CCL Group specialises in providing Law Enforcement, Legal and Corporate Organisations with advanced digital forensics, data analytics and cyber security services.
Our understanding of ‘security’ has changed immeasurably since the dawn of the internet and the development of digital technology. Today’s criminals are more complex and savvy than ever before, with every new development in software, hardware and technology systems representing an opportunity for them to exploit your organisation. We are here to help you prepare, investigate and respond a cyber breach regardless of the market in which you operate.
Law Enforcement Agency
Law enforcement investigators discovered 165kg of heroin, with an estimated street value of £19million hidden inside metal lathes at an industrial estate in the Midlands region of the UK; the drugs arrived in a container aboard a ship from Pakistan. The importation had been controlled by people remote from the scene, using unregistered pay as you go mobile phones and replacing them on a regular basis.
The cell-site analysis was complex and detailed, taking place over a two-year period with many challenging deadlines; generating over 1,000 pages of written evidence, and bundles of over 100 exhibits. The collaborative approach with the CCL cell-site team working onsite with the Law Enforcement Agency was extremely effective, and thus the level of quality and efficiency achieved was higher than a more traditional remote response. More analysis and exhibits were generated during the trial, as CCL Group dealt with last-minute evidence and alibis.
Quality support was available throughout, with pre-submission advice, ongoing identification of new forensic opportunities, through to production of court bundles under challenging circumstances prior to a thorough and extended witness box exercise taking place over the following days and weeks. In addition to the courtroom evidence, which gained a commendation from the judge, CCL Group provided “Live” cell-site analysis, trying to track down missing suspects, with CCL Group staff dovetailing with the law enforcement investigating team, supporting them during long and odd hours of work.
Eight members of the drugs gang were jailed for a total of more than 130 years for conspiring to smuggle heroin, and Seven were found guilty of conspiracy to import a class A drug in the 11-week trial at Birmingham Crown Court (one pleaded guilty before the trial).
The prosecution case demonstrated how the operation involved the use of bogus companies, false documents, unregistered mobile phones and trips to Pakistan. By careful presentation of the evidence in court, the prosecution demonstrated the individual roles played by each of the defendants, resulting in the guilty verdicts returned by the jury.
Off-Shore law firm
CCL Group was instructed by one of the largest offshore law firms in the world, to assist with the collection and review of documents. The client was one of the largest banks in the world, defending a claim in respect of a breach of fiduciary duty with a quantum of £110m.
As this was an offshore case, CCL Group had to deploy a number of analysts to the client’s premises. Working with the client’s IT team, CCL Group extracted 260GB of data from the exchange server and various file shares.
By utilising CCL Group’s Nuix pre-processing engine, the initial data set was culled significantly by removing duplicates and applying time/date and file format parameters, as well as applying a set of keywords supplied by the law firm. This culled the data to 11GB, which equated to 28,397 documents. CCL Group then uploaded these documents for review by the law firm.
The review phase lasted for four months, during which time certain files were either redacted or removed in their entirety. CCL Group’s ability to deploy portable instances of Nuix and Clearwell locally, and to collect data and conduct the keyword searches on-site, meant CCL Group were able to avoid any local data protection issues as the data did not leave the client’s offices.
CCL Group produced the disclosable documents to be provided to the other side. After both sides inspected each other’s documents, negotiations were entered into and the case was settled.
The growth of the digital economy has thrown up key business challenges as well as opportunities. As more business is conducted digitally, and the volume of data grows, and this can open up organisations to risks. The nature of these risks is diversifying in the face of a range of advanced persistent and adaptive threats that have seen incidences of cybercrime become daily news. Organisations have often struggled to know where to start, with many having buried their heads in the sand or seen this as an exclusively technical problem to be fixed by the IT department. Increasingly, as organisations understand the central importance of data in driving their business, so effectively managing that data and its security has become business critical.
One of the key drivers behind this is the General Data Protection Regulations (GDPR), that come into force in May 2018. GDPR will supersede the Data Protection Act and significantly increases the expectations of how organisations gather, use and protect their customers’ data. Since the DPA was introduced in 1998, the amount of digital information we create, capture, and store has vastly increased, and with it the responsibilities of organisations to protect their information, and that of their customers, security.
The Information Commissioners Office (ICO) will be the regulator for GDPR, and is stressing the importance of organisations auditing their data, and having in place the necessary governance and oversight to ensure that they can meet the additional obligations of the new regulations. One of the most eye catching elements of the GDPR is mandatory breach reporting to the ICO, with the prospect of heavy fines for non-compliance.
Organisations must make sure they have the right procedures in place to detect, report and investigate a personal data breach. The consequences of failing to adequately prepare for, or respond to data breaches have been well publicised and have affected the reputation, share price and boardrooms of a number of household names, and it is clear that the scrutiny of this area is only going to grow in intensity.
Building effective information security has become about more than just complying with regulatory requirements and must be informed by organisational priorities to understand key assets and hence prioritise vulnerabilities.
An approach involving the Holistic Cyber Security principles (covering people, processes and technology) needs to be adopted covering:
People – To address the human factor of security and increase the general awareness levels to reduce the risk of human failures in security.
Process – To address the organisational factors and challenges
Technology – To remove the technical complexity and ensure a technology architecture that delivers robust fit for purpose security capability
Volac – Food and Beverage
CCL Group was engaged by Volac to develop an IT strategy that would standardise processes and IT systems across the business and its multiple sites. Following Volac’s success and growth, their existing systems were ‘creaking at the seams’, and the processes and systems inherited through acquisition were various and disjointed across the business.
CCL Group recommended an integrated ERP system and guided Volac through a programme of business process change, aiming to result in better performance monitoring and site performance, significant reduction in administrative effort and costs, and standardised processes across the entire business.
CCL Group assisted Volac by implementing, IT Transformation – ensuring IT supported the business strategy, found the right ERP solution – requirements definition, process transformation, vendor selection and contractual negotiation, and project managed with assurance – reducing the risk of implementation.
Effective, long-term IT strategy fully aligned with business priorities
Improved business processes based on industry best practice
Fully integrated ERP system bringing together all areas of the business. Comprehensive supplier specification and selection process ensured identification of the right IT system for Volac’s business requirements