“SXiQ has provided our business with a comprehensive, highly capable, and importantly highly visible cyber security function to support our aspirations to use data and innovation to help our customers reach their customers. We now have a vastly improved cyber posture across our entire business, with fewer security incidents and faster response and recovery times for known threats”.

Head of Enterprise Platforms  

 

Background/Scenario:

This organisation is a leading marketing services organisation who provide a range of services from honest marketing advice through to digital marketing platforms and services and related support.

This organisation has an extensive information systems and technology (IS&T) landscape, running mission critical applications to support the company’s various lines of businesses.  Central to their business is Cyber Security, in particular data security, that plays a key role in protecting the company’s corporate data, customer data and IS&T investments. The company engaged SXiQ to provide an enhanced, focussed, and effective cyber security service to support their growth strategy. The key requirements included broad security services from policy, procedures, frameworks to practical security monitoring delivered in a cost-effective manner. SXiQ responded with a high-quality CISO-as-a-Service model, to not only address the businesses immediate operational challenges but to also act as a strategic plank in the organisation’s digital roadmap, in a true partnership model.

The leading marketing services organisation now have clear vision on the scope of Cyber Security gaps, risk domains and opportunities, supported with active ongoing guidance to make informed investment decisions based on business priority and cost.

The Challenge

  • Inadequate information security policies, processes, operations and end-user awareness, posing major and unknown risks for the business
  • No clear approach to Data Security
  • Unaligned business operational support for Information Security
  • Ineffective coverage and visibility of Security Monitoring
  • Ineffective E2E security operations

The leading marketing services organisation lacked a real cyber security strategy, policy, procedures and operational capability to support its changing business landscape; leading to confusion and ongoing operational risk of cyber attacks, potential outages and lost revenue. Since “data” is the lifeblood of their business’, there was no coordinated approach to protecting data and preventing data loss.

Business units were not able to get timely, accurate and high-quality cyber security support and management of threats.

The organisation needed an end-to-end cyber security approach, supported by a viable strategy to provide clarity on existing and future cyber security capability, including current cyber gaps and remediation opportunities, along with an effective SOC/SIEM service providing 24×7 protection.

 

The Solution

  • SXiQ implemented it’s CISO-as-a-Service delivering an E2E Cyber Security strategy, management and remediation service encompassing an end to end view of the organisation that enables risk vs cost prioritisation.
  • Designed and built improved Cyber Resilience capabilities
  • Designed and implemented a framework for Data Security controls tightly coupled with the businesses enterprise architecture function
  • Implemented business cyber support and education programs
  • Implemented 24×7 SOC/SIEM capability

SXiQ developed an end-to-end Cyber Security strategy and 3-year roadmap, with recommendation on prioritisation of cyber initiatives for the first 12 months.

SXiQ’s CISO team created a consolidated Data Security framework that includes data set inventory, data classification, policy and governance; and security controls for data loss prevention.   Operationally, SXiQ’s CISO team implemented Advanced Threat Protection and Endpoint Protection and Response (EDR), IT Asset Management, improved OS/Patching, and reducing gaps in integrating systems for Identity and Access Management.

A systematic business-wide user education and awareness program was designed, implemented and operated to drive greater user security adherence and protection.

A new, comprehensive 24×7 Security Operations and Security Incident & Event Management capability was implemented providing round the clock protection.

 

The Results

  • E2E CISO-as-a-Service model delivering visibility of threats, gaps, and opportunities, enabling a strong cyber security and data protection posture.
  • Vastly improved end-user security awareness across the business, helping align Board and Management expectations of security with end-user behaviours
  • Greater resilience and responsiveness to threats through enhanced security operations model
  • Stronger cyber security foundations for the business to pursue radical customer engagement projects, ultimately enabling their strategic growth whilst protecting their IP.

SXiQ deployed a new, comprehensive E2E CISO-as-a-Service delivering unprecedent and continuous visibility of threats, gaps, and opportunities enabling this leading marketing services organisation to proactively maintain a strong cyber security and data protection posture.

Through am in-depth end-user security awareness across the entire business, SXiQ helped drive a vastly improved security compliance by end-users and helped align Board and Management expectations of security with end-user behaviours.

SXiQ’s newly implemented SOC / SIEM means the organisation now benefits from fewer security incidents, far greater security resilience and responsiveness to threats through an enhanced security operations model improving security incident management, security monitoring, cyber defence, analytics and reporting. Ultimately reducing one of Australia’s leading marketing services organisation vulnerability. Stronger cyber security foundations for the business allows them to pursue more radical customer engagement and innovation project, ultimately enabling their strategic growth whilst protecting their IP.

Katherine Bishop

Speak With Katherine