Case Study

Scaw Metals Reduces 20% of Risk Mitigation Effort and Increases Cybersecurity Maturity Using CYE

Download PDF
icon

Industry

Manufacturing

icon

Employees

2000+

icon

Headquarters

Johannesburg, South Africa

icon

Revenue

$400 million

About the Company

The Scaw Metals Group is an international group, manufacturing a diverse range of steel products. It supplies industries including global construction, power generation, mining, marine, and engineering. The company’s key operations are in South Africa and Australia, and it has a smaller presence in Namibia, Zimbabwe, and Zambia.

The Challenge: Gain a Clear View of Cyber Risk Posture

As the head of IT and CIO for Scaw Metals, Lambros Karropoulos was tasked with ensuring the efficiency of operations of all IT and information assets, but he knew that Scaw Metals faced obstacles with its cybersecurity. The company, which was established in 1924, had a complex environment with many legacy systems that impeded visibility into its cyber risk posture.

Karropoulos needed to get a better sense of Scaw Metals’ cyber gaps and how to mitigate them. He decided to work with CYE because of their excellent track record and the initial engagement discussions.

“I felt incredibly comfortable and very impressed with the capabilities that CYE demonstrated and, of course, how quickly they understood our environment and our needs from the very beginning. Before we had even signed an agreement, we were very confident that CYE was the best-of-breed partner we were looking for to improve our maturity assessments and cyber posture.”

Lambros Karropoulos, Head of IT and CIO, Scaw Metals Group

The Solution: Comprehensive Assessment and Clear Results Through Hyver

After assessing Scaw Metals, CYE compiled a long list of mitigation strategies to implement that would improve the company’s cyber posture, including awareness, training, and operations. Some of the major gaps that CYE uncovered were within the company’s OT environment, which was initially isolated from the IT network. According to Karropoulos, there were over 100 data point changes that were implemented with the help of CYE.

“There were deficiencies, weaknesses, and risks that we were not aware of,” he said, “and CYE’s initial assessment allowed us to identify those and to begin working proactively on them.”

For example, one of the major issues CYE identified was a weak password policy. Yet CYE’s team went beyond merely providing recommendations.

“Unlike traditional penetration testing that just provides you with findings and a few recommendations, CYE really partnered with us,” Karropolous explained. “They helped us better understand findings, what the recommendations were, and assisted and guided us through the process of reducing the risk in those identified areas without any operational impact on the environment.”

Scaw Metals’ team also found Hyver, CYE’s cyber risk quantification platform, to be extremely helpful for understanding assessment results and keeping track of mitigation actions. They especially appreciated being able to see risk and impact on one dashboard so that they could easily focus on cyber risk mitigation goals.

“Hyver is superb and incredibly intuitive. There are no performance issues, and the enhancements that we’ve seen over the last two years show that CYE is constantly evolving the platform to better suit us and other customers.”

Lambros Karropoulos, Head of IT and CIO, Scaw Metals Group

The Impact: Peace of Mind, Reduced Effort, and Improved Cybersecurity Maturity

Working with CYE, said Karropoulos, helped Scaw Metals understand their environment, identify risks, and receive assistance with closing and mitigating many of those risks.

“It makes us feel a lot more confident that we’re safeguarding and protecting our environment,” he said, “both from external threat actors as well as internal, accidental, and malicious users.”

CYE has also reduced a significant amount of effort by recommending succinct and detailed mitigation actions so that Scaw Metals’ security team can make changes prescriptively instead of trying to guess what needs to be done.

“I would say that from a cyber and digital transformation point of view, CYE has saved us 20% effort, in that we don’t have to research, audit, and check our results with a third party to see if we’ve done it right,” Karropoulos said.

He also noted that CYE enabled Scaw Metals to improve its cybersecurity maturity “drastically and dramatically” while also benchmarking with similar organizations.

“As we’ve become more mature, CYE’s team has been superb in recommending what needs to be done to ensure that we remain on top of things from a cyber point of view.”

Lambros Karropoulos, Head of IT and CIO, Scaw Metals Group