Skip to content

The one where compliance wasn’t enough

A centuries-old global financial institution believed regular CBEST assessments kept them safe. On paper, it looked that way. But attackers don’t wait for audit cycles.

Dark urban alleyway , symbolizing hidden threats and unseen digital activity.

The Target

A centuries-old global financial institution with more than 2,500 employees. Well resourced. Highly regulated. Required to undergo CBEST testing every two to three years.

On paper, the organization looked secure. But real attackers do not wait for audit cycles, and the leadership team wanted proof their defenses could stand up to a live and persistent threat.

The Breach

The swarm uncovered what compliance cycles missed. Open-source intelligence (OSINT) exposed dangling DNS records that were fixed within hours once reported.

A simulated compromise of their crown-jewel infrastructure bypassed SentinelOne, established command and control, and successfully exfiltrated sensitive data.

By chaining small misconfigurations together, the swarm demonstrated how an adversary could escalate privileges step by step until reaching critical systems.

At the same time, physical intrusion testing allowed our team to enter their flagship city-centre office, access IT equipment and prepare to remove hardware without being detected by onsite security.

Staff walked past our operators unaware, underscoring how even strong technical controls can be undone by overlooked human processes.

The Swarm

Every breach was replayed until failure.

Once the client introduced improvements across their SOC, SIEM rules, firewalls and endpoint tools, our digital payloads that had previously bypassed defenses were blocked.

When we attempted to repeat the physical intrusion three months later, staff successfully challenged and expelled us. Each attack cycle became an opportunity to close gaps and harden their security posture.

The Outcome

Within ten months the client increased their subscription from 25 percent to 50 percent coverage.

They no longer measure success by a compliance certificate. Instead, their internal team faces a live and persistent adversary that ensures constant evolution of their defences.

Compliance is now a by-product, not the goal. For the first time, the board had visibility of how their security investments translated into real-world resilience.

Don’t wait for a real attack to expose your vulnerabilities. Contact CovertSwarm today and make our attack your best defense.