Defending Data Trust in an Unpredictable Threat Landscape
Data Trust, established in 2011, is a leading first party data company specializing in US voter information and electoral data. The company's expertise lies in collecting, enriching, analyzing, and maintaining high-quality political data on a massive scale. With information on over 300 million individuals and more than 2,500 unique data points per person, Data Trust provides critical insights to various organizations involved in election campaigns across the United States.
The challenge
At the core of Data Trust's operations is the critical task of protecting sensitive information. The company's sophisticated data management systems safeguard not only publicly available data but also their proprietary insights and proven methodologies. This level of security is paramount, as a single data breach could severely undermine the trust of its clients and potentially tarnish the company's reputation.
By leveraging its expansive data warehouse and robust IT infrastructure, Data Trust ensures the integrity and confidentiality of its vast data resources. This commitment to data protection and privacy is fundamental to maintaining the confidence of its clients and solidifying its position as a trusted partner in the political data landscape. Needless to say, confidence in Data Trust's ability to manage sensitive information securely is crucial for both its business success and that of its clients. While the company primarily collects publicly available data, it must vigilantly protect its invaluable data insights and proven methodologies from theft or unauthorized access. Equally critical is safeguarding its IT infrastructure from potential compromises, including data breaches, cyberattacks, or system vulnerabilities. Any form of data compromise could not only jeopardize the company's proprietary information but also undermine the confidence its clients place in its ability to handle sensitive political data securely.
While satisfied with its previous cybersecurity set-up, the rising frequency of cyberattacks on all industries in recent years, and escalating geopolitical tensions around the world, led Data Trust to seek a cybersecurity partner that could elevate its data security to the world-class level. As a Microsoft-first company, it needed a global cybersecurity specialist with deep Microsoft expertise that could provide tailored, flexible, and scalable services while ensuring maximum protection around the clock. Microsoft recommended Data Trust reach out to Quorum Cyber, a Microsoft Solutions Partner for Security, a member of the Microsoft Intelligent Security Association (MISA), and holder of all four Microsoft Security specializations, to its shortlist of potential service providers.
"We wanted a company that wasn't just aware of Microsoft's services, but truly an expert in them – whether it's Sentinel or Microsoft's operations in general,” says Bill Dunne, Data Trust’s Chief Operating Officer. “This expertise was crucial because everything we do is natively Microsoft-based. Every device we use is Windows-based, and we host all our core assets in Azure. Although we have data in a few other clouds for marketing purposes, the core assets live in Azure and Microsoft. Therefore, it was essential for us that the firm we partnered with had a strong background in Microsoft services."
Vote of confidence for comprehensive security
“What put Quorum Cyber ahead of the field was the feel we got for the team,” says Bill. He was particularly impressed that Federico Charosky, Quorum Cyber’s Chief Executive Officer, attended the first meeting. And Data Trust’s technical team verified that the cyber security specialist’s experts had the skills, knowledge, and certifications required to master Microsoft’s security stack.
“Overall, we felt like we had a great rapport with Quorum Cyber’s team, and we were confident they could protect us 24/7, 365 days a year,” adds Bill. “They took the time to ask about our specific challenges and listened to us.”
Another major benefit was that an Incident Response service was included as standard, so that if an adversary should breach the company’s systems, Quorum Cyber’s qualified and highly experienced incident responders would rapidly investigate the emergency, day or night.
“The in-house incident response capability was a standout feature for us,” explains Bill. “We really appreciated that it was included within the service and not hidden behind a paywall. Knowing that resources would be available immediately if anything slipped through or if we faced any issues gave us great peace of mind. This showed they had 'skin in the game' because by stopping threats in the first place, they wouldn't need to expend resources on incident response. This demonstrated a true partnership rather than just a managed service, which was a significant point of our discussions."
Furthermore, with Quorum Cyber, cybersecurity isn’t just a business transaction, it’s a partnership and a collaboration to continuously fortify cyber resilience and reduce cyber risk. With this approach, organisations can focus on their goals without worrying about cyberattacks.
Threat-led managed detection and response
Data Trust opted for a security maturity assessment (SMA) to start so that Quorum Cyber’s team could review the firm’s current security posture and understand what it needed to do to strengthen it in the short, medium, and long term. In addition to the SMA, Data Trust opted for Quorum Cyber's managed detection and response service, Clarity Extend. This service incorporates advanced threat intelligence and proactive threat hunting capabilities, designed to identify and mitigate potential threat actors. To further reduce risk, Data Trust added pentesting, plus an annual cybersecurity audit to ensure good governance. Early in the partnership, Quorum Cyber's Threat Intelligence (TI) team conducted an in-depth assessment of the specific threats Data Trust might face. This evaluation provided the company with critical visibility into the threat landscape most relevant to its operations, enabling a proactive approach to mitigating risks.
Data Trust’s team has total transparency of the company’s security via Clarity, Quorum Cyber’s customer platform, which Bill believes is an added advantage of the service. “We've been able to see the workflow play out successfully, and we have clear insight into the logging of day-to-day activities because the platform is clean and easy to use. It's so intuitive that I've been able to pass it to a member of the team, who manages it daily, but I can still access and review it whenever needed. We feel confident in the platform's accurate reporting of what's happening in our systems and databases."
Peace of mind
“Throughout the process, I felt relieved and reassured by the rapport we established,” Bill explains. “One member of the Quorum Cyber team was local, and meeting in person helped build comfort and trust. Moreover, the support from the team, who would be managing this on a 24/7 basis, gave me confidence that our data was in capable hands.
“Quorum Cyber is the most important layer of our active security,” concludes Bill. “We certainly have cyber peace of mind.”
Scotland’s Biggest Mental Health Charity, SAMH, Elevates Cyber Security on Multi-year Journey
The Scottish Action for Mental Health, better known as SAMH, is the largest mental health charity in Scotland. The not-for-profit organisation provides over 70 different kinds of mental health service to cover everyone, from children to the elderly, across the whole of Scotland.
SAMH offers a comprehensive range of support from walk-in centres, crisis intervention, rehabilitation, counselling and advice. It also campaigns for better support from the government for vulnerable people and collaborates with the private sector to raise much-needed funds to improve quality-of-life.
Like organisations in the private and public sectors, not-for-profits are targeted by cybercriminals. Research indicates that 66% of high-income charities report that they have experienced some form of cyber security breach or attack in the last 12 months. After being the victim of a ransomware cyber-attack several years ago, SAMH put its trust in Quorum Cyber to contain the attack and facilitate recovery. Subsequently, they worked with the Quorum Cyber team to strengthen SAMH's cyber security measures to minimise the risk of future attacks. “You think your organisation is ok until something happens,” says Jason Bryce, Chief Operating Officer at SAMH. “Quorum Cyber’s team were very professional and brought calm to a frantic and stressful situation.”
Satisfied with the service it had received, SAMH went on to sign a multi-year managed detection and response service, Clarity Extend.
Continually strengthening cyber security
To continually enhance SAMH’s cyber security, Quorum Cyber mapped and measured key areas of cyber defences across the entire organisation to better understand any potential weaknesses and identify where improvements could be made. “Quorum Cyber understood the level of defence that our organisation needed based on what we do and the IT estate we have,” explains Jason. “They provided peace of mind and a plan to enable us to reach our goals, but they didn’t oversell and gave us lot of useful, practical advice about how to manage and improve our security.”
The charity additionally commissioned an independent review from another company, which provided “extremely positive” feedback regarding Quorum Cyber’s work and the outcomes achieved by SAMH.
In 2025, Scotland’s largest mental health charity extended the partnership by a further two years. Naturally, it followed good governance by talking to other cyber security companies to compare benefits and costs and chose to remain with Quorum Cyber. “The great services that Quorum Cyber has always given us made them a serious candidate,” says Jason.
Top criteria for a strong partnership
Reflecting on the renewal process, he lists quality of service, price, trust, and confidence as his top priorities when considering service providers.
In today’s inhospitable and unpredictable digital environment, cyber risk remains the number one risk for SAMH. And unlike financial risks, cyber risk comes with no warning flags or indicators to help the organisation plan for the future. Cyber-attacks can happen suddenly when they are least expected and disrupt operations virtually overnight.
Benefits of a Microsoft-first partner
As an almost entirely Microsoft house, all of SAMH’s devices and accounts are covered by the Microsoft Defender suite and managed through Microsoft Intune using Enterprise Mobility and Security (EMS). This is a suite of tools and technologies designed to manage and protect mobile devices, applications, and data within an organisation.
This also makes Quorum Cyber – a Microsoft Solutions Partner for Security with deep Microsoft expertise and experience – a great match for the charity.
“Quorum Cyber's deep understanding of Microsoft simplifies our decision to adopt the service and helps reduce spending on other vendors,” explains John Stoner, Head of Information Services at SAMH and chair of its Information Security Committee and Audit and Risk Committee.
John conveys valuable information he receives from the monthly service reviews and from Quorum Cyber’s customer platform, Clarity, into reports and meetings. “An external Security Operations Centre (SOC) shows that we take cyber security seriously when applying for funding and gives our trustees reassurance,” he says. “We’ve also moved to a true cloud-first infrastructure which has vastly removed our attack surface and need for infrastructure protection.”
SAMH also values Quorum Cyber because it’s a threat-led cyber security company that can apply the intelligence and lessons it learns from hundreds of other customers across a variety of sectors to help proactively protect the charity. “We value the Threat Intelligence team’s advice on what kind of attacks they see in the not-for-profit sector, and across other sectors that might reach us, either today or tomorrow,” says Jason.
Empowering Enable to support communities throughout Scotland
Founded in 1954, Enable is one of the fastest growing and most impactful charities in Scotland, which “believes in an equal society where everyone has the right to live, work and participate as active and respected citizens in the communities of their choice.”
Enable consists of three pillars: Enable Cares, Enable Works and Enable Communities. Across the group, and throughout Scotland, Enable delivers:
- Self-directed health and social care support
- Employability, education and training
- Community projects and campaigns.
Employing 2,500 staff and with 12,000 members and supporters, Enable is one of the 40 largest non-public sector employers in Scotland, and actively supports over 13,000 people to live independently as active citizens in their local communities.
As one of Scotland’s largest charities, the organisation is on a multi-year mission to digitally transform its operations. It’s determined to digitally enable its entire workforce so that they can use the latest tools to increase efficiencies to deliver first-class services to improve living standards for tens of thousands of families.
Setting out on its transformation journey several years ago, Enable’s leadership team knew from the start that building strong cyber resilience was one of the pillars of its ambitious programme.
“We invested a lot in digital transformation but lacked the relevant security controls to thoroughly monitor our IT estate,” explains Jacquie Anderson, Head of ICT and Change at Enable.
Flagging phishing emails with the Big Red Button
“Quorum Cyber is willing to help us on our journey but they appreciate that we’re a non-profit organisation without deep pockets,” says Jacquie. “When we started working together, there was no helicopter view of Enable’s IT estate, no clear view of our security. Working alongside Quorum Cyber for several years, we feel safe that they have our backs so that we can focus on delivering the best service we can to all the people we serve throughout the country.”
They focused on protecting their users from phishing emails with the Big Red Button – a simple and effective service that allows employees to notify, at the touch of a button, Quorum Cyber’s security analysts of any suspicious emails they receive.
This service was particularly important for Enable, whose frontline employees’ primary responsibilities are to help and care for people with disabilities and long-term health conditions, and who use a mobile phone rather than a laptop and who don’t work in an office. Phishing remains one of the most common tactics for threat actors to attempt to infiltrate organisations, and so all employees must play their part by identifying and escalating any suspicious messages.
Jacquie continues, “Having this key service delivered by Quorum Cyber is integral in giving ICT and Enable the comfort that any reported suspicious emails are thoroughly reviewed by Quorum Cyber and we are given the go-ahead to proceed or take the relevant actions to remove these suspect emails from our estate.”
Comprehensive security up to 2026
Having benefitted from Quorum Cyber’s protection of a three-year Managed Detection and Response (MDR) service from 2020 to 2023, Enable recently signed an extension to the contract with Quorum Cyber, under the watchful eye of the Security Operations Centre (SOC) team based in the UK. This deal keeps round-the-clock monitoring, detection and response in place through the current hostile and unpredictable digital climate, until 2026.
“There’s no way we could run a 24×7 SOC ourselves,” says Jacquie. “This contract means that no matter where I am in the world, I can trust Quorum Cyber to protect our organisation. Having a competent SOC team running our MDR service allows me to sleep at night. There are robust processes in place which includes proportionate delegated authority, allowing them to make the right evidence-based decisions and take the most appropriate actions on Enable’s behalf at any time of the day or night. I trust them 100%.
“When the time came to renew our contract, it was a very easy decision to make. The relationship, partnership, trust, and cost made it straightforward to continue as we were. We’re a large organisation, so naturally we were approached by numerous security vendors, but we didn’t need to undertake a lengthy and costly open procurement process, as we were satisfied that a continuation of the partnership was not only competitive financially, but robust and reliable operationally.”
With experienced cyber security professionals in hot demand, more organisations like Enable are calculating that it’s often better to outsource a managed service like MDR and leave the challenges of hiring, training, and retaining qualified cyber security analysts to a professional cyber security company to tackle.
All of Quorum Cyber’s services include 24×7 access to Clarity, a single dashboard for customers to see the security of their entire IT estate, and how the SOC is handling any incidents in real time. “Clarity is a fabulous tool for our team,” explains Jacquie. “It doesn’t only tell us what our vulnerabilities are, but it explains how we can fix them. And the beauty of it is that it’s not cluttered with technology jargon, so I can download service reports from it and pass these to the Enable board for them to see the continuous evolution of our cyber security posture.”
Part of the cyber security community
“Quorum Cyber is there for the greater good and they don’t want their customers to fail so they can charge them more, they want them to continuously improve and become more resilient,” says Jacquie. “This comes through whenever I speak to anyone at Quorum Cyber. You can feel the passion from the top down. The whole team wants to collaborate and help their customers – we really feel like we’re part of the community.”
Although Enable feels assured it’s in safe hands, it’s not dropping its guard. Everyone in the organisation is well aware that success can breed complacency, and complacency can lead to a breach. As such, Enable’s team is now looking at other services to enhance their security even further.
SAMH puts its trust in Quorum Cyber to recover from a cyber-attack
Scotland’s leading mental health charity strengthens security and IT after its worst day
If you believe you’re experiencing a cyber incident right now, please call our Incident Response team on 0333 444 0041 and we’ll help you right away.
At first, their IT team thought they were experiencing a few technical issues. Hours later they were locked out of all their own IT systems. Then they discovered a ransom note.
Immediately, the Scottish Action for Mental Health, better known as SAMH, had a major problem: what to do from a data security point of view.
This type of cyber incident can be incredibly stressful for everyone involved, sometimes causing panic, leading to a lot of unnecessary blaming and seriously affecting people’s sleep. It’s often an emotional roller-coaster.
In this situation, it’s important to contact the right organisations to communicate and seek advice. SAMH’s leaders did the right thing by talking to the Information Commissioners Office (ICO), Police Scotland, the Scottish Charity Regulator (OSCR), their law firm and the Scottish Business Resilience Centre, who gave them a list of cyber security companies to contact.
Jason Bryce, SAMH’s Chief Operating Officer (COO), decided to call Quorum Cyber and talked to their Senior Incident Responder, Mark Cunningham-Dickie. “Right away, we could see his expertise,” says Jason. “We were basically trusting him 100% from the start and it was good to speak to someone who had been there before. At 8pm on a Friday evening he made himself available to us for the whole weekend, it felt like he dropped everything else and prioritised us.”
Removing data from the dark web
Early the next week, Mark reported his findings. “Somehow, the criminals were able to very quickly identify confidential data, and they released approximately 85,000 files to the dark web,” explains Jason. “Mark was very calming and explained what he would do, including copying the data from the dark web to a safe environment where it could be reviewed in more detail.”
Working alongside other partners of SAMH, Quorum Cyber helped with the next few stages, starting with data recovery. Although their servers were unusable, thankfully they had back-up discs which were accessible and disconnected from the affected systems, so they could retrieve their data up until the start of the month.
SAMH, like many charities, holds confidential and sensitive information, so needed to understand exactly what information had been leaked.
No organisation should feel alone after a cyber-attack
SAMH was extremely appreciative of the support that Quorum Cyber’s whole team gave them, from the account manager and the service delivery manager up to the Quorum Cyber COO. As well as the skilful technical investigation and careful data management, the team assisted with the important but delicate communications to external stakeholders.
Once the situation was contained, Quorum Cyber’s team ran a security maturity assessment to ascertain the state of their cyber security and identified areas for improvement to start the journey to becoming significantly more resilient.
In parallel, the ICO reported that everything SAMH’s team had done to prepare for a potential cyber-attack and every action they had taken since it occurred had been correct. “That was a huge relief,” says Jason.
In today’s inhospitable digital climate, cyber-attacks can happen to any organisation in any industry including the non-profit sector, in which Quorum Cyber has years of experience protecting. It’s no organisation’s fault when they experience a cyber-attack but there are specific actions that need to be taken, or should not be taken when responding to one.
The start of a successful relationship
Determined to come out of the experience stronger than ever, SAMH signed a two-year deal for Quorum Cyber’s Managed Detection & Response (MDR) service, which is run by the Service Operations Centre (SOC) team in the UK. Two weeks ahead of schedule, in June 2023, the charity was onboarded to provide their entire IT estate with monitoring, detection and response services 24/7, 365 days per year.
SAMH also took the opportunity to seek advice from Quorum Cyber’s Advisory Services team who ran comprehensive IT health checks and gave recommendations on how to bolster resilience across the organisation.
“Throughout the whole engagement, I felt like their most important customer,” concludes Jason. “They listened to us, and gave us total confidence and assurance without over-promising what they could do and when they could do it by.”
As SAMH evolves and extends their security controls, aligning themselves to industry best practise, Quorum Cyber continues to support the mental health charity in any way they need. And trust, which was the bedrock of the partnership since day one, continues to flourish.
