Cyphra helped a manufacturing company assess the maturity of their cyber security controls to ensure that they were appropriately protecting the intellectual property data from their multi-million-pound R&D investments.
This Manufacturing Sector had invested several hundred million pounds in the R&D of an innovative technology that they estimated was five years ahead of their competition. Information and IT systems play a critical role in the operation of their business and as such, cybersecurity incidents that could impact the confidentiality, integrity or availability of their key information presented a serious threat to their organisation.
Any such incident could have significant impacts in terms of loss of intellectual property and commercial advantage, interruption to production, regulatory penalties or the market reputation of the organisation and the Group that owned the business. As such the organisation had identified that there was a compelling need for a better understanding of the cyber security risks the organisation faced and their resilience to such attacks encompassing both governance and technical controls.
The organisation engaged Cyphra, as an external specialist information security organisation, to conduct an audit to assess the level of maturity within their current information security practices.
Cyphra provided a Cyber Security Maturity Assessment (CSMA) using a multi-phased approach that was based on a collaborative working model and comprised of workshop sessions with key staff within the organisation combined with a detailed review and analysis of their security controls.
Initially a Business Impact Assessment (BIA) workshop was held with senior stakeholders to agree the potential business impacts to cyber breaches to key information assets. This exercise identified very sensitive data for which the internal security manager had been unaware of its importance. Additional workshops were held with members of their internal IT and security teams and with their key external 3rd party IT suppliers.
Cyphra used the workshops to review and gain an understanding of the maturity of the key technical and non-technical security controls using Cyphra’s Cyber Security Control Framework. Cyphra also conducted a sample vulnerability scan against the network in one of their offices. Control weaknesses or areas of concerns were recorded and prioritised against the potential business impacts from any exposure to the identified information assets.
The report provided a high-level dashboard for management and made recommendations for remediation strategies that included control improvements in terms of technology, process and policy.
The organisation used the CMSA report to initially focus on a tactical plan to address the high priority issues identified in the report and then to subsequently drive a strategic security improvement plan that included a range of technical and governance control enhancements. They also conducted a review of their third-party contracts to ensure adequate security requirements were built in.
As a result of this work, the stakeholders have funded the security programs and have indicated that they now have a greater confidence in the protection of their intellectual property and manufacturing environment form cyber based threats.