Skip to main content

Taking flight as a more cyber-ready organization

Client Story
8 minute read
Transportation Hospitality Services

Aviation services company repels widescale attack, undertakes broader transformation focused on cyber resilience

Download Client Story

Securing Success in the Skies

The starting point

Lives are regularly on the line for one growing aviation services company that operates around the world. Supporting customers in a wide variety of industries and locations, the organization moves people, critical supplies, and other assets to where they need to be. Whether it is helping first responders get to remote places, delivering life-saving medicines, or simply transporting customers during the last leg of a journey, the company puts safety at the center of its operations and services.

But when a ransomware attack brought the company’s operations nearly to a halt, that safety was threatened. Around the globe, key systems that the organization relied on—to communicate, to plan, to schedule—became unavailable or unreliable, forcing its employees to find workarounds and quick solutions to support customers’ needs. But those solutions would have been unsustainable beyond a few days. The organization needed to restore its critical systems quickly—to support new customer requests and ensure the ongoing safety of its operations. Rapid cyber incident response and recovery was crucial.

The ransomware attack, however, also revealed an array of gaps in the company’s overall cyber readiness—something that it would have to address so that it would be ready for the next potential cyber incident and become more resilient than before.

Factors in focus
 

  • Customer safety and service perennial concerns—as well as reliance on systems integrity
  • Scarcity of talent for rapid incident response and recovery
  • Need for end-to-end strategies and capabilities to support future cyber readiness

The way forward

Given the size and impact of the breach, the client sought out the rapid surge support capability of Deloitte’s Cyber Incident Readiness, Response, and Recovery (CIR3) services to respond to and recover from the incident.

Initial focus fell on halting the active ransomware threat while seeking out any additional threat actors or malware that might compromise the aviation company’s systems or data. Deloitte worked closely with the organization to define the path forward during response and recovery—to help determine which systems and data were most important for restoring critical business operations and to rapidly create a detailed plan for response. The collaboration required the company and Deloitte to quickly make decisions on which systems to take offline, which systems to restore, and how key processes should be performed—whether manually or automated, for example.

In addition to deploying CrowdStrike and other tools for incident response and remediation, Deloitte leveraged its tested cybersecurity playbooks and methodologies, as well as a team of over 70 practitioners worldwide to help the organization restore normal operations at eight locations. That team included those in legal, crisis communications, and core cyber incident management, working in unison to establish privilege, to ensure that stakeholders were kept up to date on the event, and to perform the hands-on work of cyber incident response and recovery.

The ransomware was stopped quickly to allow critical business operations to continue. And over the course of the succeeding month, the incident was well behind the company, with all essential systems restored to pre-incident levels. But the organization’s leaders wanted to transform cyber readiness for the entire organization. To do so, they once again enlisted Deloitte’s CIR3 services to define a strategy, establish governance principles and protocols, and select and deploy technologies that would help the company to enhance its overall cyber posture.

To make its transformation vision real, the aviation company worked with Deloitte to assess global incident readiness and security capabilities, identify requirements, and create a multiyear strategy and roadmap. This included using Deloitte’s managed Operate services 24x7 security event monitoring, analytics, cyber threat management, and incident response. Deloitte also helped the organization develop an incident readiness governance framework, processes, playbooks, and technology standards. Also on the technology front, Deloitte worked with the aviation client to build a new global firewall and network architecture, migrate core workloads to the cloud, and deploy continuous threat hunting capabilities.

Today, with the ransomware attack well in the past—and with a transformed cyber incident response, recovery, and readiness posture—the aviation organization can operate with greater levels of confidence and trust, all to support the safety and expectations of stakeholders.

 
Contacts:
 

Bryson Tan - Partner, Deloitte Canada

Robert Bloomfield - Senior Manager, Deloitte Canada

Insights to inspire
 

  • Any new strategies or capabilities for cyber incidents should focus on the three R’s: Readiness. Response. Recovery. 
  • Cyber talent shortages do not always mean that you must limit your ambitions. Outsourcing cyber incident management to a managed security services provider can alleviate pressure on your workforce while providing 24×7 support

The achievements

Rapid response and recovery following a global ransomware attack

Restoration of trust for critical business operations

Extensive transformation of incident response, recovery, and readiness capabilities—across strategy, governance, and technology

24×7 cyber readiness Operate services—delivering critical talent, capabilities, and technologies

Greater resilience through an enhanced cyber posture that supports safety and service continuity—for customers and employees

Let’s talk cyber

How will your organization respond to and recover from its next potential cyber incident? And how will your organization transform its cyber capabilities to help safeguard your business and stakeholders and build trust from end to end?

www.deloitte.com/cyber

Discover how Deloitte’s Cyber Incident Readiness, Response, and Recovery (CIR3) services can help your organization face the future with greater strength and resilience. Contact us to get the conversation started.

www.deloitte.com/cir3

Get in touch

Kevvie Fowler

Global Cyber Incident Response Leader
+1-416-867-8149

John Gelinne

Global Cyber Incident Readiness, Response, and Recovery (CIR3) Leader
+1 410 576 6700

Did you find this useful?

Yes
No

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Recommendations

Deloitte’s Cyber Incident Readiness, Response, and Recovery

Deloitte’s cyber incident readiness, incident response, and incident recovery services are backed by our deep experience, technologies, and global scale for fast, trusted incident management
Services

Recipe for greater cyber confidence

Lightning can strike twice—and sometimes simultaneously. A large US food service company with hundreds of locations had been hit by two simultaneous ransomware attacks. The company needed a solution, and they turned to Managed Extended Detection & Response (MXDR) by Deloitte for the answer.
Perspective
5 minute read

An Insurance Policy of A Different Kind

Global insurer moves from transactional to strategic by teaming with Deloitte for cyber solutions and Operate services​, reducing complexity, costs, and risks with an IAM transformation​.
Perspective
5 minute read

Cybersecurity threats and incidents differ by region

Learn more about how 20 countries and three global regions compare across key cyber threat considerations.
Perspective
5 minute read