Situation
NCC Group provided security reviews and threat modeling services for a utility company in the North of England, which provides essential water services across the region.
The organization provides these services across council areas and military bases, meaning that a robust supply chain and high-level security in place are imperative for its operation.
This also means that the organization must be aware of all potential security risks and have the necessary processes and procedures in place to mitigate any potential attacks.
At a Glance
Organization: Large Water Supply and Treatment Company HQ in Bradford, UK
Industry: Utilities
Challenge: NCC Group was approached to provide an independent program of penetration and security assessments, focussing on vulnerabilities and security risks
Solution: NCC Group performed a comprehensive review covering a wide range of services, including infrastructure, applications, threat modeling, code review, and web services
Result: The company now has the right security in place to enable them to withstand third-party attacks and continue providing water and treatment services for their customers
Challenge
The organization initially approached NCC Group to provide penetration testing services, but the services that NCC Group provides have evolved throughout the years and now include threat modeling and strategy.
The suite of services that NCC Group provides for the utility company ensures that the organization is well protected against attacks on its infrastructure, causing fractures in its supply chain and security breaches. The main objective for the client is to identify known and unknown vulnerabilities and to demonstrate where weaknesses may exist that could lead to unauthorized access to sensitive information.
Solution
NCC Group has utilized a team of 700 testers across the several years that we have worked with the client to provide a mix of remote and onsite reviews. These reviews cover a wide range of services, including:
- Penetration testing
- Infrastructure testing
- Code reviews
- Web service and application testing, including Azure
The program of penetration and security assessments that NCC Group provides includes:
- Identifying any weaknesses that could be exploited by an attacker aiming to compromise the confidentiality, integrity, or availability of systems and data
- The threats facing the company’s information assets so that the level of risk can be quantified and addressed
- A thorough and comprehensive penetration test covering policy, procedure, design, and implementation
NCC Group analyzed the weaknesses detected, evaluated the impact and probability of exploitation associated with each security weakness, formulated corrective actions, and provided recommendations for mitigating the risks associated with the vulnerability.
Result
The relationship between the client and NCC Group has evolved over the years, and now, in addition to providing penetration and security testing services, now includes a suite of bespoke strategic and tactical guidance.
As the organization now has a stable and consistently monitored security posture, NCC Group is able to bolster its security further by providing services, including threat modeling. This analyses the potential avenues that threat actors, including nation states (which are some of the biggest threats to utilities providers), will likely utilize, and arms the organization with the necessary knowledge and guidance to defend against them.
NCC Group has also introduced an ‘incident room,’ which aims to simulate real-life attacks to ensure the organization has the proper procedures and processes and, more importantly, can utilize them effectively in the event of an attack.
Get Started on Your Cyber Security Journey
Our experts are ready to help you stay ahead in a constantly changing threat landscape. Contact us today to learn more about what NCC Group can do for your organization's unique cybersecurity needs.