Security Consulting Success Story with Mogo Financial

January 25, 2018

Mogo is a leading financial technology (“fintech”) company that helps consumers take control of their financial health. As a result, Mogo is committed to designing and maintaining corporate governance standards for cybersecurity.

In order to ensure that they were adhering to the strict industry standards for cybersecurity, Mogo engaged Herjavec Group to perform a series of security consulting services, including a current-state gap analysis and a web application assessment.

Objective


Ensure that the compliance requirements are followed and potential cybersecurity risks are identified as part of the client’s security posture assessment.

Method #1

Perform a current-state gap analysis to determine any gaps, according to ISO or NIST security frameworks.

Method #2

Conduct a web application assessment to identify weaknesses in web applications and identify the areas of security where best practices have not been utilized.


Current-State Gap Analysis

Recently, Mogo engaged Herjavec Group to perform a current-state gap analysis on their network. This analysis reviews the different layers of the client’s security posture, in order to expose flaws and potential risks to the executive team.

The assessment begins with the Security Consultant gathering information through interviews with key stakeholders and performing a documentation review for all policies, procedures, employee training, etc. that the customer has in place for security governance.

Once the gaps have been analyzed and reported, the Consultant provides an executive summary of the gap analysis as well as a detailed roadmap for remediation and targeted action plan. 


“From our board of directors to our front-line staff, everyone is talking about security on a daily basis.”
-- Mike Stevenson, VP of IT Infrastructure & Support

Web-Application Assessment

Herjavec Group also performed a web-application assessment for Mogo. Web applications (i.e. external facing websites) are frequently targeted for hacker intrusion today. This assessment is designed to identify weaknesses in web applications and highlight any vulnerabilities that could have the potential to be exploited by cyber criminals.

This assessment starts as all assessments do: scoping. The Security Consultant meets with the client to gain a better understanding about the web application (i.e. application functionality, data flow, information about the back-end, the underlying infrastructure, risk level associated with a possible compromise, type of data being processed, etc.).

Next, the Security Consultant performs the assessment which relies on:

  • Automatic tools, such as vulnerability scanners and exploitation frameworks
  • Manual techniques, such as looking for business logic flaws in the use of the application, access control checks amongst users with different roles, and looking for flaws that may not get picked up by a vulnerability scanner

Once the vulnerabilities have been found, the Security Consultant demonstrates the severity of these flaws to the customer by simulating cyber attack scenarios, to show how cyber criminals can exploit them. This exercise benefits the customer by reinforcing the consequences should the security risks materialize.


“It was a full security assessment. The detail was fantastic. We were really impressed with the reports that we got. We knew what we were expecting from Herjavec Group and they let us know exactly what they were expecting from us.”

 

-- Mike Stevenson, VP of IT Infrastructure & Support

Results

After conducting the gap analysis and web application assessments, Herjavec Group was able to provide a list of key recommendations to Mogo based on the vulnerabilities found.

By implementing the changes recommended, Mogo was able to ensure compliance to their industry requirements and also strengthened their overall security posture for greater cyber defense.

To engage Herjavec Group for Security Consulting services, please connect with a security consultant today.

CONNECT WITH US


About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn