Wattlecorp Cybersecurity Labs was established in 2018 and operates in the United Arab Emirates and India. The company’s goal is to enhance cybersecurity across several sectors, such as e-commerce, banking & insurance, oil & gas, aviation, health, and education. 

Businesses worldwide are now able to protect their digital assets, respect privacy, and abide by local and federal legislation thanks to our understanding of the insurance industry and other sectors. Global multinational firms have frequently recognized our workforce’s abilities, reaffirming our position as a trustworthy leader in cybersecurity services.

Client Overview

The client is a well-known insurance provider with headquarters located in the United Arab Emirates, with more than 1,500 employees, and operations spread across five countries. They offer a wide range of insurance services to both individual and corporate clients. 

A company processing highly confidential financial information must maintain a high level of cybersecurity, especially in view of its recent, fast mergers and expansions. This is crucial for a number of reasons, including their operations, reputation, and adherence to regional cybersecurity laws and regulations.

Business Problem

During the current digital revolution, customer finds themselves faced with substantial cybersecurity and compliance difficulties that may have an effect on their vast operational network. Insurance companies are particularly vulnerable to cyber attacks because of the sensitive financial data they handle and the volume of customers they deal with. 

With the quick business expansion, they faced hardship in implementing the latest systems and technologies post the merger, increasing the chance of vulnerabilities to an alarming level. Concurrently, they faced hurdles in finding the right vulnerability assessment and penetration testing service provider who is able to cater to the insurance industry demands and their specified business requirements.

Precise implementation of expert Vulnerability Assessment and Penetration Testing (VAPT) services was a need of the hour for managing these threats with utmost accuracy. 

These evaluations help greatly in guaranteeing compliance with regional regulations, finding and getting security flaws fixed, and maintaining the customer’s integrity of their business through the secure service they provide.

Choosing the Right Vendor

The client was in search of a vendor who is able to provide both end-to-end coverage and the most modern cybersecurity assessment services. While ensuring that their team possesses relevant project management skills necessary to successfully collaborate with teams located across the globe without fail.

To maintain compliance with an uncertain environment of regional and international security norms and legislation, they required a vendor who could effortlessly integrate into their operations. Supervise challenges that arise as a result of their presence in the international marketplace, and handle vulnerabilities accurately and on time.

Project Overview

The primary purpose of this engagement was to conduct a full examination of the client’s cybersecurity posture and discover vulnerabilities in their digital infrastructure. This initiative ensures that they comply with NESA, ADHICS, SAMA, and regional individual data protection regulations. Also, it was crucial for them due to their recent mergers and rapid expansion.

Vendor Selection Criteria

Following are four of the key criteria suitable for vendor selection which this client can use to effectively address challenges they had faced in the past:

• Expertise in global privacy standards, laws, and regulation
• Project management understanding
• Technical expertise and coverage of demanded security services
• Experience in handling various industries and geographies

Major Challenges Faced

• Working across time zones
• Cultural and linguistic barriers
• Cross-platform security specialization
• Risk-based remediation planning for regulations

Scope of the Project

1. Web Applications and Websites (Blackbox VAPT)
2. Mobile Applications (Greybox VAPT)
3. External IPs (VAPT)
4. Internal Workstations (Vulnerability Assessment)
5. Segmentation Testing
6. WiFi (Penetration Testing)

Methodology & Approach

• Stage 1: Understanding & Analysis

• Stage 2: Exploitation & Reporting

Tools and Techniques Used

Our team uses OWASP ZAP, BurpSuite Pro, Nessus, Nmap, OpenVAS, Nuclei, Nikto, Shodan, Postman, MobSF, Jadx, Drozer, ADB, Frida, Objection, Metasploit, and tailored scripts for specific testing needs, which are the standardized technologies in the industry. We ensured a thorough security evaluation with little business disturbance by following compliance requirements and best practices in our process.

Team structure

The project team consisted of a variety of security specialists, each of whom brings unique skills and expertise to the group.

• Project Manager 
• Team Lead – Security Assessment
  • Security Analysts – Web Application
  • Security Analysts – Mobile Application
  • Security Engineers – Infrastructure
• Security Analysts – QC

Findings and Recommendations

Key Vulnerabilities Identified

• SQL injection and cross-site scripting (XSS) vulnerabilities were detected in numerous web applications.
• Numerous examples of incorrect session handling and unsafe data storage were seen in mobile applications.
• Internet-facing services that were using obsolete protocols were found through external IP assessment.

Recommendations

• Remediation strategies for all the detected vulnerabilities, along with expert suggestions on regular updates and fixations, along with continuous monitoring system implementation for future threat detection
• Awareness and training sessions for fostering security as a shared response and secure coding practices
• Helped in implementing precise patch management procedures and monitoring

Execution and Feedback

Client collaboration

Professionals from our team cross-functioned with the client’s IT department precisely to help them understand and implement the fixation suggestions of the threat detected. Along with the required training and documentation to get the security measures implemented correctly.

Security improvements

After the assessment and fixation across their digital assets, the client acknowledged a significant improvement in their security posture.

Client Feedback

Wattlecorp was recognized by the customer for its comprehensive approach and transparent communication during the project, which not only addressed the project’s immediate weaknesses but also improved the company’s overall security competence and practices.

Conclusion

This engagement demonstrates Wattlecorp’s commitment to delivering the best cybersecurity services. Numerous vulnerabilities in across multiple platforms have been successfully identified and mitigated, strengthening the client’s security defenses and improving its reputation in the insurance market. This has also opened the door to safer operational procedures. The project was completed thanks largely to our extensive knowledge of the insurance industry, which allowed us to customize our strategy to fit unique demands and legal specifications. This experience improved the client’s security posture and enhanced Wattlecorp’s position as the industry leader in cybersecurity services for the insurance sector.