- What happens if 50 new electric cars arrive in a given area, each with its own electric car charger? Is there enough capacity in the network, or does it need to be expanded? These are typical issues we work with at Embriq," explains Carl Arne Fladmark.
Fladmark is Development Manager at Embriq. Embriq is an IT company that delivers software services mainly to businesses in the energy sector, but also to retail and other industries. Fladmark is responsible for all development in the software products, what is the right product to prioritize, at the right time and cost.
- "Since we work with critical infrastructure, IT security is a high priority. All our systems must be robust and able to withstand attacks," says Carl Arne Fladmark. "It's important that customers have confidence in us when it comes to security. Our partnership with Netsecurity enables us to give customers that confidence.
-It 's important for us to be able to inspire confidence when we have a dialog with our customers, and that we have partners like Netsecurity who can support that confidence.
Carl Arne Fladmark, Development Manager at Embriq
Morten Eriksen, Information Security and Compliance Officer at Embriq, knows the responsibility for IT security like the back of his hand.
- "To ensure comprehensive security solutions in our deliveries, we utilize Netsecurity's excellent expertise and services in areas we do not cover ourselves. In this way, we continuously achieve good security solutions for our customers and we also utilize this in our internal solutions," says Eriksen.
Embriq has focused on three areas of IT security: Penetration testing, security monitoring and Incident Response Team (IRT). In a penetration test, the ethical hackers in Netsecurity simulate attacks against Embriq's systems.
- "We performed a penetration test without informing our internal resources and DevOps Team, to make the exercise as real as possible, and when things started happening in the system, we saw that the teams reacted in the way we hoped for - they shut down the services that were affected and patched the things that were," says Carl Arne Fladmark. "They quickly sent alarms upwards and notified that things were happening. This exercise made us confident that we are where we need to be in terms of our security work.
Vegard Vaage, head of penetration testers and the IRT team at Netsecurity, confirms: " Embriq was quick to pick up attack techniques from us while we were testing, and they patched the system continuously to remove security holes. That's precisely one of the things we want to uncover through a penetration test; the extent to which a customer is able to detect and respond to attacks," he says.
Embriq also has continuous monitoring of its systems through Netsecurity's surveillance platform (SOC). Here, Embriq tells of a time when the SOC team at Netsecurity got in touch early on a Monday morning. They had blocked the email account of an Embriq employee due to suspicious activity. He had suddenly logged in from the US and they feared that his account had been taken over by a hacker with malicious intent.
- "We quickly did some internal checks," says Morten Eriksen, "and it actually turned out that this person had boarded a flight to the US and was going to work from there. "It's very good to have a system that identifies potential hazards immediately," he says.
The IRT, or Incident Response Team, is the team that responds when an attack has actually occurred and someone has gained access to the systems.
- "Fortunately, we haven't had any such incidents so far," says Eriksen, "but it gives us great peace of mind to know that we have a team that will be there to limit the extent of the damage the day we need it.
Embriq considers safety in everything they do, both internally and with their customers. "It 's good to have a sparring partner who specializes in safety. It's like having an insurance policy that we're operating safely," says Carl Arne Fladmark.
- "I would definitely recommend other companies to carry out a penetration test. Such a test not only tests the system, but also the routines we have when strange things start to occur in the systems. It's good to know how well equipped you are against an attack," he continues.
-We see clear differences between companies that have practiced and those that haven't, in terms of how they recover from a cyber attack.
Vegard Vaage, Netsecurity
- "We see clear differences between companies that have practiced and those that haven't, in terms of how they recover from a cyber attack," confirms Vegard Vaage. "We're often good at practicing what to do if the fire alarm goes off, and that's obviously important. But the fact is that it is 66 times more likely to be exposed to a cyber attack than a commercial building burning down," he concludes.
Get in touch and we'll have a chat about how we can best help you.