastructure that could be leveraged by a resourced attacker. A careful review of the organization’s information security governance program highlighted gaps in operations that allowed these vulnerabilities to originate and persist.

In our comprehensive report and subsequent presentation to that board, we identified the types of vulnerabilities identified, demonstrated how they could be leveraged against the organization, and presented a plan for addressing the issues. Our recommendations focused around maximizing the organization’s current investment in technology — their stack was quite modern, so our recommendations were limited almost entirely to configuration tweaks and other enchancements to their current technology.

Within weeks of implementing our recommendations, our client saw an immediate reduction in the number of successful attacks against frontline staff, as evidenced by the improved reporting and alerting capabilities that were put into effect.