January 25, 2018

Security Consulting Success Story with Mogo Financial

Mogo is a leading financial technology (“fintech”) company that helps consumers take control of their financial health. As a result, Mogo is committed to designing and maintaining corporate governance standards for cybersecurity.

In order to ensure that they were adhering to the strict industry standards for cybersecurity, Mogo engaged Herjavec Group to perform a series of security consulting services, including a current-state gap analysis and a web application assessment.

Objective

Ensure that the compliance requirements are followed and potential cybersecurity risks are identified as part of the client’s security posture assessment.

 

Method #1

Perform a current-state gap analysis to determine any gaps, according to ISO or NIST security frameworks.

Method #2

Conduct a web application assessment to identify weaknesses in web applications and identify the areas of security where best practices have not been utilized.


Current-State Gap Analysis

Recently, Mogo engaged Herjavec Group to perform a current-state gap analysis on their network. This analysis reviews the different layers of the client’s security posture, in order to expose flaws and potential risks to the executive team.

The assessment begins with the Security Consultant gathering information through interviews with key stakeholders and performing a documentation review for all policies, procedures, employee training, etc. that the customer has in place for security governance.

Once the gaps have been analyzed and reported, the Consultant provides an executive summary of the gap analysis as well as a detailed roadmap for remediation and targeted action plan. 


“From our board of directors to our front-line staff, everyone is talking about security on a daily basis.”
— Mike Stevenson, VP of IT Infrastructure & Support

Web-Application Assessment

Herjavec Group also performed a web-application assessment for Mogo. Web applications (i.e. external facing websites) are frequently targeted for hacker intrusion today. This assessment is designed to identify weaknesses in web applications and highlight any vulnerabilities that could have the potential to be exploited by cyber criminals.

This assessment starts as all assessments do: scoping. The Security Consultant meets with the client to gain a better understanding about the web application (i.e. application functionality, data flow, information about the back-end, the underlying infrastructure, risk level associated with a possible compromise, type of data being processed, etc.).

Next, the Security Consultant performs the assessment which relies on:

  • Automatic tools, such as vulnerability scanners and exploitation frameworks
  • Manual techniques, such as looking for business logic flaws in the use of the application, access control checks amongst users with different roles, and looking for flaws that may not get picked up by a vulnerability scanner

Once the vulnerabilities have been found, the Security Consultant demonstrates the severity of these flaws to the customer by simulating cyber attack scenarios, to show how cyber criminals can exploit them. This exercise benefits the customer by reinforcing the consequences should the security risks materialize.


“It was a full security assessment. The detail was fantastic. We were really impressed with the reports that we got. We knew what we were expecting from Herjavec Group and they let us know exactly what they were expecting from us.”

 

— Mike Stevenson, VP of IT Infrastructure & Support

Results

After conducting the gap analysis and web application assessments, Herjavec Group was able to provide a list of key recommendations to Mogo based on the vulnerabilities found.

By implementing the changes recommended, Mogo was able to ensure compliance to their industry requirements and also strengthened their overall security posture for greater cyber defense.

To engage Herjavec Group for Security Consulting services, please connect with a security consultant today.

CONNECT WITH US


About Herjavec Group

Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including across the United States, the United Kingdom, and Canada. For more information, visit www.herjavecgroup.com.

Stay Informed 

  rhsm-3  Follow us on Twitter

  rhsm-2  Connect with us on LinkedIn

 

*By selecting one of the communications above, you consent to Herjavec Group
 sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.