Case Study
How Rokster Solved Cybersecurity Challenges for Their Client with SecurityGate.io
About the company
Rokster offers services around four main competencies: cybersecurity, artificial intelligence, business intelligence and blockchain. With a team of experts in each of these areas, Rokster has helped a global cohort of companies protect their assets and grow within their industries.
After many recent attacks that have plagued organizations in the critical industries sector, Rokster’s efforts to bolster their clients’ cybersecurity efforts has taken center stage. Recently, Rokster began working with a power-generation client in Latin America who requested an assessment to help them better understand their cybersecurity risk posture.
“Our client had grown aggressively through mergers and acquisitions and had facilities spanning multiple countries,” explained Birolin. “They understood the need to bolster their cybersecurity efforts to mitigate vulnerabilities and reduce risk.”
Tasked with securing a client with a large international footprint and a relatively immature cybersecurity program, Rokster turned to SecurityGate.io’s assessment platform to provide a scalable solution for their consultants in the field.
The Challenges of Their Client
A High Number of Dissimilar Systems
Due their many recent mergers and acquisitions, the power-generation company was operating with a wide array of dissimilar systems. This meant that it would be a logistical nightmare to ensure that all systems were patched and up to date with the latest cybersecurity patches and controls.
Lack of a Formalized Cybersecurity and Governance Team
The power-generation company had very few individuals and no formalized team that specialized in cybersecurity for operational technologies (OT). This meant that there was no central place where institutionalized knowledge in this area was recorded and no long-term cybersecurity strategy guiding this organization’s critical revenue-generating network environments.
Inadequate Visibility of 3rd Party Security Efforts
The company lacked documentation clarifying outsourced vendors’ level of responsibility for cybersecurity. This presented many vectors for attack, coupled with a lack of clear ownership and visibility in the event of a cyber incident.
Compliance Frameworks Varied by Country
Because this power-generation company spanned multiple countries in South America, different locations would have to comply with different frameworks as required by individual countries.
Complementing a Consultant’s Expertise with a Cloud-Based Platform
While Rokster’s consulting talent is known for having a tremendous amount of expertise in a variety of fields, Birolin notes that the company is “not in the hardware or software business.” To better equip his team to serve their clients in this area, Birolin chose to partner with SecurityGate.io as his cybersecurity assessment and remediation platform.
Rokster uses industry leaders in ICS/OT cybersecurity experience. For this challenge, I needed a platform where assessments could easily be broken down into sections, across varying geographic locations to be completed by different Subject Matter Experts working with various internal IT and OT personnel. The SecurityGate.io platform improves efficiencies by which an assessment can be completed and reports generated. Improvements in efficiencies result in the same high quality of work Rokster is known for, with less manual effort and labor costs.
Birolin points out that manually recording assessment data in a spreadsheet often introduces a high degree of human error. SecurityGate.io’s guided workflows prevent accidental errors by “breaking the framework down into consistent, bite-sized pieces where you can go at your own pace, upload corroborating evidence and validate that it is sufficient to meet the standard,” he adds.
And complying with a framework is important not just for a company’s internal integrity, but also for any third-party vendors with which the company contracts. By using SecurityGate.io’s feature for managing third-party risk, Rokster was able to help define workflows to ensure vendor compliance with a specific framework for their client. This was easily done using a limited-access portal through which third-party vendors were required to answer assessment questionnaires and provide evidence that they were complying with the standard.
How SecurityGate.io Helped Streamline Assessments
Automatic workflows for security frameworks provide indispensable guidance for companies striving to ensure cybersecurity compliance, particularly those such as Rokster’s client who have few cybersecurity professionals on staff. Using these workflows, the Rokster consulting team was able to easily define the owners of specific tasks and set up a system that would enable them to provide and validate evidence from their facility. And by storing all this data in a centralized database inside SecurityGate.io’s cloud-based platform, Rokster was able to help their client with governance and insights into their own cybersecurity profile over time, placing them in the driver’s seat going forward.
If you have a consulting practice and are looking to expand your market and grow revenue faster, look no further than SecurityGate.io. Our Risk Management Acceleration Platform is key in helping consultants improve cybersecurity faster for their clients in the critical infrastructure industries. Book a demo today to take a tour of our platform.
#DeleteTheSpreadsheet