Client Overview
Lucidya is a customer experience platform based in Saudi Arabia that helps organisations truly understand their audiences. With powerful AI tools, they analyse conversations happening across social media, online reviews, and other digital spaces – turning all that information into valuable insights.
What sets Lucidya apart is its deep understanding of the Arabic language and regional context, making it a go-to platform for businesses and government organisations across the Middle East. Whether it’s tracking sentiment, improving service delivery, or making data-driven decisions, Lucidya gives teams the tools they need to connect with customers in a more meaningful way.
Problem Statement
Lucidya needed an external security assessment conducted remotely, ensuring compliance with cyber security best practices which would help them achieve SOC 2 Implementation, the key challenge was coordinating testing across different time zones, particularly outside KSA office hours and during UK weekends.
Our Approach
Goaco conducted a structured penetration test, starting with a black-box approach to simulate an external attack scenario without prior knowledge of the system. This was followed by a white-box test, leveraging authenticated access with both user and admin profiles to assess deeper security layers. The testing methodology adhered to industry best practices, including OWASP Top 10, PTES, and MITRE ATT&CK frameworks. Advanced tools such as BurpSuite Pro and Kali Linux were utilized, combined with manual testing techniques to uncover vulnerabilities that automated scans might miss.
Regular communication with Lucidya’s team was maintained via Slack, ensuring transparency and alignment throughout the engagement. Weekly progress updates were provided to track key findings and address any immediate concerns. Upon completion, a detailed report was delivered, outlining identified risks, potential threats, and recommended remediation measures. Post-assessment support was offered to guide Lucidya’s team in implementing the necessary security improvements.
Results
The security assessment revealed multiple critical vulnerabilities which could have exposed Lucidya to cyber threats. Our detailed risk assessment enabled their team to immediately take well-informed decisions about their defence strengthening needs.
The evaluation demonstrated both the effectiveness of Lucidya’s current security measures and identified specific areas for improvement that would create substantial benefits. The combination of black-box (external, unauthenticated) and white-box (internal, authenticated) tests provided Lucidya with a complete assessment of their security posture aligned to current threats.
The final report we delivered to Lucidya serves as essential documentation for their SOC 2 certification process as they advance forward. The report contains actionable recommendations which follow industry standards because their clients and partners and auditors need proof of their dedication to security.
The findings extended beyond technical results. The open collaborative approach we used through regular check-ins and honest communication and responsive service helped establish trust between both teams. The engagement delivered short-term value while establishing a foundation for long-term success.
Goaco supported Lucidya in remediating the findings from the final report, and re-test the affected sections to ensure that the fixes applied were suitable and effective.
The current state of Lucidya enables them to start their SOC 2 implementation process effectively. The upcoming review will verify that all essential problems received proper documentation according to the required standards.
Goaco will continue to support them through this journey with:
- Lucidya will receive expert guidance to strengthen security controls while improving coding practices and enhancing governance.
- Lucidya will receive workshops and guidance to develop incident response capabilities and implement secure DevOps practices.
- A consistent testing schedule of penetration tests and vulnerability scans will maintain Lucidya’s ability to adapt to new security threats.
These implementation steps will enable Lucidya to maintain compliance whilst building resilience and establish stronger trust relationships with partners and clients in the future.
