COVER STORY
If we didn ’ t have the right level of cybersecurity and the maturity levels that we are currently obtaining , we would lose that confidence from our customer base and reputational damage is the hardest to repair . the ground and start monitoring and reviewing our environment . Then from that into a 24 / 7 SOC , which happened around six months ago and that ’ s using one of Microsoft ’ s security partners .
The other elements included doing vulnerability scanning , making sure I was fully aware of the vulnerabilities that the group faced but also to then build out a remediation plan to fix that .
The final thing I wanted to do was more testing . The group has done a large amount of development and building out the infrastructure and the networking . So , where some retailers have outsourced these environments , Frasers has kept them all in house . Keeping them in house is good from a control perspective , but you don ’ t necessarily have that right rigour or someone kicking the tires if you ’ re just doing it all yourself .
As a self-proclaimed global , multi-brand powerhouse , how important is maintaining a strict cybersecurity posture for Frasers Group and how do you continue this ?
It ’ s hugely important because of the greater aspirations of the group . If we didn ’ t have the right level of cybersecurity and the maturity levels that we are currently obtaining , we would lose that confidence from our customer base and reputational damage is the hardest to repair . So , we focus on ensuring that we continually strive and modernise what we ’ re doing from a cybersecurity perspective , in order to stay on top of people attacking our organisation .
In terms of continuity , we need to make sure that we are aware of those vulnerabilities and that we fix those but also not rest on our laurels concerning our investments over the last year and a half . We ’ ve brought in some hacking technologies , Tanium being one of them , and then built out what we ’ ve done with Microsoft . But we need to ensure that we ’ re continually looking at best-in-breed for everything we ’ re doing and that ’ s from a firewall perspective . Everything that we ’ ve invested in over the last 10
We need to ensure that we ’ re continually looking at best-in-breed for everything we ’ re doing and that ’ s from a firewall perspective .
or so years is probably getting to a stage where we need to modernise it . So , we ’ re looking at improving and considering next steps .
We want to make sure that more modern concepts are being brought in alongside a modern way of working – so putting the security down to the users rather than bringing users up to the security .
Since the pandemic , many senior leaders have had to rethink their digital / security strategies – has this been the case for you and if so , what steps have you taken ?
Yes , however , we were already going down the route of cloud-first and of Microsoft licences and 365 . So , arguably , we were already on that journey but it probably has accelerated to doing some of the good practices around it like Multi-Factor Authentication and making sure cloud environments are fully locked down and secure . So it ’ s enhanced and accelerated what we were already doing .
How are you better able to manage risk since rolling out Tanium across your stores ?
It ’ s not just across the stores , but in head office environments too . It ’ s really increased our risk maturity because before Tanium was rolled out , it was really , really hard to locate devices . u www . intelligentciso . com
53