How a leading global supplier to the automotive and industrial sectors secured its multi-plant operations from cyberattacks, rogue insider activity, and sophisticated cyber threats – A case study in cybersecurity risk mitigation and management
The group operates over 200 plants across continents. Its plant operations included devices and infrastructure based on IT and OT (operational technology). The infrastructure is diverse and so are the protocols followed and the processes powering each aspect of the shop floor and control floor. The client wanted a cybersecurity partner to cover requirements such as
Over the years, due to the increasing complexity of operations, the client’s plants came to have systems and networks that were several decades old. These systems coexist to a greater or lesser extent with flat networks and ad hoc extensions that were added over the years. Due to this, several gaps in visibility emerged and wanted to overcome this challenge by having the ability to see all assets on its networks and identify the number of connected elements and their topology. After a comprehensive round of capability assessments, discussions with Sectrio’s Security Consulting Team, and multiple site visits, The group decided to opt for Sectrio as a partner to provide cybersecurity services to meet the above requirements.
- Rapid improvement in security posture across 77 security operations KPI points
- Scaling up of compliance with the adoption of NIST CSF, ISA/IEC 62443, and NIST 800-82r2
- The client’s OPs were secure across the 5 service cycles that have elapsed so far
- The training program has been converted into a separate activity with active leadership engagement and support.
- Sectrio has been given an additional responsibility to draw out a curriculum for the training programs
- Security operations are now functioning at a higher level of efficiency
- Various internal audits have reported a significant improvement in the risk management status of the plants secured by Sectrio’s cybersecurity services
- The company has selected Sectrio as its OT security training partner as well to expand the scope of the initial agreement