Case Study – Resilience in Chicago

An award-winning creative agency in Chicago reached out to us in need of a Resilience Strategy, as they’re growing fast and recently acquired a digital partner to expand their capabilities on behalf of their clients, who are household name brands.

In addition to the agency’s need to diagnose their vulnerability to cybercrime, the newly acquired digital practice adds a significant amount of complexity to their operation and thereby the collective agency’s overall owned risk. They needed a partner to help them define and prioritize their risks and then design a Resilience Strategy so they’re ready to respond quickly and with confidence to unplanned events that would otherwise compromise their operations, reputation, and bottom line.

Resilience Diagnostic

WIMZKL presented the Resilience Diagnostic, a 4-step, agile framework intentionally designed to quickly and cost-effectively define and prioritize requirements to design an actionable strategy:

WIMZKL's Resilience Diagnostic Summary
WIMZKL’s Resilience Diagnostic Summary

Initiation

The first step was Initiation, a friendly and memorable presentation about the project that elevated their leadership team’s understanding of how “risk” is defined in today’s digital world. This brought everyone up to speed on the current state of Information Security, Privacy and all the ways data is being compromised in environments similar to theirs and some strategies that can be used not only to help protect them, but to make sure they are prepared for when a breach happens because breaches WILL happen, which is why being aware of the risks is only half the battle. Being prepared to respond when incidents take place is the critical and often overlooked other half.

During this step, we shared some true stories with the team. Stories of how we’re usually called in only when something catastrophic happens and what that’s like. These kinds of real life comparisons help illustrate the value of being prepared when something happens vs. not. Stories are our most powerful tools because lots of different people can relate to them and understand complicated things in relatable and memorable ways.

Discovery

The second step was getting to know key stakeholders and listen and learn about the operation through Discovery, defining the agency’s greatest risks and prioritizing them. We interviewed the agency’s key stakeholders, including leadership, department directors, and IT partners to build a complete picture, synthesized from a combination of quantitative and qualitative analysis.

Diagnostic

In Step 3, Diagnostic, we presented findings and made recommendations to the leadership team, giving them some effective analogies that made it easy for them to make their decisions on how to proceed with next steps, which did not involve any overhead or adding any new hardware or software, rather by better utilizing their existing tools.

In the midst of this, the agency suffered a data breach, achieved through a successful spear phishing attack against one of their key people. WIMZKL handled Digital Forensics + Incident Response through collaboration with their IT partner, guiding them to quickly implement critical recommendations from Step 3 in the Resilience Diagnostic in order to mitigate the attack as well as make the agency more resilient against any further future attacks.

Realization

Step 4, Realization, is ongoing. Building Resilience into the way an organization does business is not a project so much as a process. Making sure the Resilience Strategy adapts and evolves as the business grows ensures our work maintains its value and continues to protect the agency and its interests.

Protecting an organization’s culture is an important ingredient for this success, which is why this is top-of-mind for WIMZKL, ensuring the agency’s Resilience Strategy is refined in ways that nurtures it and doesn’t squelch it.

WIMZKL serves as the agency’s Chief Information Security Officer, providing guidance on things like Resilience Awareness TrainingCyber Insurance requirements, claims, communication + overall fluency and awareness of a rapidly changing landscape. Every agency needs this intelligence, especially ones winning clients in regulated industries like financial services. In these situations, this agency relies on WIMZKL to represent their interests, ask good questions and get answers to ones they may or may not have known about or thought to ask.

Together, our partnership is successful on many levels: we’ve created a Cyber Resilience Strategy that forwards the goals of growing the business while minimizing risks to their clients, their reputation, and the bottom line, while valuing and protecting the creative culture they’ve worked hard to build that led them to success in the first place.

Be prepared for anything.

Get in touch.