TrollEye Security

Menu

Case Study – GBC – Red Teaming

Why General Bank of Canada Chose Our Red Teaming Assessments to Validate Their Security Posture

General Bank of Canada had been beefing up their cybersecurity posture for years, investing in various security strategies to make sure that they were in compliance with increasing regulatory scrutiny and well protected against sophisticated cyber threats. However, they had a problem, they didn’t know how they would hold up in a real-world cyberattack.

That’s when GBC chose TrollEye Security to conduct a red teaming assessment, so they could maximize visibility into their security posture.

Learn More About Our Red Teaming Assessments

Validated Security Investments

Our assessment confirmed that years of security improvements were effective, demonstrating that critical controls successfully mitigated real-world cyber threats.

Enhanced Incident Response Capabilities

Their ability to detect, contain, and remediate threats through realistic attack simulations was strengthened, ensuring faster and more effective responses to future incidents.

Informed Continuous Improvement

A clear roadmap for refining security policies and strategies was build, ensuring ongoing improvement in defending against evolving cyber threats.

About General Bank of Canada

General Bank of Canada (GBC) is a federally regulated Schedule I Canadian chartered bank and a member of the Wheaton Group of Companies. They provide a range of loan and deposit solutions across Canada, with a strong focus on automotive, aviation, and equipment financing.

  • Industry: Banking and Financial Services
  • Size: 51-200 Employees
  • Location: Alberta, Canada
  • Services: Red Teaming Assessment, Physical Penetration Testing, and Incident Response Tabletop Exercises

Why They Opted For a Red Teaming Assessment

As cybersecurity threats and regulatory pressures have intensified across the financial sector over the last few years, General Bank of Canada (GBC) recognized the need to validate and test its security posture. Despite years of investment in advanced security controls and response protocols, leadership understood that theoretical safeguards were not enough and that real-world testing was needed.

Cybersecurity risks had become a key focus within GBC and its sister companies in the Wheaton Group. To ensure their defenses could withstand sophisticated attacks, a joint committee was formed across affiliated organizations to assess security effectiveness through practical simulations. This led to the decision to engage a specialist third party for a comprehensive Red Team exercise that would mirror real-world attack tactics and provide an accurate assessment of their security resilience.

Learn More About Red Teaming

After implementing numerous security improvements over several years, our leadership formed a joint committee across all three organizations (General Bank of Canada, First Canadian Insurance Corporation, and Millennium Insurance Corporation) to assess the real-world effectiveness of these measures. We recognized that theoretical security measures require practical testing against sophisticated attack scenarios to validate their effectiveness. The committee decided that engaging a specialist third party to perform a comprehensive Red Team exercise would provide the most accurate assessment of our security posture.

Adam Ennamli
Chief Risk Officer at The General Bank of Canada

Why The General Bank of Canada Chose TrollEye Security

When selecting a partner for their Red Team exercise, General Bank of Canada (GBC) sought a firm that could deliver realistic, sophisticated attack simulations, not just isolated tests or automated scans. They needed a provider who could replicate the complexity of real-world threats and assess their security posture from every angle.

TrollEye Security stood out for its comprehensive approach. Unlike other providers who offered isolated testing, TrollEye was able to combine internal and external penetration testing, physical security assessments, incident response exercises, and dark web analysis into a single, cohesive engagement. This approach provided a more accurate and customizable engagement that gave a complete picture of GBC’s defenses, closely mirroring the methods of advanced threat actors.

"We selected TrollEye Security for their comprehensive approach to security testing and their expertise in simulating sophisticated threat actors. What differentiated TrollEye was their ability to conduct multi-faceted assessments combining physical penetration testing, network penetration testing, and incident response exercises. Their methodology closely mirrored real-world attack scenarios, providing a more accurate picture of our security posture than standard vulnerability scanning. TrollEye's approach of employing various attack vectors from dark web analysis to physical breach attempts demonstrated their understanding of the complex nature of modern cybersecurity threats facing financial institutions. It’s simple, yet powerful."
Adam Ennamli
Chief Risk Officer at The General Bank of Canada

How We Conducted Our Red Teaming Assessment

Our engagement strategically utilized multiple attack vectors, including external and internal penetration testing, targeted phishing campaigns, physical security assessments, dark web analysis, and an incident response exercise, to rigorously test GBC’s defenses from every possible angle.

We initiated the exercise with extensive reconnaissance, carefully identifying vulnerabilities and potential entry points that could be leveraged during our simulated attacks.  During this stage we identified local vendors, examined dark web data, purchased similar domains for phishing engagements, and examined potential vulnerabilities in their networks.

This preparation set the stage for a series of attack scenarios, such as attempting physical security breaches by disguising ourselves as local electrical and internet vendors, exploiting potential weaknesses in wifi networks, and conducting phishing tests to assess employee security awareness.

At the end of our engagement we also performed an incident response tabletop exercise, summarizing our findings and presenting recommendations to improve processes. Ultimately the red team assessment provided GBC with critical insights into their cybersecurity posture, confirming the effectiveness of current security investments and physical security measures, while also highlighting areas needing improvement.

Read About How We Conducted Our Table-Top Exercise
Adam Ennamli
Adam Ennamli
Chief Risk Officer at The General Bank of Canada
The Red Team exercise conducted by TrollEye Security provided invaluable insights into our cybersecurity posture. The comprehensive approach combining dark web analysis, phishing campaigns, external penetration testing, physical security testing, and internal network assessments gave us a realistic view of our security posture.

Learn More About Our Red Teaming Assessments

Our red teaming assessments go beyond conventional testing methods. We simulate real-world attack scenarios that combine network penetration, physical security testing, social engineering tactics, dark web analysis, and incident response exercises.

But our Red Teaming isn’t just about finding weaknesses, it’s about empowering your organization with the knowledge and strategies to close those gaps. We don’t just deliver reports; we provide clear, prioritized recommendations and strategic guidance to help you enhance your security posture and mitigate risks in the long term.

Get Started With Our Red Teaming Assessments

This Content Is Gated