Magilatech Use Cases
Use Case 1: Mixed Integrated Environment Security
Mixed Environment
The largest payment aggregator in Tanzania handling card and cardless processing; The organization was already compliant with regulatory checks, but it had a wide portfolio including:
- 10,000 POS terminals
- Integration to 41 banks
- Integration to 6 Telecommunication Companies
This complex integrated environment comprising of: 3rd Party integrations, Hardware related channels creates a big attack surface meaning simple individual assessments would not suffice to cover people, processes and technology to ensure holistic security. This involves both IT and IoT security.
Solution Strategy
Magilatech took on this challenge to cover the hard to secure areas that are overlooked in regulatory checks to ensure that the client is secure from channel and integration related attacks are secured by:
- Development of security modules for the organization’s applications.
- Year-round comprehensive Security Assessments (Channel and Integration Assessments for IT and IoT)
- Securing data at rest and in transit using cryptography services
- Hardware integrity checks & security review on the POS terminals
Benefits derived from this include:
- Reduction in 3rd party integration risks
- Secure by design integration
- Continuous monitoring of complex mixed environment
Use Case 2: Capacity Building for Threat Handlers
Internal Capacity Challenge
The national police force required that it builds up internal capacity to enable dealing with not only regular crime but crime on the digital frontier based on current threats; This creates a vast set of audience with the following mandates:
- Law enforcement in a nation with over 60M citizens
- Need for digital skills to protect against cyber-crime and cyber warfare
The focus of this training was for the criminal investigations department (CID) – Cybercrime Unit to appraise them with modern tactics, techniques and procedures to combat advanced persistent threats in high risk environments.
Solution Strategy
Magilatech Approached this engagement with equipping law enforcement with something different as opposed to regular corporate training services to ensure that it met the needs of the force. The engagement was covered in 3 phases:
- Cyber Warrior Bootcamp: Simulation based training setting that reduced onboarding time by 66%.
- Red Team Labs: Equipping them with the ability to run adversarial cyber network operations.
- Simulation Games: Testing the unit in a purple team setting where they tested red and blue team understanding.
Benefits derived from this include:
- Internal incident response capacity by the police force
- Internal knowledge sharing capacity while onboarding
Use Case 3: Channel Banking Security
Channel Banking Fraud
A tier one bank approached Magilatech to assist them with dealing with an incumbent issue of customer complaints and internal inconsistencies in fraudulent transactions. The bank leads in technology adoption giving them a complex environment
- Customer base of close to 4M customers
- Channel Banking Solutions for Internet and Mobile Users
- Agency network of over 20K agents
The bank needed to understand what are the channels of abuse/breach that existed and how they are being utilized. This is because despite doing statutory audits the bank still faced gaps that lead to a series of unexplained fraudulent activity. The bank also needed a security advisor moving forward.
Magilatech took a phased approach to the engagement. The engagement was covered in 3 phases:
- Channel Banking Assessment: This phase involved trying to emulate external adversaries and determining ability to conduct fraud over B2B, B2C and C2C channels
- Internal Abuse Assessment: The second phase involved finding abuse on channels by internal stakeholders
- Pre & Post Implementation Security assurance on upcoming projects.
Benefits derived from this include:
- Internal development of indicators of compromise for channel fraud
- Fixing of incumbent channel fraud issues
- Shifting security left on the bank