Our client is a major water company that supplies more than 650,000 customers in the UK. They recognised the need to minimise the risk of any disruption to water supply from a cyber attack, which would significantly undermine customer confidence.
The client identified that their key vulnerabilities arose from external connections to their own IT and decided to carry out a security assessment to test how well their operations were protected in these areas. They engaged a multi-disciplinary team, including representatives from 7Safe, PA’s technical security practice, to provide specialist ethical hacking expertise and make recommendations on how to address any problems.
The team’s testing focused on whether it was possible to access sensitive company information from outside. This included checking remote log ins and the security of the laptops and communications used by field engineers. We also assessed the robustness of the company’s firewalls and external facing web applications, including applications for collaborative working with their partners.
In working with the client, we were able to provide real insight into the thought process of an attacker, outlining possible attack scenarios and their implications. As a result of our work, the client gained a clear understanding of the gaps in their security protection and a detailed set of recommendations on how to improve the security of their links to the external world. We also raised the level of security awareness across their technical team.
The client is now working to implement these recommendations, which will give them confidence that their operations are secure and that the integrity of their systems is uncompromised. As a result, the company can continue to deliver water to their customers safely and reliably.
To learn more about PA's work in this area or to speak to one of our experts in this industry, please contact us now.