Leading Transportation Systems and Services Provider Enhances Cybersecurity at Scale

A leading transportation systems and services provider specializes in information systems for the transportation industry. It services three of the top 15 toll authorities in the U.S. and processes over two billion toll transactions annually at highly advanced toll authorities.

Challenges

With major business growth occurring, senior management at the client wanted to ensure that their information security was keeping up with the growth. Protecting the organization’s reputation was a board-level concern.

In addition to general information security concerns, the client was specifically concerned about phishing attacks and Microsoft 365 breaches. Organization management had heard a rash of media reports highlighting compromises of Microsoft 365 via misconfigurations. Given the importance of Microsoft 365 to their organization, they were particularly concerned about potential compromises of their environment.

Our solution

Initially, Celsior provided an Information Security Assessment program to benchmark the client’s current security posture and develop a roadmap for improving it. This assessment leveraged the NIST Framework at its core as this maps to all other standards and frameworks—allowing an “assess once, map to many” approach. As part of this, we used a review and an automated scan to identify technical vulnerabilities and capability gaps.

To address the Microsoft 365 concerns, we conducted Microsoft 365 log reviews of key personnel to identify subtle indicators of compromise that could escape the automated analysis. The assessment determined that while technical vulnerabilities were being adequately addressed, gaps still existed from a programmatic standpoint that needed attention.

Business outcomes

Celsior worked with the client to develop a customized roadmap based on their plans for growth over the next three to five years. This ensures that cybersecurity is “baked in” rather than “bolted on.”

The roadmap also indicated areas where the client could further enhance their cybersecurity posture by utilizing some advanced features Microsoft offers at a higher license capability. The additional license cost was offset by identified license savings, resulting in increased security for roughly the same price as they were already spending.

Based on strong delivery, the client later contracted with us for a Virtual CISO. They were very happy with this arrangement and have significantly increased the contracted hours of the Virtual CISO based on the strong value that he has provided.

MORE CASE STUDIES

Case Study
more
Pyramid Consulting Near-term Target Validation Report

An overview of the approved Near-term Science-based Targets submitted by Pyramid Consulting.

Learn More
Case Study
more
Navigating Mainframe Workforce Uncertainty for a Leading Systems Integrator

Helping a leading SI hire mainframe experts, upskill workforce, and build long-term talent retention strategies.

Learn More
Case Study
more
Enhancing Generative AI Capabilities for a Leading P&C Insurance Provider

Tailoring a training program focused on AI competencies and targeted technologies.

Learn More