North America Municipal Utility

In the electric utility space, companies must comply with North American Electric Reliability Corporation (NERC) protocols and rigorous guidelines to ensure they follow proper cybersecurity practices.

The municipal utility wanted to increase their security posture and had used internal tools in the past to assess potential security risk across their organization. However, they were looking to obtain an outside-in perspective in order to drill deeper into their compromised systems, vulnerabilities and diligence and assess any potential gaps.

Understanding their security posture was the first step in gaining a holistic view of their cyber risk landscape. The municipal utility also wanted to take a closer look at the security posture of their third parties in order to identify and help reduce potential cyber risk across their business ecosystem.

To effectively understand their security posture, the municipal utility needed a solution that provided specific details on what needed to be fixed and allowed them to see progress made over time. The municipal utility leverages BitSight Security Ratings for Benchmarking, which enables them to quantify their cyber risk, measure security program success, and benchmark their performance against industry peers.

BitSight Security Ratings for Benchmarking provide data across a variety of risk vectors including compromised systems (botnets, spam propagation, malware, exploited hosts, unsolicited communications, etc.) and diligence (SPF, DKIM, SSL configuration information and more) as well as user behavior (file sharing, exposed credentials), and display graphs over time to show changes and trends.

To help monitor the security performance of critical third parties (who have access to employee and customer data) and potential new partners, the municipal utility utilizes BitSight Security Ratings for Vendor Risk Management in order to identify, quantify, and mitigate the risk inherent in sharing sensitive data with vendors and business partners. This automated service analyzes, rates, and monitors the security performance of third parties, all from outside the organization.

With BitSight, the municipal utility has improved their security posture by knowing where risks exist within both their organization and their third parties. By logging into the BitSight Security Ratings Platform, they are able to identify areas with elevated risk and work with their network teams to put action plans together to remediate issues. Their Vice President and CIO expressed that “[BitSight] was easy to understand and communicate and provided what we needed to do. That is why we chose BitSight.”

The data provided by BitSight helped the municipal utility clearly demonstrate security performance improvements to their executive team and the Board. In addition, they are able to take BitSight Security Ratings on existing and potential new third parties and use that information as part of their RFP and renewal processes.

The municipal utility is one of the largest in the country, providing electric and water services to 400,000 customers.