case studies
Industrial & Materials
HomeCase Studies → Not Everyone Speaks the Same Language, But We Can Translate

Not Everyone Speaks the Same Language, But We Can Translate

Threat Landscape

Manufacturing is now the third most targeted industry sectors by cyber hackers¹. The industry’s drive for innovation and increased reliance on automation and industrial internet of things (IIoT) has heightened its cyber risk. A breach or cyber incident can cause more than a mild disruption; it can pose a risk of defective products, physical damage and even loss of life.

Challenge

Internal and external red team testing was done by a manufacturer’s security team and a competing cyber security firm. Both teams identified the same threats. Yet, executive leadership would not move forward with remediation, leaving the organization vulnerable. Why? The testing results were presented in a 1,000 page report. While the report accurately outlined a cyber security plan, it was unfamiliar to the CEO and CFO. Neither the internal team nor the outside cyber security firm hired were able to clearly communicate the nature of the cyber risk and what it means in business terms to the C-suite.

Solution

After meeting with our leadership, the company’s executive team hired us to conduct another round of red team testing. We did. Our technical specialists entered the network and rapidly moved throughout the environment, escalating to domain administrative privileges, and accessing their guest wireless network. We got our hands on sensitive information including product configurations, unreleased product design and launch plans, and physical blueprints for plants.

Even though we found additional vulnerabilities, we had one crucial skill the other team did not: the ability to clearly communicate cyber security risk from the business perspective. We bridged the gap between technology and business in the presentation of our findings. The company comprehended the impact of their vulnerabilities and began remediation to secure the organization.

Results
  • Successfully penetrated the guest wireless network, and uncovered vulnerabilities extending throughout the corporate network
  • Demonstrated cyber risk and its business impact to the C-suite when other teams couldn’t, achieving remediation buy-in
  • Maintained discretion with our work, securing leadership’s trust and confidence

Understand your risks from a business perspective. Call us:
Americas: +1.212.981.6540
EMEA: +44.20.7061.2200

1. Encite –  a partnership between the University of Derby and Aston University 2019



Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.


Copyright 2021 Aon plc. All Rights Reserved.


Copyright 2021 Aon plc. All Rights Reserved.
Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.