Transforming BW Group’s cyber security with a risk-centric approach
Our new cyber threat management programme is delivering a closed-loop approach to tackling business risk.
In 2017 we began working with BW Group to implement a wide-ranging security transformation programme. As one of the world’s leading maritime groups who provide energy transportation, infrastructure services and renewable solutions across the energy value chain, a robust cyber security approach is critical to ensure uninterrupted business continuity.
Looking to the future, BW Group set out to build a next generation cyber platform to meet growing business demands and evolving needs. They began a cyber maturity journey that would protect them in an emerging threat landscape.
Building a visionary security architecture and laying the foundations for a Zero Trust approach was a timely move, enabling BW Group to switch seamlessly to secure remote working when the pandemic began. Now, as office working re-emerges, the company is able to flexibly scale their security to meet new needs.
BW Group wanted to put robust security at the heart of their operation. Patric Desanti, BW Group’s VP and Head of Group IT and Digitalisation, formulated a vision of what success would look like and how BT could help him realise it. He knew that it must involve a cyber maturity journey, beginning with generating accurate and actionable cyber risk insights that he could swiftly raise to board level.
His ambition was to create a closed-loop threat management programme that picked up vulnerabilities, assessed, contextualised and prioritised them and then tracked the results of any action, before feeding learnings back into the system. Establishing a new cyber risk frontier specific to business lines and their critical assets was essential to managing BW Group’s cyber risk exposure as they positioned themselves for the future.
I could see that our cyber threat levels were increasing, as cyber attackers moved away from focusing on the financial services industry to target other traditional sectors like maritime. It was critical that we embarked on a significant cyber maturity journey, shifting from a reactive security posture to a proactive one, identifying threats early, assessing their risk and taking action to protect our business in an increasingly sophisticated virtual environment. BT helped us to identify the capabilities we need and was able to deliver on those.”
We helped transform BW Group’s approach to manage cyber threats with a proactive, real-time programme that focuses on key vulnerabilities.
Our service follows risks from early identification through to resolution, including:
- assessing risk and determining priorities by combining information on the criticality of the asset and its current resilience
- internal and external scanning to detect adversaries combined with intelligence on the broader threat landscape, such as the National Vulnerability Database and our global Security Operations Centres
- building integrated firewalls, network devices and threat detection controls into the network to determine security gaps and identify any exposure vulnerabilities
- using hot spot analysis and attack simulation to identify and address risk-causing vulnerabilities
- upskilling internal teams and ongoing consultation and management services.
In addition, as more of BW Group’s applications move to the cloud, we also assist with conducting due diligence and third-party risk assessments.
BW Group now know that their business-critical systems are protected, no matter how quickly new cyber threats emerge. They’re confident they can proactively reduce the chance of a cyber attack or data breach - now they focus on the most critical vulnerabilities by quantifying and prioritising risk exposures. This has also unlocked savings, cutting risk assessment costs by 90% and cutting patching costs by 50%.
Their threat management programme is embedded into the business as a mature, closed-loop process that tracks and learns from activity results. Now, the exposure time to critical risks is less than 24 hours, down from weeks or months, and practical remediation plans are generated quickly. This frees up BW Group’s security experts to focus on other tasks.
It’s been a pleasure to bring BW Group’s vision to life, bringing together aspects of our global security practice to deliver a platform that prepares them to meet any security challenges that may emerge in the future. They now have the cyber outcomes they wanted, and continue to move forward with their transformation, keeping their cyber risk within their tolerance range. We look forward to continuing to support BW Group on their cyber maturity journey.”