Assessing the effectiveness of a Cyber Programme in the F&B sector
A food and beverage company, headquartered in US. They are one of the country’s largest producers, distributors and marketer of branded processed food within the retail market. They continue to implement cost-reduction and productivity-enhancement programs, and invests in new technology and equipment to maintain its leadership position in the industry.
The customer embarked on a security uplift program back in 2018 with the ambition to drastically increase the cyber resilience of its information, technology and operations. After they completed the program implementation, the customer wanted to understand the effectiveness for the newly implemented security controls (mix of firewalls, network refresh, NAC, Encryption, DLP and APT) and ensure the security ROI of the associated investment is maximised.
Theos delivered a Security Programme Review that covered four security domains: (1) Network Architecture & Segmentation (2) Endpoint Encryption (3) Data Loss Prevention (DLP) and Advanced Persistent Threat (APT) Prevention.
The assessment methodology for each of these domains combined several key elements, which starts with a (1) review of project scope and objectives (2) solution design and implementation (3) review of configurations, and ends with penetration testing and/or bypass of security controls to fulfil two objectives:
- Assess the effectiveness of the newly implemented security controls.
- Identify potential gaps and opportunities to further uplift the security maturity
Security values delivered to the customer:
- Identified major gaps in several domains and provided recommendations to mitigate key findings based on security best practices.
- Provided actionable insights to enable the customer to drastically improve its security posture