What’s the Lesson from the Equifax Breach?
Major brand delivers its content at physical sites to hundreds of thousands of guests. Like many [manufacturing plants], the sites utilized a Connected Asset Ecosystem of physically accessible Internet of things (IOT), industrial technology (OT) and suppliers to deliver the guest experience. The board mandated that the risk of cyber terrorism be addressed within six months. To deliver on the board’s request, the brand decided that it would need to retain consultants to design a risk management program, hire and train a team to execute the program and acquire and purchase a variety of technologies needed to manage the program.
The brand ultimately chose to buy the Fortress solution rather than build the solution internally. Fortress deployed its advisory team to implement an on-going risk management program while Fortress’ delivery team deployed managed services to execute all the facets of the program. Fortress’ managed services included both technologies to manage (automate and orchestrate) the program, but also dashboards, continuous monitoring and threat intelligence to mature the capabilities of the program.
- Built security framework and obtained broad stakeholder buy in across organizational silos. The final framework was NIST adopted to the specific needs of the business.
- Implemented and managed vulnerability management and third-party risk programs focused on critical OT assets. The risk-based programs designed, staffed and managed by Fortress included identifying high risk assets and vendors, assessing same for control weaknesses and vulnerabilities and resolving identified findings directly with the business owners and vendors.
- Implemented dashboards to benchmark and communicate findings and remediation obstacles to stakeholders. The dashboards were enabled by the Fortress Platform. The All findings from asset and vendor vulnerability and control assessments were logged and managed into the Fortress Platform.
- Met six-month deadline! Fortress had all of the solution components in place enabling it to move quickly. Also, as an expert in critical infrastructure, the assets and vendors were well-known, and Fortress hit the ground running.