September 10, 2024 at 04:44PM
LV= is a leading UK company offering pension, savings, insurance, and retirement services. It hired an accounting firm to assess its cybersecurity, revealing low maturity and outdated security controls. Chief Information Security Officer Dan Baylis rebuilt the security infrastructure, implementing new tools and training programs to enhance the company’s cybersecurity posture and improve employee security awareness.
From the meeting notes, it is clear that LV= recognized the need to modernize and strengthen their security infrastructure. The initial assessment by the chief information security and data officer revealed significant gaps and limitations in the existing security stack, prompting a comprehensive overhaul of the company’s security infrastructure.
Key takeaways from the meeting notes are:
1. The existing security infrastructure lacked modern security controls and the ability to measure the effectiveness of security controls.
2. The company’s executives were unable to make data-driven security decisions due to the rudimentary security infrastructure.
3. The company embarked on rebuilding the security infrastructure, starting with implementing a breach attack and detection system (BAS) to monitor for security blind spots and continuous security testing.
4. LV= also chose tools like Cymulate’s BAS solution, Axonius for continuous control monitoring, and SecurityScorecard to benchmark its security posture against peers.
5. The company achieved significant improvements in its security posture, as evidenced by receiving an “A” rating from SecurityScorecard after making hundreds of changes.
6. The focus has now shifted to supporting the human side of security, including implementing phishing tests and training for employees and enhancing email infrastructure.
Overall, LV= has taken proactive steps to address its security vulnerabilities and aims to enhance both cyber resilience and security awareness throughout the organization.