—Anna-Lisa Miller Group CISO at Spectris
In the past, Spectris faced some cybersecurity management challenges connected to its network of subsidiaries (operating companies) and continuous M&A activity. Each operating company is completely autonomous, with its own executive committees and security teams. In total, the organization has eight operating companies (although at times has had more than 10) with locations around the world and 7,650 employees. Previously, their network consisted of a high number of moving parts, with an expanding attack surface that was becoming unmanageable. When security management tools were brought on to help locate the risky parts of their network, it was difficult to prioritize all of the data that they now had access to.
This scenario made it hard to identify the exact risk areas to focus remediation efforts on. As Anna-Lisa, Group CISO at Spectris says, “We wanted visibility – we needed to see what we had and where our problems were.” Given their expanding attack surface, without the right, trusted information about their vulnerabilities, Spectris realized they needed a tool to better manage the risks across their large network.
- Anna-Lisa Miller, Group CISO at Spectris
Spectris looked to BitSight’s Security Performance Management (SPM) solution to address the challenges faced by their organization. BitSight’s solution provides the tools needed to help the business leaders and security teams across their several lines of business. BitSight helps Spectris get a manageable view of the main challenges and historical progress in their network, specifically with the Enterprise Performance tool.
Spectris gets cybersecurity information from an additional vulnerability management tool, but BitSight is now the driver, leading prioritization of the most pressing issues from an external viewpoint of Spectris’s network. BitSight’s Remediation Strategy tool is used to fine-tune their risk management process and prioritize activities to see the biggest impact. “We get rich information from our vulnerability management tool, but we use BitSight to better understand external facing issues and fine-tune the prioritizations,” says Miller.
After showing each operating company executive committee their rating, as well as the overall company BitSight rating to their board of directors, it has become easier to commit to actionable cybersecurity program results, including improving their rating over time. BitSight ratings also provide a quantifiable way to see progress being made across Spectris’ subsidiary security programs. “The company’s teams see how their efforts and work are resulting in clear, incremental improvements,” states Miller.
BitSight’s solution provides added visibility and improved issue identification and remediation, but it also assures access to top benchmarking tools for effectively reporting to the board. “BitSight metrics are seen by all of our security professionals and all of their executive leadership on a monthly basis” - Anna-Lisa, Group CISO at Spectris.
- Anna-Lisa Miller, Group CISO at Spectris
BitSight’s SPM solution was key to giving Spectris the ability to prioritize actions, namely by providing the means to understand where the main security issues could be found, and prioritizing accordingly. The increased visibility with BitSight allowed Spectris to update their ISP information and reduce their number of open ports, which helped secure their network against the recent HAFNIUM breach.
BitSight’s reporting metrics are now used monthly by all the executive teams for each subsidiary and are shared with the overarching Spectris board. The Spectris cybersecurity team can now set goals and demonstrate measurable progress to their board, putting meaning behind their investment in cybersecurity. “The single pane of glass helps the various leadership to get a better view,” says Miller.
After deploying BitSight’s SPM solution, Spectris has improved internal and external visibility. The company has a clearer picture of where the main issues are, and the decision-making process is supported with reliable and trustworthy information due to the “one pane of glass” approach with BitSight. As Anna-Lisa Miller puts it, “We like the ability to prioritize the action we need to take – it isn’t just noise. I like the way we can very quickly see where the root causes lie, along with the corresponding solutions.”
Spectris is now using a powerful and centralized tool that is very easy to implement into their other program processes, and they’re seeing ongoing program maintenance and hygiene benefits as a result. With BitSight for Security Performance Management, Spectris is able to have a broader, trusted view of the risk across its operating company network and can locate and remediate risks more efficiently.
Spectris provides high-tech instruments, test equipment, and software for many of the world’s most technically demanding industrial needs. Spectris benefits from having competitive and differentiated offerings in attractive, tech-driven end markets.
Learn more at spectris.com