In the wake of a cybersecurity crisis, this global services company is focused on resilient IT infrastructure development to enhance security and prepare for potential business sale.

Company Profile

This global services company operates across Europe, Asia, and the USA, utilising legacy technology systems managed by an outsourced MSP and supported by a small internal IT team.

CEO’s Mission

With plans to sell the business within two years, the CEO and Founding Partners intended to maintain their existing IT systems with minimal investment. However, a sophisticated ransomware attack that compromised and encrypted their servers naturally forced a reevaluation of their approach. The CEO sought expert technological guidance to recover from the attack, rebuild on modern, secure platforms, and demonstrate the value of robust IT systems to potential investors based on a proven and resilient IT infrastructure development.

Digital Technology Director’s Objectives

Phase 1

  • Assess the ransomware attack situation and advise the CEO on recovery options.
  • Coordinate a response plan involving legal, insurance, IT forensics, MSP, and internal executives.
  • Recover key systems to restore operational functionality.

Phase 2

  • Rebuild the IT environment with modern, secure technology enhancements.
  • Mentor and coach the IT Manager for an expanded role.

What the IT Director Did

Led a Response and Recovery Action Plan

Faced with a critical situation, the IT Director:

  • Implemented containment measures to halt further malicious activity.
  • Coordinated restoration and recovery of critical services like networks, email, and active directory.
  • Conducted a forensic investigation to determine the attack’s entry point and assess data loss.
  • Managed response and reporting with all stakeholders, ensuring cohesive recovery efforts.

The Director enabled the business to resume operations within a week using partial backups. They continued to lead the recovery plan, liaising with all stakeholders to mitigate commercial and reputational risks until the incident’s resolution.

Devised the Rebuild of Technology Services and Infrastructure

In Phase 2, the Director, collaborating with the in-house team, designed a new IT environment leveraging contemporary technologies:

  • Developed a public cloud-based infrastructure, utilising Infrastructure as a Service (IaaS).
  • Outsourced SOC with comprehensive security measures like SIEM, EDR, and vulnerability management.
  • Charted a roadmap for transitioning applications to SaaS offerings.
  • Outlined a plan to achieve Cyber Essentials Plus accreditation, enhancing overall cybersecurity posture.

Mentoring of IT Manager

The IT Manager, a seasoned employee with hands-on experience but no formal tech education, received a development plan from the IT Director. This plan included formal training and weekly one-on-one mentoring sessions. The Director provided strategic advice on IT management, supplier relations, team recruitment, cloud technologies, and effective communication with the Board, contributing significantly to the resilient IT infrastructure development.

The Results


  • Securing the IT environment and deploying defensive tooling within 48 hours 
  • Recovering operational systems globally within 7 days (initial estimate was 6 weeks)  
  • Identifying root cause, point of entry and extent of data loss 
  • Stabilising the IT environment whilst waiting for a new technology platform