With companies racing to achieve digital transformation via the cloud, the Internet of Things (IoT), and bring your own device (BYOD) policies, digital ecosystems are expanding faster than ever. Learn how to protect against threat actors that are taking advantage of new vulnerabilities that are harder to detect.
In 2021, organizations experienced a record upward trend in cyberattacks. According to research by Check Point, attacks on corporate networks increased 50% per week compared to 2020.
In light of this alarming trend, board members are increasingly looking to their security leaders to provide them with a complete, accurate, and up-to-the-minute view of risks across the company’s digital perimeter so that they can make informed decisions about how to reduce cyber risk.
But as the attack surface expands – into the cloud, and across geographies, business units, and subsidiaries – gaining these insights and communicating them to executives isn’t easy, as Spectris, an industrial technology company, found out.
The challenge of securing the expanding digital perimeter
Like many in its sector, Spectris has undergone continuous M&A activity and operates its network of subsidiaries as autonomous companies – each with its own executive committees and security teams. In total, Spectris has eight operating companies, multiple locations around the world, and 7,650 employees. The result is a vast digital perimeter and expanding attack surface that had become unmanageable. Even when security management tools were put in place to help locate the risky parts of their network and focus remediation efforts, security teams struggled to prioritize all the data that they now had access to.
As Anna-Lisa Miller, Group CISO at Spectris said: “We wanted visibility – we needed to see what we had and where our problems were.”
Given Spectris’ expanding attack surface, without the right, trusted information about vulnerabilities, the company realized it needed a tool to better manage risk across its large network.
The solution was BitSight for Security Performance Management.
How Spectris gained the visibility it needed to manage risk and secure their digital perimeter
With BitSight, Spectris now has a manageable view of the most pressing vulnerabilities and risks across its entire network, including subsidiary networks.
“We get rich information from our vulnerability management tool, but we use BitSight to better understand external facing issues and fine-tune the prioritizations,” said Miller. For instance, BitSight reveals areas of concentrated risk and trends over time – across the company’s multiple lines of business. This allows Spectris to calibrate its risk management process and prioritize cybersecurity risk remediation activities where they can have the most impact. For instance, BitSight shone a light on open ports on Spectris’ network and prompted a decision to update the company’s ISP information – an action that helped secure the network against the recent HAFNIUM breach.
BitSight also aids with reporting cyber risk to business leaders. Using BitSight, each subsidiary executive can view their individual security rating – BitSight ratings range from 250 to 900, with a higher rating equaling better security performance. Ratings for the overall company are also shared with the overarching Spectris C-suite and board of directors, making it easier for executives to commit to actionable security program improvements that improve their rating over time.
“The single pane of glass helps the various leadership to get a better view,” said Miller. “We like the ability to prioritize the action we need to take – it isn’t just noise. I like the way we can very quickly see where the root causes lie, along with the corresponding solutions.”
With executive buy-in, the Spectris cybersecurity team can now set goals and demonstrate measurable progress to their board, putting meaning behind the company’s investment in cybersecurity and strengthening security across its digital perimeter.
Read more about how Spectris leverages BitSight to improve visibility of risk across its expansive M&A and subsidiary network’s digital perimeter and present itself as a trusted company to work with.