The company is a French-headquartered, international telecom operator that has maintained an ERP for the management of its core business for many years. An evaluation of the security of this ERP was requested by the Administrative and Financial Department, where a number of risks related to its technical base were identified. Mazars was instructed to perform an intrusion test from the internal network of the company to simulate the attacks a hacker could take in order to identify any security gaps.
Telecom operators are extremely aware of security threats to their information system. They often apply a set of best practices and use technologies to strengthen their level of internal controls. In order to identify the risks that threaten the security of our client's information system, a high level of technical expertise combined with a thorough experience of intrusion patterns and methods was necessary, along with the ability to provide clear and practical conclusions for a non-technical audience.
Regular monitoring and training allows Mazars' cyber security teams to use the most sophisticated and up-to-date intrusion techniques to put attack scenarios into practice and take control of the information system.
The Mazars teams were able to control the ERP of this client in order to demonstrate the weaknesses in their security.
Our consultants could have also performed external intrusion tests if the client's ERP had been connected to the internet.
The intervention of our cybersecurity experts has permitted a reinforcement of the security principles to be implemented in our client's ERP and in its IT environment.
THE + OF MAZARS
The technical mastery of the intrusion work allowed Mazars to quickly take control of the ERP, its data and the rest of the information system and thus demonstrate the weakness of the implemented system.