DirectAsia was looking for a simple, straightforward solution for regulatory compliance purposes to ensure that the business was ready for the next phase of growth. The Red Team exercise was highly effective and gave insight to exploits that were previously unknown, keeping the business honest to the reality of risks that were involved. Through the hassle-free and productive experience with Horangi, DirectAsia found themselves not only a reliable cybersecurity expert, but a trusted partner at the end of the engagement. 

The Story

The meeting between DirectAsia and Horangi has been a long time coming. Since the early  days of Horangi’s founding, DirectAsia kept a close eye on Horangi’s development while cumulatively building itself up to what we know of them today, with a robust brand presence within the online direct insurance space. In their 20 years of establishment, the business has been growing steadily, garnering close business relations across Southeast Asia and even opening a satellite office in Thailand to support business operations. The brand connected with Horangi at an opportune time in late 2020, as DirectAsia was gearing towards the next stage of business transformation and brand evolution, establishing an even stronger identity with global insurer and parent company, Hiscox Group. 

As one of the pioneers in the online direct insurance space in Singapore, DirectAsia’s business promise for quick, accessible and transparent insurance offerings can also be seen in their operational culture and the need for clarity. On that note, the collaboration between DirectAsia and Horangi was logically a great fit, as both teams were able to work synergistically, getting things done swiftly.

The Business Challenge

To ensure sufficient bandwidth for growth and expansion, robust security posture of the company’s internal IT systems needed to be in place. To comply with Monetary Authority of Singapore’s Technology Risk Management requirements of cyber resilience, DirectAsia needed to test its systems against recognized cybersecurity standards This alone provided well-defined parameters for Horangi cybersecurity consultants to conduct the Red Team assessment. 

The Red Team Engagement

For a thorough assessment of DirectAsia’s security risks, Horangi utilized the MITRE ATT&CK® Framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations, to perform realistic adversarial simulations. 2 unique Red Team scenarios were used for simulation and testing to cover both the security and non-security teams within the organization on their readiness in responding to cyber attacks.

The Results

DirectAsia leveraged Horangi's effective approach to cybersecurity to visualize its security and compliance risks based on what was required. The process was akin to DirectAsia’s business promise, the working relationship and rapport was quickly established between both teams with the common goal of getting the job done, well and effectively. The red team exercise was completed swiftly through a collaborative effort. Amid timeline pressures, Horangi’s team of cybersecurity consultants were able to provide new insights into improving security posture and find exploits that were previously undiscovered. The report was accompanied by comprehensive documentation, leaving nothing up to chance and no guesswork was needed to understand the next steps of action. The team’s thoughtfulness and dedication to the work was also reflected in the responsiveness to requests such as additional video documentation of the work. Each individual, from client services to consultants teams, at Horangi was given the high praise for their professionalism, demonstrated through their deep understanding of their craft and also the customer’s needs. 

The team was able to give candid feedback on the scope of work, rectify issues promptly and most importantly become a partner to DirectAsia’s business by providing responsive support when needed. DirectAsia continues its security partnership with Horangi today as the brand moves into the next phase of implementing security actions and policies that allows it to not only pass the stringent security requirements set by MAS, but also build on the trust that customers place in them.