Use Cases

The departing sales manager scenario

They’ve been a solid member of your team for several years, and helped bring in some of your biggest deals. Sure, some of their tactics are a little bit maverick, but they get the job done, and they’ve contributed massively to the volume of customer and supplier contacts you hold in your CRM. They’re leaving now, having picked up a major sales roles at one of your competitors, and you expect they’ll be under significant pressure to show their value quickly. Even though they have had privileged access to the many systems they needed to do their sales role, you’re not worried about security as you use Single-Sign-On and multifactor authentication; you can just close their account and all access will be disabled. We’ll be fine, right? 

The undetected attack

We have spent years building a highly trusted relationship with our global customer base, and pride ourselves on the efforts we take in protecting their data. We’ve spent a lot of money putting in place various cyber security monitoring and detection controls that will alert us to any security incidents it detects. We inspect all user activity, tightly manage their access to just the data they need, and we maintain all out infrastructure and applications against the threats and vulnerabilities we identify. In the last month, we didn’t suffer a single attack. Well, I mean we didn’t get any alerts; that’s the same, right?

Who’s marking your homework?

It’s yearly budget time, and your CEO is asking you, the CISO, to demonstrate the value of their investment last year and the logic behind this year’s request; “I gave you £X last year, that should have fixed everything, why do you need more this year?” You show them the stats on how many attacks you blocked before they became an incident. They raise an eyebrow. You describe your stellar performance in the latest disaster recovery tests, and a smile begins to form. You tell them how you have had no incidents of data theft; they ask how you can be sure so you show them your incident stats. “Who produced this?”, they ask. “We did”, you reply. It was all going so well, briefly.