In light of the conflict in Ukraine, Enzen’s internal IT expert and governance/control teams have assessed the security controls in place across our business, plus those of other organisations and partners within our ecosystem.
Under my direction, senior members of our cybersecurity, risk and compliance leadership team have also reviewed our system controls to ensure they fulfill the changing technical security requirements.
The team focused specifically on how these systems impact critical national infrastructure and on those external systems connected to our IT infrastructure landscape. We also assessed these systems’ relevance and applicability to our client engagements and their respective IT infrastructures.
This note covers some of our early findings. Meanwhile, we’re seeking further expert advice and validation of our security controls to safeguard our IT infrastructure from cyber attacks. We’re also assisting our customers to align their latest security controls as applicable in response to the current situation and per our scope of work.
To summarise broadly, we’ve concluded the risk to our customers remains at a moderate level. Our assessment is based on the following:
- Our required servers and IT infrastructure are deployed and maintained within client-owned secured IT infrastructure.
- Our networks are segregated from client networks. Any work done on client environments is through secured VPNs or through their secured IT infrastructure.
- All systems used as part of our customer engagements have the following control arrangements, which have been upgraded based on project-specific IT security needs:
- All our systems' devices / local firewalls have advanced security
- Microsoft security and antivirus patches are up to date and will continue to be updated
- Our email server (Google) has in-built SPAM filters to protect our systems from SPAM/ phishing emails
- Our firewalls are updated with the latest firmware patches
- Systems are ONLY connected through a secured VPN (point to point). Only authorised/ approved subnets are allowed through our firewall and system-specific subnets are mapped.
- We have already prepared for this scenario as part of our business resilience and continuity planning management.
- Partners operating in our client engagements have recently reconfirmed they also comply with these standards.
Nevertheless, despite our assessment concluding that the risk is moderate, we intend to take the following steps:
- Re-assess the risks with reference to our business impact analysis, to assure and confirm the current security controls fulfill the current information security business needs.
- Confirm the security controls implemented in our customers’ organisations, so we can assess whether we need to adapt further our security controls to keep our systems safe.
If any of the above result in findings different to our initial assessment, we will advise customers accordingly. Meanwhile, I will remain the point of contact for Chief Information/Risk Officers within our customer organisations.
For Enzen Global Limited.
Chief Executive Officer