About the SickKids Foundation
Main Goal
Outcomes
About the SickKids Foundation
The SickKids Foundation, based in Toronto, is a fundraising organization dedicated to supporting the Hospital for Sick Children. Managing sensitive information from over 1.5 million active donors, the foundation faces the risk of reputational damage and donor loss if this data is compromised.
To safeguard donor information, Derek Sutton, the Director of Infrastructure and Enterprise Architecture, acknowledged the need to enhance their security posture. To address this, he enlisted PlutoSec to conduct a penetration test.
Main Goal
The primary goal of the SickKids Foundation was to evaluate its security posture and identify any vulnerabilities that might have been overlooked by their team. Although they had implemented basic security measures, the organization’s infrastructure was outdated and in need of an upgrade. A penetration test was essential to uncover gaps and vulnerabilities, allowing them to address these issues and enhance their security before potential exploitation.
PlutoSec developed a thorough methodology with 95% manual testing and a coverage-based approach to accurately simulate real-world conditions. Their team of highly skilled in-house ethical hackers conducted an in-depth analysis of the systems from an attacker’s perspective, filtering out irrelevant details and highlighting the most critical findings requiring remediation. Additionally, their coverage-based approach allowed testers to explore various methods of system breach and vulnerability exploitation, providing a precise and comprehensive report.
Outcomes
PlutoSec’s penetration testing approach revealed a range of hard-to-detect vulnerabilities and potential attack vectors that could be exploited. The final report offered valuable insights that helped the foundation’s IT team identify weaknesses in their infrastructure and provided actionable guidance to enhance their overall security posture. Moreover, PlutoSec’s Canadian Data Residency and SOC 2 Type II Accreditation assured the SickKids Foundation that all test reports were securely handled within a trusted environment, ensuring full compliance with data security standards.
Overall, PlutoSec’s comprehensive penetration testing enabled the SickKids Foundation to pinpoint vulnerabilities, address issues, and strengthen their security posture. Derek Sutton highly recommends PlutoSec to his peers for their expertise, coverage-based approach, manual testing methodology, and accuracy in identifying real issues without false positives. Additionally, the SOC 2 Type II Accreditation and Canadian Data Residency offered SickKids Foundation’s donors reassurance that their information is well protected.