Case Study: U.S. Catholic Archdiocese Makes Threat Hunting a Regular Practice

Donate.png

Attackers Set Their Sights on Non-Profits

The Catholic Church serves millions of parishioners whose personal information, and often bank and credit card data, is stored on its IT systems — making it an attractive target for cybercrime. Since 2007, over 101 non-profits and at least 618,890 records have been compromised due to a data breach. In many cases the victims didn’t know how many records had been impacted.  

Church community members and staff rely on the church’s administrative infrastructure to protect the integrity of personal information, including Social Security numbers, bank account information, payment card data and contact information, as well as heartfelt donations that enable pastoral, educational, welfare and religious initiatives. One U.S. Catholic Archdiocese chose to take a more proactive security posture by implementing a threat hunting program to ensure the utmost protection of its data and IT infrastructure.

Adopting a Proactive Security Posture

“While some wouldn’t think the Archdiocese has to worry about cybercrime or being hacked, ensuring the security of our network and data is of critical importance. We, too, need to have cutting edge technology,” said the Head of Information Technology for the Archdiocese. “We have an amazing community that gives of itself, for a variety of endeavors, and making sure our information systems aren’t vulnerable is a job we take very seriously.”

Reports of cyberattacks have spiked in recent years resulting in millions in financial losses, theft of intellectual property and exposure of information. The groups responsible for these high-profile attacks are organized and can persist in a system’s endpoints without detection for months, sometimes years. 

Unfortunately, current real-time security processes are ineffective at detecting post breach activity, especially as time passes after the initial compromise. Organizations — including religious institutions — are no longer waiting for parishioners or the authorities to tell them they’ve been the victim of a cyberattack. 

The Archdiocese realized that simply layering increasing numbers of defensive tools would not deliver total security. In 2015, the Head of IT committed to being more proactive. With thousands of parishioners, multiple locations, both educational and religious, there was a significant amount of data and systems to protect throughout their IT organization. 
Basic security “blocking and tackling” measures were implemented, including the recommended critical Center for Information Security (CIS) controls. The IT Team also initiated a number of security information and event management (SIEM) protocols, and correlated data from known vulnerabilities to look for signatures and bad actors, prioritize core systems and see what is happening within them. 

While those measures have made a difference, they required a lot of human and financial resources, and still left the Archdiocese feeling vulnerable.

“We were missing something: it was the ability to aggressively hunt and find hidden threats that may have bypassed initial defenses to fully protect our people, data, systems and good works,” said the Head of IT. “Infocyte’s approach — presuming endpoints are already compromised — was a completely new perspective that really resonated, as it was able to detect threats the other tools couldn’t.”

Infocyte Empowers the Archdiocese’s IT Team with Post Breach Detection 

Infocyte HUNT is a threat hunting tool for post breach detection. It provides an easy-to-use, powerful solution to limit risk and eliminate dwell time by enabling an organization’s IT and security professionals to proactively discover malware and persistent threats, active or dormant, which have successfully breached existing defenses. 

“Using Infocyte HUNT we are able to look at all of our files — current and historic — and compare them against large external reputation and threat intelligence databases. Also, Infocyte HUNT helped us validate controls and processes across the network to ensure that a threat wasn’t bouncing around, in or out, that our other security measures didn’t catch.”

The Infocyte HUNT post breach detection platform rapidly assesses endpoints, including user devices and servers, using Forensic State Analysis (FSA) for evidence of compromise, without the burden of complicated equipment or endpoint software installations. Reports identify and score the severity of identified issues for swift resolution and risk mitigation. 

“Infocyte was the proactive solution the Archdiocese had been looking for to reduce risk and increase security,” said the Head of IT. “Simply stated, it provides the ultimate offensive attack plan and allows us to have deeper visibility into the state of our endpoints through an easy to use interface that I can quickly train staff to use. Infocyte HUNT is our guide through today’s muddy security waters. It validates the initiatives we have in place and strengthens the Archdiocese’s overall security posture, which also means that I don’t need to fight for funding or new hires to continue making security stronger and better.”

See how you can empower your internal teams to hunt - Schedule a demo today.