LV=, a prominent pension, savings, insurance, and retirement company in the UK, boasts a rich history dating back 180 years. The company has diversified its offerings over the years to encompass a wide range of insurance, investment, pension, and retirement products. With a commitment to innovation, LV= has embraced new technologies to enhance its services and operations.
In 2021, after completing a significant phase of infrastructural and digital upgrades, LV= leadership grew concerned about the effectiveness of their security measures. To address this issue, the company engaged a top-tier accounting firm to conduct a comprehensive assessment, comparing their security framework to the NIST cybersecurity standards.
The findings of the assessment were eye-opening for LV=. Dan Baylis, the newly appointed chief information security and data officer, highlighted the glaring deficiencies in the company’s security maturity level. Recognizing the urgent need for enhanced security measures, LV= embarked on a journey to rectify past shortcomings and make substantial investments in bolstering their security infrastructure.
Upon assuming his role, Baylis undertook a thorough evaluation of LV=’s security stack, processes, and protocols. What he uncovered was a series of critical issues, including outdated security controls, such as signature-based antivirus software, and a lack of awareness in the email gateway regarding modern threats. Moreover, the absence of a centralized view hampered the team’s ability to proactively address vulnerabilities and respond to potential cyber threats.
Baylis emphasized the importance of data-driven security decisions, advocating for measures that could substantiate the company’s investments in cybersecurity improvements. He recognized the need for continuous security validation to provide tangible evidence of LV=’s resilience against evolving cyber threats, leading to informed decision-making based on empirical data.
To overhaul LV=’s security infrastructure, Baylis initiated a comprehensive rebuilding process, starting with the implementation of a breach attack and detection system (BAS) for continuous security testing. Recognizing the industry trend towards tools that offer attack path management and security control validation, Baylis leveraged solutions like BAS, pen testing as a service (PTaaS), and continuous automated red teaming (CART) to enhance LV=’s security posture.
By integrating cutting-edge solutions such as Cymulate’s BAS platform, Axonius for continuous control monitoring, and SecurityScorecard for cybersecurity benchmarking, LV= underwent a transformative phase in enhancing its security capabilities. The strategic adoption of next-generation anti-malware controls, a new email gateway, web gateway, and password manager further fortified LV=’s defense mechanisms against potential cyber threats.
With the modernization of LV=’s security tooling complete, Baylis shifted his focus towards addressing the human element of cybersecurity risks. Implementing dedicated phishing tests and training programs for employees, along with plans to fortify the company’s email infrastructure, underscored LV=’s commitment to holistic security measures encompassing both technological and human-centric approaches.
As LV= continues to prioritize cyber resilience and security awareness, the company’s proactive stance towards enhancing its security posture reflects a fundamental shift towards a more robust and resilient security framework. With a keen eye on leveraging technology and empowering their workforce, LV= stands poised to navigate the dynamic cybersecurity landscape effectively, safeguarding their assets and reputation in an ever-evolving threat environment.