Fowler Welch selects NormCyber to deliver cyber security protection peace of mind. Fowler Welch is a UK supply chain and logistics expert specialising in flexible, reliable and cost effective supply chain services for major names in both supply and retail.
As the frequency and sophistication of cyber attacks in general and ransomware attacks in particular continues to rise, Fowler Welch – specialists in supply chain services for temperature controlled products – asked themselves whether the same thing could happen to them. They had many of the classic and most common cyber security solutions in place, such as anti-virus and email filtering, but quickly realised that in the event of a more sophisticated attack – involving a “zero day” exploit or previously undiscovered malware – they could be at risk of a cyber issue affecting their ability to deliver services to customers.
For a company whose customers include some of the biggest and best known retailers in the UK, and whose reputation hinges on providing a reliable and resilient service, the risk of a cyber attack forcing operations offline and disrupting the flow of goods and services is very real. Not only could such an attack mean significant time spent on investigation, recovery and remediation – it would also incur a cost both financially and, potentially, to the company’s reputation.
“We’re a medium-sized business with around 1500 employees in the UK. We were increasingly learning of cyber incidents affecting other similar businesses, which were sophisticated in terms of how the attackers gain access, remain inside the network and then extract information and encrypt data, it was something of a wake up call for us. These types of attack not only disrupt internal operations, but also have a knock on effect for suppliers, customers and partners. We knew we needed to assess our own exposure to cyber threats of this kind, and do whatever we could to mitigate the risk.”
– Matthew Downes | IT Director at Fowler Welch
Despite the initial impetus behind implementing EDR, initially it was the vulnerability management module that had the most impact. All managed service customers have access to its performance dashboard, Smartbloc which provides a complete overview of the performance and strength of their current cyber security measures, as well as key actions to improve. Deploying vulnerability management, and gaining instant visibility of the assets and vulnerabilities across the entire estate was quite an eye opener for Matthew and his team, as it illuminated a number of devices, platforms and applications with vulnerabilities that had not been patched on a regular basis, and allowed them to prioritise them according to the assets which were most affected. Highlighting this as a critical area, the team set to work making the necessary updates, removing unnecessary devices and removing redundant applications in order to reduce the potential attack surface.
As well as providing data relating to the specific modules deployed, Smartbloc is also used as a management tool to track overall progress against cyber risk management milestones and to communicate what is being done – and how effective those measures are – back to the business.
“Prior to signing up to the Norm service it was a case of we didn’t know what we didn’t know. Deploying the service has been like switching the lights on and finally being able to see what’s lurking in the dark corners of the room. Until you have visibility of what’s going on across your entire technology estate, you can’t address it, which means you have no real idea of whether you’re protected against cyber threats or not,” Matthew goes on.
As well as the prioritisation and peace of mind that Smartbloc has delivered, Matthew and the team have also benefited from having direct access to the team of cyber security specialists at Norm.
“We feel as though we can pick up the phone at any time and speak to someone who understands our business and can give us a sensible answer to any queries we may have. They help us to decide whether something that has been flagged is something we actually need to worry about, or not. We’re not cyber security experts, and we don’t have to be, because the guys at Norm are,” says Matthew.
In addition, as a food distributor Fowler Welch is subject to the standards set by the British Retail Consortium, and as a key part of the supply chain for a number of very large retailers is contractually obliged to have technology and cyber resiliency measures in place. A further benefit of the Visualiser is that it allows Fowler Welch to clearly demonstrate the cyber security controls it has in place and how they are helping to reduce their exposure to cyber risk.
Matthew concludes “Before choosing Norm cyber security was very much in our minds but out of sight. We knew we needed to do something, but we weren’t sure where to start. We began this process thinking that we needed an EDR solution, and quickly realised that we needed something far more wide-ranging if we really wanted to increase our levels of protection and deliver the peace of mind the business needs. For us, this is just the start of the journey, and we’re really pleased to have embarked on it with NormCyber.”
