• Company: Gain Health
  • Contact: IT Director
  • Vertical: Charity
  • Location:London
Customer Overview

GAIN is driven by a vision of a world without malnutrition, in which all people have access to and consume nutritious and safe food. GAIN’s mission is to advance nutrition outcomes by improving the consumption of nutritious and safe food for all people, especially the most vulnerable to malnutrition.

Requirement

GAIN are an organisation with a global footprint with staff spread over the world; building a security aware culture in such an environment has its challenges. From a corporate culture with a focus on the carrot of the benefit of security awareness, rather than the stick of mandatory compliance, to multiple languages that need supporting, and with traditional testing templates not being suitable for the audience, a tailored approach was needed.

Solution

Saepio were selected as a partner to work with GAIN to improve their security awareness culture. Taking into consideration the location of their users, it was evident that an off-the-shelf package wouldn’t be appropriate. The service delivery team at Saepio took the time to understand the user base at GAIN, and what approach would yield the best results. By echoing the language of GAIN’s corporate communication to drive engagement, and using appropriate templates for staff in Africa, India and Malaysia, GAIN have seen encouraging results.

Outcome

Through the efforts of the Saepio team, GAIN have seen an uptake in engagement across their global user base. The efforts in awareness raising are ongoing, but with a specific approach taking the unique conditions and territories that GAIN operate in, they are confident that the behaviours, and ultimately the security culture that they are looking to develop will be successful.

  • Company: Adrian Flux
  • Contact: Business Support Manager
  • Vertical: Insurance
  • Location:Kings Lynn
Customer Overview

Adrian Flux are an industry leader in household and specialist motor insurance as well as providing insurance for a wide range of other products, including motorcycles under their Bikesure brand. Their corporate family have over 45 years experience in arranging insurance for every kind of home or motor imaginable.

Requirement

Adrian Flux had a need to unify security monitoring encompassing logging, vulnerability management and assessment of their application risk. Ensuring that all log sources, including Adrian Flux’s other security tooling were centralised was a key requirement to ensure alerts could be properly triaged. Bringing similar clarity to Adrian Flux’s vulnerability management process meant having the right data to bring true risk prioritisation to inform their remediation program, in order to maximise IT team time.

Solution

After careful evaluation, Rapid7 was chosen to treat the identified areas of risk. Using Rapid7 InsightIDR and InsightVM through the single Insight platform, SIEM and vulnerability management solutions were deployed. This enabled the collection of both foundational log sources, but also all the relevant third party event sources to streamline investigation. Leveraging InsightVM brought continuous visibility of the riskiest vulnerabilities in the estate to allow for efficient and contextual remediation.

Outcome

Significant time savings in monitoring key events and streamlining investigations, as well as halving time needed to remediate high and critical vulnerabilities within 14 days.

  • Company: Barnett Waddingham LLP
  • Contact: IT Partner
  • Vertical: Financial Services
  • Location:London
Customer Overview

In 1989, Barnett Waddingham started with a vision - one that is still as strong today. Their promise? To do the right thing. Barnett Waddingham is a leading independent UK consultancy at the forefront of risk, pensions, investment and insurance, with a continued and long-term commitment to delivering value to their clients.

Requirement

With the increasing likelihood and impact of security incidents, Barnett Waddingham take a mature approach to continually improving cyber resilience. With the business growing in terms of staff and clients alongside the adoption of cloud applications and remote working, a drive to enhance technology controls and processes to prevent, detect and respond to incidents was undertaken. The goal was to improve security with minimal impact on operational overhead.

Solution

Working with Saepio, an ecosystem of integrated best of breed security tools was architected and deployed to replace and enhance the numerous point controls in place. This future state security architecture involves technology that integrates seamlessly, bi-directionally shares threat intelligence and sends all relevant events and alerts to a centralised security operations platform which automatically triggers appropriate incident response actions.

Outcome

With the integration and automation present in the new security ecosystem, coupled with good processes in the Barnett Waddingham team, employees, systems and data are better protected from cyber threats and in the event of an incident, the ability to detect and trigger rapid response ensures the impact is minimised. Importantly, the elevated stance of cyber resilience does not burden the operations team.

  • Company: Hobbycraft
  • Contact: IT Director
  • Vertical: Retail
  • Location:Branches Nationwide, HQ Christchurch, Dorset
Customer Overview

Founded in 1995, Hobbycraft has since grown to a nationwide business with over 100 stores across the UK, ready to support and inspire an ever-expanding variety of crafts. Hobbycraft also has a thriving eCommerce business, which has seen significant growth in demand since the Covid pandemic in early 2020.

Requirement

A key focus for Hobbycraft has been to mature the IT Security of the organisation. Under the guidance of IT Director – Matt Louth, a decision was made to undertake a raft of improvements in line with Best Practice Frameworks, specifically Cyber Essentials Plus, with a longer-term target of ISO27001. As a well-known and respected retail brand, and with an ever-growing online business, protection of the brand, digital assets and customer data is paramount.

Solution

Saepio has been engaged as a partner to help create and manage the security improvement plan and deploy best-fit solutions and services. Following an initial security audit, it was highlighted that regular penetration testing would both be a measure to practically assess the internal and external security controls, as well as help work towards the compliance initiatives. Saepio introduced our testing partner – Pentest People, as being ideal for Hobbycraft to work with. Pentest People have worked with a large number of our customers, with universally good feedback on the engagement, quality of work and value for money. Since 2019, Pentest People have conducted a wide range of testing over Hobbycraft’s Internal, External, Wi-Fi and Website.

Outcome

The continued success of this engagement has firstly affirmed the pro-active measures that Hobbycraft has been spearheading, and secondly has drawn attention to any areas that may need addressing before a situation could arise. As part of a long-term relationship with Saepio and our specialist partners such as Pentest People, Hobbycraft will be guided through the oftentimes labyrinthian Cyber Security landscape. Taking a risk-centric view, and focusing on the right balance of Policy, Products and People to meet their goals and initiatives.

  • Company: Wright Hassall LLP
  • Contact: IT Director
  • Vertical: Legal sector
  • Location:Leamington Spa, UK
Customer Overview

Many people comment on the Wright Hassall name, asking whether it is a gimmick. But it isn't; Wright Hassall has been supporting individuals and businesses in Warwickshire for over 170 years and has been awarded the nation’s leading regional law firm.

Requirement

With threats evolving fast and information protection increasing in importance, Wright Hassall embarked on a security improvement drive to align the firm with Cyber Essentials and ISO 27001 best practice. Being a leading regional law firm, confidentiality and integrity of data is paramount however it also needs to be easily available; to employees via cloud adoption and clients through digital services.

Solution

Saepio were engaged as a partner to aid with the security improvement plan and deploy best fit solutions. Following a security review, it was apparent a number of point products had been organically adopted over time to address specific security challenges. To reduce the quantity of independent management consoles, support contracts and subscription charges, a number of these products could be consolidated into a single technology platform delivering clear security, administrative and commercial benefits. Additionally, most controls focused on preventing cyber threats therefore incident detection and response capabilities were implemented to provide security visibility across the firm.

Outcome

The successful implementation of a market leading Next Generation Enterprise Security Platform consolidated multiple technologies into a single solution that delivers advanced threat prevention, improved control and simplified management. Coupled with a cloud SIEM, threat detection and incident response tool, Wright Hassall have confidence in complying with best practice security standards.

  • Company: Pizza Express
  • Contact: IT Director
  • Vertical: Retail
  • Location:Uxbridge, UK
Customer Overview

With approaching 600 restaurants around the globe, 2 main office locations and in excess of 10,000 employees, PizzaExpress manage and secure a broad IT estate. The company brand is well recognised and trusted so protection of customer data against compromise is paramount to maintaining a positive reputation.

Requirement

The General Data Protection Legislation posed new data security challenges for PizzaExpress. Although robust controls were in place to protect information and the infrastructure, the desire to align with latest security best practice resulted in the initiation of an improvement project.

Solution

PizzaExpress appointed Saepio’s expertise to conduct a ‘state of the nation’ review of security polices, products and processes mapping specifically against the GDPR legislation. The findings were presented to stakeholders of the business and a logical action plan was defined to remediate risk in order of priority. In partnership with the PizzaExpress IT and GRC departments, Saepio continue to help implement best fit solutions that fulfil the security improvement strategy and sustain compliance ongoing.

Outcome

PizzaExpress embarked on a journey to mature data security policies, products and processes. As an extension of the PizzaExpress team, Saepio’s industry knowledge ensured optimal use of budget and resource to reduce risk and improve security with the result being protection of their valued customer data and well-loved brand.

  • Company: BDO
  • Contact: CIO
  • Vertical: Professional Services
  • Location:London, UK
Customer Overview

BDO are a ‘top five’ global accounting firm with 74,000 people working out of 1,500 offices across 162 territories. They provide tax, audit and assurance, advisory and business outsourcing services to companies across all sectors of the economy. Confidentiality, integrity and availability of the firms data is vital.

Requirement

To best protect the firm against the evolving threat landscape, BDO UK embarked on a security drive to further improve already robust security controls and processes. Saepio were engaged as a partner to advise and assist with the implementation of best fit solutions achieving high standards of data protection while giving BDO employees the access and flexibility to work more effectively.

Solution

Like most firms, email is a business critical tool. This is especially true for BDO. With over 90% of successful cyberattacks starting with a malicious email, securing this essential communication medium is always a high priority. Ensuring email is always on for the global workforce and that any email sent or received can be easily retrieved aids business productivity and compliance.

Outcome

Successful implementation of the market leading email security, continuity and archiving service provides BDO with advanced protection against all type of malicious email. Employees have additional methods to seamlessly access their email avoiding any downtime, plus all email sent and received is safely stored and easily accessed whenever and wherever required. The IT and Security departments at BDO have central visibility and control over email and can confidently adhere to compliance and best practice requirements.