Increase security maturity and maintaining compliance for the insurance group
P&V Group is a Belgium based cooperative, providing insurance solutions to individuals, businesses, and the public. Faced with the growing threat of cyberattacks targeting financial institutions, the insurance group turned to Outpost24 for timely vulnerability identification and enhanced security governance
Industry: Insurance Products: Network Security
Building a robust vulnerability management program
Insurance is a highly regulated sector and growth can be impacted if security controls cannot be proved to clients and regulators alike. The security team at the P&V Group must combat this ongoing challenge by ensuring security is a priority throughout the business.
Carlo Werbrouck, Chief Information Security Officer oversees the security including its 1,700 employees and 600 distributed insurance agents, reporting to the group CIO and managing the security governance alongside key security strategies: physical and information security. All three elements are essential to the secure running of the operations and ensuring the business remains compliant with insurance regulations and proving security assurance to their large client base, which is key to achieving their 2022 security maturity targets in the business plan.
To maintain asset visibility and security governance for the entire organization, the P&V Group opted for Outpost24’s network security assessment tools to protect their infrastructure and perimeter. With discovery scans and continuous assessment, it ensures any issues and deviations identified by the security team can be communicated to IT and dealt with quickly in line with their security KPI’s and policies.
Before utilizing Outpost24 Carlo didn’t have structural access to the granular information around CVE’s and threats to direct his decision making. The information on vulnerabilities from yearly and ad hoc pen tests soon became insufficient as the attack surface changed, making it difficult to keep up with new risks.
Carlo and his team now use this information to improve the security posture and prove compliance status for the insurance regulators and clients, which is also essential for the company’s cyber security insurance policy.
Outsourcing VM to increase security maturity and optimize efficiency
As the business grows Carlo encounters the same problems many CISOs face – security resource and skills shortages. Overwhelmed with the threat of a breach, compliance and a growing number of new CVEs, the security team needed a better understanding of their risks vs vulnerabilities and more manpower to handle the day to day work of vulnerability assessment. That’s when P&V Group decided to subscribe to Outpost24’s Managed Services vulnerability management program, so he can focus resource on more strategic projects and provide value add to the business.
The P&V Group regularly acquires new companies to enhance their business, and with that it adds additional challenges. The security team are often asked, on short notice, to identify business risks at acquisition targets and ascertain the security posture as part of the M&A process. Carlo explains, “with Outpost24, we are able to run security checks on these businesses for vulnerabilities during due diligence and provide a full picture of risks to inform key decisions. I can deploy resources in the right places to get the best results and be confident about our ability to resolve any potential issues quickly”. Now they are continuously adding new URLs/IPs for assessment and automated reporting to provide regular information on the biggest risks out there, saving them time from tedious analysis of vulnerability data that's already checked by Outpost24 against the company’s specific security parameters.
During 2020, P&V Group also had to refocus and adapt their security controls when the pandemic hit. However, having a robust security program with support from Outpost24 Managed Services meant the impact was less significant, “we’ve had to move to different technical measures to support our increased remote workforce. The added security assurance Outpost24 provides, gives me confidence that security isn’t an issue as vulnerabilities are continuously monitored and reported on, even when we had to focus our resources elsewhere to reduce the operational burden during the pandemic”.
The P&V Group has achieved greater security controls since utilizing Outpost24 Managed Services to better inform their security decision making.
Looking ahead to 2021 and beyond
Maintaining company-wide security awareness is one of Carlo’s main goals in the New Year. Security awareness within the organization, from top to bottom, is essential for them to achieve the highest level of security maturity. Carlo comments, "Security used to be left behind and now we make it more interesting for people to understand and buy into. The Outpost24 Managed Services team have helped us immensely in providing the insights and tools to manage our risks more effectively which has had a positive effect throughout the P&V Group by making security a top priority”.
Carlo recommends a managed vulnerability management solution to outsource continuous monitoring of internet facing network and application vulnerabilities for companies looking to improve their security resilience. Through hard work and collaboration with Outpost24 they’ve reached a good level of security maturity, which is key to supporting the growth targets set by the board by 2022 - the positive impact has been shared amongst business leaders and helped secure their future security investment.