Magilatech Use Cases

Use Case 1: Mixed Integrated Environment Security

Mixed Environment

The largest payment aggregator in Tanzania handling card and cardless processing; The organization was already compliant with regulatory checks, but it had a wide portfolio including:

  • 10,000 POS terminals
  • Integration to 41 banks
  • Integration to 6 Telecommunication Companies

This complex integrated environment comprising of: 3rd Party integrations, Hardware related channels creates a big attack surface meaning simple individual assessments would not suffice to cover people, processes and technology to ensure holistic security. This involves both IT and IoT security.

Solution Strategy

Magilatech took on this challenge to cover the hard to secure areas that are overlooked in regulatory checks to ensure that the client is secure from channel and integration related attacks are secured by:

  • Development of security modules for the organization’s applications.
  • Year-round comprehensive Security Assessments (Channel and Integration Assessments for IT and IoT)
  • Securing data at rest and in transit using cryptography services
  • Hardware integrity checks & security review on the POS terminals

Benefits derived from this include:

  • Reduction in 3rd party integration risks
  • Secure by design integration
  • Continuous monitoring of complex mixed environment

Use Case 2: Capacity Building for Threat Handlers

Internal Capacity Challenge

The national police force required that it builds up internal capacity to enable dealing with not only regular crime but crime on the digital frontier based on current threats; This creates a vast set of audience with the following mandates:

  • Law enforcement in a nation with over 60M citizens
  • Need for digital skills to protect against cyber-crime and cyber warfare

The focus of this training was for the criminal investigations department (CID) – Cybercrime Unit to appraise them with modern tactics, techniques and procedures to combat advanced persistent threats in high risk environments.

Solution Strategy

Magilatech Approached this engagement with equipping law enforcement with something different as opposed to regular corporate training services to ensure that it met the needs of the force. The engagement was covered in 3 phases:

  • Cyber Warrior Bootcamp: Simulation based training setting that reduced onboarding time by 66%.
  • Red Team Labs: Equipping them with the ability to run adversarial cyber network operations.
  • Simulation Games: Testing the unit in a purple team setting where they tested red and blue team understanding.

Benefits derived from this include:

  • Internal incident response capacity by the police force
  • Internal knowledge sharing capacity while onboarding

Use Case 3: Channel Banking Security

Channel Banking Fraud

A tier one bank approached Magilatech to assist them with dealing with an incumbent issue of customer complaints and internal inconsistencies in fraudulent transactions. The bank leads in technology adoption giving them a complex environment

  • Customer base of close to 4M customers
  • Channel Banking Solutions for Internet and Mobile Users
  • Agency network of over 20K agents

The bank needed to understand what are the channels of abuse/breach that existed and how they are being utilized. This is because despite doing statutory audits the bank still faced gaps that lead to a series of unexplained fraudulent activity. The bank also needed a security advisor moving forward.

Magilatech took a phased approach to the engagement. The engagement was covered in 3 phases: 

  • Channel Banking Assessment: This phase involved trying to emulate external adversaries and determining ability to conduct fraud over B2B, B2C and C2C channels
  • Internal Abuse Assessment: The second phase involved finding abuse on channels by internal stakeholders
  • Pre & Post Implementation Security assurance on upcoming projects.

Benefits derived from this include:

  • Internal development of indicators of compromise for channel fraud
  • Fixing of incumbent channel fraud issues
  • Shifting security left on the bank
Avatar photo

Author

Tuba Rahman

VP-Business Development Tuba is a multi-disciplinary Engineer, cybersecurity growth strategist and a humanitarian force of nature. She identifies as a global citizen and is an avid promoter of women’s leadership in the world of cybersecurity. Tuba has a real talent for delivering complex infrastructure deployments and loves to get global cybersecurity certifications in her spare time.