How PTS helped their client protect their customer data
We live in a world in which digital threats are becoming increasingly sophisticated and high-profile hacks regularly
make the news. That’s why ironclad cybersecurity and robust data protection have never been more critical. This was the challenge faced by a multinational insurance group, which recognised the growing sophistication of cybercriminals and the potential consequences of inadequate security measures.
First and foremost the client wanted to do the right thing by their customers, by ensuring no stone was left unturned to protect their data. At the same time, the insurance group feared that a significant breach could:
- Inflict lasting damage to their reputation
- Trigger a client exodus
- Lead to heavy regulatory penalties and substantial remediation costs
To address the security challenges faced by the insurance company, PTS led a comprehensive multi-year security transformation programme that improved the client’s overall security posture, and thus their security maturity.
This programme was proactive – measures were taken to get ahead of problems before they occurred.
Flexibility was another important feature – regular assessments were conducted to allow PTS to adapt the programme to evolving threats and technology advancements.
The 6 big challenges PTS overcame
PTS had to overcome six major challenges to successfully deliver on the programme objectives:
1. The size and scope of the project
Because this was a vast, multi-year project, we couldn’t do everything all at once. So we had to prioritise cyber risks based on their potential impact on the client and their customers.
2. A complicated technology ecosystem
The client had a mishmash of legacy and modern IT systems, with different vulnerabilities and security protocols. This made the company more susceptible to cyber attack.
3. Numerous potential vulnerabilities
The client had diverse operations across multiple countries, with many integrated environments and interconnected
systems. This increased the number of potential vulnerabilities.
4. Onerous training demands
We had to educate numerous staff – across different departments, teams and countries – not only about specific security best practices but also the big picture around cybersecurity. That’s because cybersecurity depends as much on human behaviours as technology
5. Competitive pressures
The client had to balance getting new products and/or services to market quickly with taking the time to ensure they had no security vulnerabilities.
6. Ever-evolving security threats
The cyber threat landscape continued changing throughout the project, with attackers growing ever more sophisticated.
The five ways PTS transformed the security environment
In partnership with our multinational insurance client, PTS implemented a proactive and comprehensive multi-year security transformation programme.
To ensure the program’s success, we collaborated closely with the client’s IT teams, risk management staff and executive
leadership, which were spread across different countries.
This programme had five main priorities …
1. Strengthening core infrastructure
To strengthen the client’s core infrastructure, they reduced the attack surface by identifying all the different infrastructure components and then consolidating them down.
For example, they consolidated data centres to reduce potential vulnerabilities and streamline operations. They
also consolidated active directories to reduce complexity, minimise potential access points and strengthen overall security.
The company also implemented next-generation firewalls, such as Imperva, to bolster their ability to detect and prevent sophisticated cyber threats.
2. Simplifying internal systems
The client conducted a comprehensive audit of all their applications and infrastructure, and then decommissioned the unnecessary and outdated ones. This simplification process:
- Minimised the overall attack surface
- Eliminated potential points of vulnerability
- Reduced inefficiencies within the business
3. Migrating to the hybrid cloud
For security and efficiency reasons, we prioritised migration to the hybrid cloud, reducing the client’s reliance on traditional on-premises infrastructure.
4. Conducting ongoing upgrades
The client implemented a continuous upgrade programme to ensure that systems and software remained up-to-date with the latest security patches and updates.
5. Enhancing cyber security
To detect and respond to security incidents promptly, the client introduced enhanced logging and monitoring
mechanisms.
To strengthen security education and awareness, the company:
- Conducted more phishing simulations
- Organised more employee training programmes
The programme’s critical success factors
One of the main reasons the security transformation programme was so successful was because PTS was able to build a strong relationship with the client.
Through prior experience of a combination of PTS’ skill, experience and collaborative approach, the client had the confidence to embrace the programme and ensure it was followed through to implementation.
This teamwork and leadership was reflected in seven ways …
1. Comprehensive planning
We created a detailed roadmap for the programme, which meant it had a clear, structured approach from start to finish
2. Thorough staff engagement
We secured buy-in from senior leadership and key stakeholders, by actively engaging with them through workshops, showcases and presentations, and effectively communicating the importance of the programme
3. Strategic staff training
Whenever the need arose, we conducted targeted training sessions for the client’s teams
4. Country-specific solutions
We tailored our approach to suit the different cultural, regulatory and compliance environments in the client’s different countries.
5. Cultural sensitivity
We overcame cultural and language barriers by promoting open communication and cross-cultural collaboration.
6. Ongoing monitoring
We regularly monitored the programme’s progress, to ensure it remained on track and we could make adjustments if necessary.
7. Objective measurement
We proved the success of the programme through quantifiable metrics around improved security, reduced vulnerabilities and enhanced incident response capabilities.