下载PDF
Fullsteam Employees Ramp up Compliance and Security Hygiene with Arctic Wolf Managed Security Awareness
技术
- 网络安全和隐私 - 安全合规
- 网络安全和隐私 - 端点安全
适用行业
- Software
- Professional Service
适用功能
- 商业运营
- 人力资源
用例
- 网络安全
服务
- 系统集成
- 培训
挑战
Security awareness and compliance are always top of mind in the payment card industry. At least they should be. Unfortunately, too many companies still fail to uphold to the benchmarks of the industry’s data security standard (PCI DSS), which states businesses must “implement a formal security awareness program to make all personnel aware of the importance of cardholder data security,” as well as educating personnel “upon hire and at least annually.” In fact, the percentage of fully compliant firms has sunk in recent years to 28 percent, according to Verizon’s 2020 Payment Security Report. Not only does this mean costly fines for many, but it puts them at greater risk of a data breach, which can lead to consequences that are far worse. For Fullsteam™, a leading software and payments provider with more than 35 companies under its umbrella, security and compliance are an even greater ongoing concern because failure to comply could affect the viability of the FullsteamPay payments platform and its payment processing capabilities. It could suffer reputational damages and rising insurance rates, and hinder its ability to win over new merchants—in effect, many of the same costs incurred by businesses that suffer an actual breach. So, Fullsteam is hardwired in its attention to the cybersecurity landscape and its determination to always meet the payment industry’s regulatory obligations. Security Awareness Needed to Be Fully Effective, Not Simply Check a Box Even with the right mindset and strategic planning, however, Fullsteam faced significant challenges in delivering a security awareness program that could get its ever-growing number of employees from continuous acquisitions up to speed quickly. In the words of Jon Armstrong, Fullsteam’s Director of IT & Security, “Generally speaking, annual security awareness training is completely ineffective because it is never timely, and it is always the same because no one bothers to update it.” What’s more, Fullsteam sought a centralized, highly automated solution that wouldn’t require its IT team to direct countless hours in developing and maintaining the program. Armstrong and his team need to focus on business initiatives that grow the success of the company and are busy enough without having to add security awareness training to their to-do list. It’s unrealistic and ultimately unproductive for them to have to curate and deliver content on a regular basis to ensure it’s up to date and keeps employees focused on cyber hygiene. Ultimately, Armstrong sought to find a provider that would do more than help the company be PCI compliant organization wide. He also wanted to ensure all employees understood that they were expected to be responsible individually and collectively for demonstrating and maintaining proper cybersecurity behavior based on best practices to continually raise Fullsteam’s IT security posture—and that Fullsteam would provide the solution for them to meet those expectations.
关于客户
Fullsteam is an Auburn, AL-based holding company with a family of strategically aligned technology and software companies in multiple verticals. Fullsteam acquires companies and provides them with streamlined payments infrastructure. Ongoing compliance with the payment card industry data security standard (PCI DSS) is a key component in Fullsteam’s success. Fullsteam, a leading software and payments provider, has more than 35 companies under its umbrella. The company is highly focused on maintaining security and compliance, especially given the critical nature of its FullsteamPay payments platform. Failure to comply with PCI DSS could result in reputational damage, increased insurance rates, and difficulties in acquiring new merchants. Fullsteam is dedicated to meeting the payment industry’s regulatory obligations and ensuring the security of its operations.
解决方案
Discovering Arctic Wolf Managed Security Awareness So, compliance, implementation, and effective behavioral outcomes were all key considerations when seeking the right solution. Fullsteam had used a “hodgepodge of training courses from different vendors,” but learned about Arctic Wolf® Managed Security Awareness® when working with a security compliance consulting firm. Besides its exceptional content, Managed Security Awareness is easier on Fullsteam’s nearly 600 employees using the program because they no longer are required to log into several disparate portals to get the information and coursework they need. Security awareness training is no longer an ineffective annual requirement, but is delivered in bi-weekly sessions. Improved Employee Engagement Enables Fullsteam to Raise Its Security Posture With multitenancy, ongoing managed content, and automatic phishing remediation, Managed Security Awareness now helps Fullsteam employees retain pertinent cybersecurity knowledge and maintain a focus on security precautions required for their roles. While they may not need to learn how to analyze correlated logs, all employees must develop good password hygiene and other practices to protect against increasingly prevalent and sophisticated social engineering tactics, like phishing, that make each individual a target. As Armstrong says, “No amount of email filters will keep everything out, so users need to recognize when potential threats appear.”
运营影响
数量效益
相关案例.
Case Study
Factor-y S.r.l. – Establishes a cost-effective, security-rich development environment with SoftLayer technology
Factor-y S.r.l., a web portal developer, was faced with the challenge of migrating its development infrastructure to a reliable cloud services provider with highly responsive technical support. The company needed a solution that would not only provide a secure and reliable environment but also support its expansion by providing resources to create and deliver innovative offerings.
Case Study
UBM plc: Taking the pulse of the business and engaging employees with a far-reaching strategic transformation
UBM, a leading global events business, was undergoing a significant strategic transformation named 'Events First'. As part of this transformation, the company was preparing to complete the largest acquisition in its history - Advanstar, a US-based events and marketing services business valued at more than USD970m. The company faced the risk of human capital flight if it was unable to effectively engage top talent with the new strategic direction. UBM needed to make significant structural, process and systems changes, uniting its previously autonomous regional businesses. The challenge was to ensure all of its employees were engaged and aligned with the new future vision.
Case Study
Darwin Ecosystem: Accelerating discovery and insight through cutting-edge big data and cognitive technologies
Darwin Ecosystem was founded with a unique vision of harnessing chaos theory mathematics to uncover previously hidden connections in unstructured data. The company’s algorithms can look at all the data generated by any source (such as news, RSS feeds and Twitter), and analyze how a specific set of concepts within that data are evolving over time. This is particularly valuable in situations such as business and competitive intelligence, social research, brand monitoring, legal discovery, risk mitigation and even law enforcement. A common problem in these areas is that a regular web search will only turn up the all-time most popular answers to a given question – but what the expert researcher is actually interested in is the moment-tomoment evolution of the data available on that topic. Darwin’s algorithm is computationally intensive, and the sources of data it correlates can be vast. To bring its benefits to a larger commercial audience, Darwin needed to find a way to make it scale.
Case Study
Wittmann EDV-Systeme launches IT monitoring services
Small and medium-sized businesses often lack the know-how and resources required for thorough IT system monitoring. Wittmann EDV-Systeme wanted to launch a solution to plug the gap – enabling it to improve its own competitiveness and that of its customers. IT landscapes are becoming ever more complex and outsourcing is gaining popularity, IT systems must nonetheless remain easy-to-use and extremely reliable at all times. Automated, round-the-clock system monitoring therefore represents an immensely valuable proposition for companies: downtime for business-critical applications can be avoided, and IT systems remain available at all times.
Case Study
Zend accelerates, simplifies PHP development
Zend Technologies, a major contributor to the PHP open source community, needed to keep pace with emerging trends such as mobility, agile development, application lifecycle management and continuous delivery. The company needed to provide the right tools to the worldwide community of PHP developers. The challenge was to support enterprise-class capabilities from end to end, including mobile, compliance and security. The pace of business required developers to show results fast across a variety of devices without compromising quality or security.
Case Study
Delivering modern data protection with cloud scale backup from Cobalt Iron and IBM
Organizations are struggling to modernize their legacy data protection environments in the face of growing demands around new infrastructure, new applications, and budget consolidation. Virtualization and modern application development processes have significantly outgrown legacy backup architectures. In response, infrastructure teams have created multiple backup solution types to handle the varying SLAs (performance, scale, cost) required by their business sponsors. However, the sheer number and variety of solutions in this uncontrolled expansion creates huge amounts of work, threatening to overwhelm the IT team in many organizations. Today, developers may add new applications and virtual server instances by the hundreds per day without accounting for the restrictions of the existing backup infrastructure. They leverage the cloud for immediate compute and storage resources, yet rarely communicate succinctly with corporate IT to ensure that the appropriate data protection services are in place.