Implementing Long-Term Security Strategy to Protect Infopulse’s and Our Clients’ Assets in Times of Uncertainty

The implementation of Infopulse’s security strategy was tightly intertwined with the events that occurred through the years and marked new chapters in the development of the threat landscape. Our specialists responded to the events in a way that would ensure these new threats and relevant approaches could be effectively countered.

2017-2021:

The year 2017 is infamous for the global spread of the NotPetya malware, which primarily targeted Ukraine-based organizations. It raised the priority to defend against large-scale destructive attacks and strengthen our security stance. Infopulse security team responded in the following way:

• Implemented a QRadar SIEM system. The solution was fine-tuned and enriched with new rules in the course of several years.
• Considering the new types of attacks, the team worked on approaches that would significantly reduce the chances of a successful attack.
• Improved segmentation of the corporate network by means of an additional internal firewall and a protected jump host to administrate corporate systems.
• Strengthened cooperation with the internal IT team to align efforts on achieving high security for the launched services.
• Adopted industry best practices in secure administration of corporate systems.
• In partnership with Microsoft, Infopulse successfully switched to the next-gen security solutions:
  • When the pandemic, and later the war, disrupted established processes, the cloud hosting allowed for extensive support for Infopulse specialists during relocation and maintained the required level of control over workplaces and corporate data. It also enabled unique services that addressed clients’ security concerns, such as remote data wipes.
  • Infopulse corporate services, including a Microsoft 365 suite, were migrated to a protected cloud configuration. The entire company is now covered by one of the most advanced complexes of security licenses provided by Microsoft.
• Designed and ran a company-wide security awareness campaign with an online phishing simulator kindly provided by Tietoevry, our parent company.
• Initiated the next stage of improving the maturity level of security processes:
  • Formalized numerous security processes, e.g., incident management, vulnerability management, security event management, etc.
  • Developed criteria to measure the effectiveness and performance of the team, based on the analytics of their existing activities.
  • As a result, it allowed for fast, efficient, and well-coordinated work within the team when the war started.
• Formalized and configured the vulnerability management process to timely discover vulnerabilities in IT services and eliminate them, in cooperation with the IT team:
  • Achieved a minimal vulnerability profile.
  • In December 2021, migrated the vulnerability management system to the cloud, which created the opportunity for fast and straightforward migration to the EU platform once required.

January 2022 “Final preparations”

• Meetings with Tietoevry, our parent company, to align efforts and share relevant experiences.
• More comprehensive testing of the backup data center in the EU.
• Comprehensive analytics of large-scale cyberattacks within the cyberwar frame.
• The emergency security action plan to enable the most crucial processes was focused on:
  • Enhanced protection of endpoints and external web services.
  • Migration of technical security solutions to the EU data center.
  • Identification of cyber security risks for projects working for critical infrastructure.
  • Tuned additional policies for cloud security.
• Preparing backup communication channels, such as satellite links.

February-April 2022 “Effective response”

When russia invaded Ukraine on February 24 and started an atrocious war, it unfolded both on physical and digital planes. Many Ukrainian sites were under attack, which signalized it was high time to adopt a new approach and a new security plan to be able to withstand the unraveling chaos:

• Infopulse activated a ban on implementing any significant changes, except for critical activities for IT and security infrastructure.
• Relocated security solutions to the EU data center.
• Reconsidered current activities and focused on the most important operations:
  • Handling security events
  • Analysis of risk locations
  • Blocking corporate accounts on devices in risk locations.
• Supported secure development of the ‘Infopulse Connect’ application to efficiently collect the required data from all the company’s specialists.
• Created awareness recommendations for the specialists to warn them against phishing attacks.
• Supported regular and comprehensive communication with clients and Tietoevry on the safety of our people and protection of the equipment and information.
• Enabled emergency relocation of Infopulsers and their families, equipment, and tangibles.
• Performed conservation of offices in risk locations and prepared other offices for possible conservation as well.
• Evacuated equipment from the Kyiv data center to a safe location in the most effective and reliable way.
• Minimized the perimeter for attacks by turning off services that could be potentially attacked and were not required at the moment.