CASE STUDY

Aster Housing

How Aster Housing Enhanced its Breach Readiness & Demonstrated its Cyber Incident Response Capabilities with Cyber Management Alliance's Cyber Crisis Tabletop Exercise

BOOK A DISCOVERY CALL

Cyber Crisis Tabletop Exercise Case Study

Aster Housing Case Study Overview

As part of its annual cybersecurity audit, Aster Housing, one of the UK’s top housing solutions providers, sought a true demonstration of its cyber incident response capabilities, especially the ability of the human element to respond successfully in case of a crisis.
The organisation opted for Cyber Management Alliance’s Cyber Crisis Tabletop Assessment to achieve these objectives and sharpen its overall breach readiness.

Client Goals 

Neil Mallon, Strategic Technology Leader, Aster Group UK (at the time the exercise took place) articulated the following objectives while engaging with Cyber Management Alliance:

  • To test how prepared individuals and teams are to respond to a cyber crisis effectively.
  • To evaluate if the organisation is prepared to deal with a cyber-attack in the remote work environment mandated by the healthcare pandemic.
  • To get a formal breach readiness maturity score.

“Like many organisations, we undertake various traditional cybersecurity audits each year. Our past audits have been more focused on checking configurations, documentation, processes and procedures. They’ve all been very useful, but we needed something that’s more like a true demonstration of the capability of the business to actually respond. I wanted to get a fresh approach and that's why we opted for CM-Alliance’s CCTE Assessment.”

Neil Mallon, Strategic Technology Leader, Aster Group UK


 

Why Cyber Management Alliance?


For its annual audit, Aster Housing Group had two choices – to run an internally-led workshop or bring in an experienced external facilitator. The reasons for hiring an external trusted advisor were the following:

  • To bring in a valuable third-party perspective.
  • For an objective assessment of how the scenarios were handled by the internal staff.
  • To enhance engagement of internal staff members with the introduction of an external facilitator who could make the exercise more creative, interactive and therefore more fruitful.
  • "Each year, we would have a discussion with the internal group auditors about how we can undertake the yearly audit. Essentially what it boils down to each year is the auditors, the risk committees and the execs all wanting assurance. They want to be confident that the business can do what it says in terms of cyber incident response in the best way possible,” explained Neil.

The client chose to bring in CM-Alliance as the trusted external experts based on their past experience with the organisation.

Neil had interacted with the workshop facilitator, Amar Singh (also the CEO and Co-Founder of Cyber Management Alliance), during numerous Wisdom of Crowds events in the past. He had, then, engaged Amar to run CM-Alliance’s flagship, NCSC-Certified Cyber Incident Planning & Response training to help Aster Housing create its cyber crisis response plans.

This experience, coupled with Cyber Management Alliance’s well-known expertise in the field and market reputation, made it easy for the client to zero in on Amar Singh as the external facilitator of choice for Aster Housing’s Cyber Crisis Tabletop Exercise.

 

The Actual Exercise & Scenario Building 

Scenario-building is extremely important to a successful cyber tabletop exercise. It makes the crisis workshop slightly more realistic and having a scenario rooted in the current operational environment makes the session far more engaging and fruitful.

Neil Mallon and Amar Singh worked in collaboration to create a bespoke scenario for the CCTE workshop that wouldn’t just be highly relevant to the client’s business, but also challenging enough for the participants.

“Amar and I spent a good amount of time talking through options and planning the right scenario(s) for the tabletop test; We tried our best to design the scenarios to be challenging enough and both engaging and exciting to be a part of,” said Neil. 

The CCTE workshop was expertly delivered in a remote workshop style. During the workshop, Amar made extensive use of conference breakout rooms allowing for the team to separate out and discuss some of the finer points in more focussed sessions.

The time spent in scenario building and the professional delivery of the workshop allowed the client’s team members to feel encouraged to voice their opinions. All the opinions and ideas were then discussed together for more collaborative knowledge building.

Benefits


Aster Housing’s primary goal with the Cyber Crisis Tabletop Exercise was to shift the focus on to the human element. The organisation was also seeking a formal report of its cyber resilience maturity.

The major benefits that the client was able to derive from the workshop include:

  • Being able to test how teams would work together, especially remotely, and respond collaboratively, including teams that don’t normally operationally work together.
  • Identification of scenarios that need more focus as well as areas that need to be remedied.
  • Reinforcement of the cybersecurity strategy of the company, including clarity on the way forward.
  • Getting a true reflection of the organisational ability to respond to a cyber crisis.
  • The formal, comprehensive assessment report that gave internal auditors satisfaction as they had something to put against the risk register.

“The CCTE & the corresponding audit conducted has given us insights to reinforce our cyber strategy by continuing to help build the picture of where we were, where we are now and our next focussed steps. We will be engaging CM-Alliance on an annual basis.”

- Neil Mallon

 

 

About Aster Housing Group

The Aster Group is well-known in the UK for providing a wide range of housing options to all income groups. It owns assets worth £ 1.6 billion. The group owns and maintains over 30,000 homes, providing services to more than 90,000 customers. Aster is on a rapid growth trajectory with plans to develop more than 11,800 houses in the next 7 years.

With a business of this scale and ambitious growth targets, Aster Housing has always been deeply invested in its security posture.

Neil Mallon was the Strategic Technology Leader at the time that Cyber Management Alliance was hired by him to conduct the Cyber Crisis Tabletop Exercise for Aster Housing.

Industry: Real Estate
CMA Services: Cyber Crisis Tabletop Exercise
Locations: UK

Download the Aster Group Study