Skip to navigation Skip to main content Skip to footer

Case Study: MVSS for a Biometric Security Company

08 March 2023

By NCC Group

Situation

In late 2020, NCC Group was approached by a multinational technology company. The organization is dedicated to improving the quality, convenience, efficiency, and security of government services, travel, border control, and all smart facilities.

A market leader in their industry, the organization currently has 13 offices and operations in 150 countries. The organization enlisted NCC Group’s support to provide a thorough review of its security posture and the guidance necessary to become CHECK accredited.

At a Glance

Organization: A multinational technology company with UK headquarters in Reading

Industry: Tech

Challenge: To provide an IT health check assessment and penetration testing of the organization’s facial recognition software for airport border controls and to ensure the organization has the processes and procedures in place to become CHECK accredited

Solution: NCC Group deployed a team of five consultants to carry out penetration testing to uncover potential vulnerabilities in their software systems

Result: The independent program of penetration and security assessments led the company to understand its vulnerabilities and risks so that the organization could take action to address them

Challenge

With a subsidiary based in the UK, the company was contracted by the Home Office to develop and deploy a system for managing electronic passport presentations at borders in the form of e-gates. The security and integrity of the company’s data and information systems are vital, and a breach could have a major detrimental impact, particularly given the sensitivity of the data that the client was handling.

NCC Group was tasked with identifying known and unknown vulnerabilities and demonstrating where weaknesses may exist that could lead to unauthorized access to corporate information. A suite of solutions was provided in September 2020 for testing to start end of November.

Solution

Although COVID-19 prevented on-site visits at the beginning of the project, the team of penetration-testing experts began to carry out bespoke security assessments of the system, providing clear, actionable recommendations for change remotely, then moved on site when they were able to.

The testing was conducted across a broad variety of the client’s systems, including; web services, web applications, workstations, APIs, and firewalls, ensuring that the organization had a 360 view of its security posture. The report detailed recommended fixes against the CHECK methodology, illustrating:

  • Any weaknesses which could be exploited by an attacker aiming to compromise the confidentiality, integrity, or availability of the company’s systems and data
  • The threats facing the company’s information assets
  • That the company’s security expectations and requirements are being met
  • Adopting best practices by conforming to legal and industry regulations

Result

With the report delivered in a simple, easy-to-understand format with the action list ordered by priority, the organization was able to implement the recommended fixes quickly and efficiently.

The organization was better able to understand its potential attack vectors and risks associated with the handling of sensitive information and was able to implement the necessary security procedures to ensure that it could continue to do so in a safe and controlled way.

NCC Group

NCC Group

NCC Group exists to make the world safer and more secure.

As global experts in cyber security and risk mitigation, NCC Group is trusted by over 14,000 customers worldwide to protect their most critical assets from the ever-changing threat landscape.

Get Started on Your Cyber Security Journey 

Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what NCC Group can do for your organization's unique cybersecurity needs.