"The minute you have a baseline framework, you establish minimum requirements that can be exploited and broken.
NCC Group emphasised the importance of building a strong, collaborative partnership, fostering an environment of creativity and openness and allowing us to swiftly adapt to emerging threats while continually enhancing our defences to safeguard digital assets from cyber risks."
Miles Parry, CEO MPCH
The customer
Safeguarding an array of sensitive digital and physical assets that encompass secrets, private data, and cryptographic keys, MPCH stands as a pioneering force within the global security landscape. Operating across multiple physical locations worldwide, MPCH's commitment to hyper-secure cryptographic storage positions it as a formidable challenger to established industry standards.
The challenge
MPCH needed to validate the security of its people, systems, and processes to give customers and insurance underwriters confidence in its ability to withstand physical and cyber security attacks on global infrastructure.
The solution
The NCC Group Physical Security Review (PSR) process—a black team engagement involving simulated real-world attacks—externally pen tested MPCH's existing security infrastructure, identifying opportunities to iterate and improve those systems.
The benefits
NCC Group's novel approach to penetration testing validated the security of MPCH's existing physical infrastructure. It also helped MPCH introduce agile procedures and policies to mitigate future threats and enable secure scaling in any location.
"When considering cyber security, the stakes are immeasurably high. We are not just protecting data; we are safeguarding irreplaceable assets and shielding reputations from the potentially devastating impacts of security breaches. Our commitment to constantly pushing the boundaries and setting new benchmarks for cryptographic secure storage is driven by a deep-seated belief that doing 'enough' is never truly enough. This dedication to rigour of process instils confidence in our clients that we have taken every measure to secure the most valuable digital information enterprises hold."
Ensuring a rapid response to physical and cyber security attacks
Cybercrime is expected to surge from $9.22 trillion in 2024 to $13.82 trillion by 2028, and the stakes are high; cyber and physical security breaches can result in sensitive data violations, financial losses, and irreparable reputational damage.
Increasingly sophisticated attacks require rapid, robust responses from secure storage providers, with sites facing different threats depending on the country and state.
For cryptographic secure storage provider MPCH, individual site security must be strong enough to protect physical and digital assets from a would-be attacker for significantly longer than it takes MPCH, the authorities, or other responders to get onsite and resolve the issue.
Challenge: Auditing MPCH's security infrastructure with robust assessment
When customers (typically enterprise clients, financial organisations, and high-net-worth individuals) entrust confidential digital data, secrets, and cryptographic keys to MPCH, they want assurances that these assets will be kept safe.
MPCH partnered with NCC Group as an outside collaborator to test and validate its global cryptographic secure storage infrastructure, demonstrating to its customers and insurance underwriters its methods for storing valuable assets meet and exceed industry-leading standards.
MPCH approached the group because they valued the dynamic approach to pen testing. The company asked to mimic real-life scenarios, pushing hard to seek out and exploit potential weaknesses in their security. MPCH was interested in improving physical security rather than ticking boxes in a rigid framework and was looking to enhance its agility when handling physical and digital threats.
Solution: A dynamic test and review solution for MPCH
NCC Group performed a Physical Security Review (PSR) on MPCH's infrastructure, evaluating how well MPCH's existing cyber and physical security controls defend its business and client assets against simulated black team––or 'real-world'–– attacks.
Rather than following the 'fixed' framework generally adopted by pen testing providers, the security consultants used it as a baseline, deploying outside-the-box thinking more typical of threat actors with evolving tactics. To build new ways of thinking into MPCH's processes, the NCC Group team challenged their already rigorous security in new and different ways.
Miles Parry, CEO at MPCH, said, "We turned to NCC Group as experts in security testing to test our physical and cybersecurity systems so we can confidently inform our clients and insurance providers our infrastructure embodies the highest security standards."
NCC Group examined MPCH systems and controls in-depth, sharing complete 'white box' system information to maximise time and reduce the overall cost of the engagement.
Since MPCH specialises in physical and cyber secure storage, the PSR team spotlighted these two areas in testing, linking their reviews from one 'compromised' area to another in a novel approach. Throughout the PSR, the team identified opportunities for continuous improvement, recommending how MPCH could strengthen its security defences to protect the assets within.
"The minute you have a baseline framework, you establish minimum requirements that can be exploited and broken. NCC Group emphasised the importance of building a strong, collaborative partnership, fostering an environment of creativity and openness and allowing us to swiftly adapt to emerging threats while continually enhancing our defences to safeguard digital assets from cyber risks," adds Parry.
Benefits: Benchmark setting review standards to validate existing security standards and set a precedent for further global expansion
Cutting-edge secure storage facilities must continuously improve because physical and cyber security threats––particularly in the era of AI and quantum computing––are ever-evolving.
Parry continues, "We're dealing with the irreplaceable, including the reputational damage of a cyber security incident. Continually setting new standards for secure cryptographic storage allows us to sleep at night, knowing we've done more than just enough."
"We don't build a singular site and then rinse and repeat because the actual threat per site varies significantly from state to state and country to country. The expertise of NCC Group is a fantastic enabler, allowing us to ask questions and tailor our infrastructure to each site."
NCC Group's dynamic assessment process has gone beyond validating MPCH's cryptographic secure storage infrastructure to help the company embed a continuous improvement culture into its physical and cyber security measures. Taking learnings from the novel approach, MPCH can flex to mitigate new threats and securely scale as it expands to new locations.
A robust validation process in a rapidly developing environment gives MPCH customers and insurers peace of mind that the company can tackle challenging security threats and keep valuable assets safe.
Parry concludes, "We've initiated conversations with specific institutions because of our work with NCC Group, who have confidence we're not just meeting security standards, but also setting new ones and deliberately improving."
MPCH is now a valued customer due to the completion of this and other successful projects, with further security-related collaborations in the pipeline.
Get started on your cyber security journey.
Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what NCC Group can do for your organization's unique cyber security needs.