← Back to article list

Bank Used Case

May 16, 2018
Google+ Linkedin



The Bank is a fully integrated financial services provider to corporate, institutional and individual clients in Europe and Asia. With more than 45,000 employees in over 80 countries worldwide, its services include on-shore investment banking, institutional equities broking, asset and private wealth management, retail banking and business processes outsourcing.


As a global company facing a threat landscape increasingly characterized by complex and subtle attacks, The Bank wanted to show compliance with GDPR before 25 May 2018 as a strategic priority. It wanted to show regulators and customers that critical data and internal systems were being protected in line with new regulations.

To this end, the Bank’s security team understood that the traditional tools that it used to secure its network were no longer sufficient for its security needs.

Before 2018, the Bank focused on securing its network, firewalls, exploits and Malware. To ensure it was fully compliant with GDPR, it wanted to identify the risk posed by insiders, whether malicious or non-malicious. It needed to find out if its data was outside the Firewall – on the harder to reach bits of the internet that cannot easily be found today.

The Bank determined that a Dark Web, Deep Web and Data breaches solution would strengthen its security posture. Engaging services such as CIH would increase the chances of finding evidence of a breach, giving the Bank a better chance of hitting the 72-hour breach notification deadline – and showing the likes of the Information Commissioner’s Office that they had taken reasonable steps to protect customer data and reduce the likelihood or size of a fine.

The only thing that remained was to choose a provider.


After a thorough evaluation of several providers, the company decided to engage CIH to conduct an Assessment. A member of the security team had read about INTERPOL using CIH in the media, and its comprehensive solutions being used in law enforcement. This made the Bank confident in engaging CIH.

Powered by machine learning and algorithms developed by specialists from INSEAD, CIH searched the most secretive corners of the Internet to find compromised data associated with their customers’ employees, contractors and other personnel, and delivered a detailed assessment detailing the compromised critical assets and recommendations for remediation.


The Bank saw immediate results after engaging CIH’s assessment and being alerted to potential threats before they develop into genuine attacks and cause damage.

5 hours after the Bank engaged CIH – a team of Analysts at CIH alerted it to stolen staff details such as employees email addresses and passwords, evidence of sensitive files being shared online, and discussions with a criminal third party in a chat room.

In 24 hours, CIH alerted the Bank to an employee who was offering customers’ log in details for online banking for $50 each.

The seller had downloaded information on approximately 4.7 million clients from the bank’s contact lists, and offered full access details to verified customer bank accounts (with guaranteed minimum balances) to help the syndicate exploit accounts.

The Specialists at CIH provided hands-on, dedicated historical context on the seller to the bank’s insider threat team. This included reviews and reputation, which helped track the users’ real identity. Using forum posts to add context, the bank was able to track down the employee, and prevent further damage.


After seeing the usefulness of the Assessment, the Bank did 2 things:

First, it subscribed to CIH’s Continuous Monitoring product on a daily basis to see and investigate potential threats in real time, before they escalate into a crisis.

This was also a proactive mitigating step towards GDPR monitoring and compliance.

Next, it engaged CIH to refine its internal policies. CIH advised on tightening access controls, password policies, logical access controls and shortcomings in personnel vetting. The Bank has applied these to their various offices, ensuring that no access permissions or privileges are unintentionally granted.


Let us know if data is incorrect