Sustainable Approach to Cybersecurity
DIGITAL REPORT 2021
IN ASSOCIATION WITH:
SPECTRIS PLC
2
spectris.com
SPECTRIS PLC
Sustainable Approach to Cybersecurity
spectris.com
3
SPECTRIS PLC
4
spectris.com
SPECTRIS PLC
Adam Forde CIO and Anna-Lisa Miller CISO of Spectris - which provides insight through precision measurement - discuss their digital strategy and cybersecurity
T
Adam Forde CIO, Spectris Anna-Lisa Miller Global CISO, Spectris
he world’s best-kept secret” is how Anna-Lisa, Miller Group CISO, describes Spectris, which may sound like a clandestine organisation from the latest James Bond movie, but is in fact a UK-headquartered company focused on its sustainable cybersecurity as part of its digital transformation. Spectris defines its purpose as helping to make the world “cleaner, healthier, and more productive” through precision measurement for global customers. This extends from producing oxygen analysers used in ventilators during the pandemic, to helping automotive manufacturers develop new electric powertrain technology, to supplying 200 temperature and pressure sensors for critical use on a space rocket and manned capsule. Headquartered in Egham, Surrey, Spectris employs approximately 7,500 people located around the world. Precision is at the heart of their operations providing global customers with specialist insight through high-tech instruments and test equipment, augmented by the power of our software. With revenues in excess of £1.3bn in 2020, Spectris is one of the largest companies in the FTSE 250. Therefore, it is no surprise that it could be a target for cybercriminals which is why Spectris is focusing on its cybersecurity as part of its digital strategy. As Spectris precision instruments seek to help companies become “the best they can be'', an invisible threat is always on Miller’s radar spectris.com
5
SPECTRIS PLC
- that of an opportunistic cyberattack which could disrupt production and revenue. “Spectris really is one of the world's bestkept secrets,” commented Miller, who joined the company in 2017 and is one of very few women who specialises in cybersecurity. “Spectris helps other companies to be utterly brilliant. We provide high precision instrumentation - that are then further enhanced, with our analytics and insights and our powerful software. We provide companies with the ability to become more efficient and effective across healthcare, pharmaceuticals, food, aerospace and defence, automotive and more!” Not only has Spectris provided sensors for ventilators during the pandemic but they have also been working with pharmaceutical companies. “The work we have done during the COVID-19 pandemic is really important to us and we are extremely proud that our oxygen analysers have been used on ventilators and incubators. We've also helped pharmaceutical companies develop their COVID vaccines with our instruments. Spectris touches so many aspects of life,” said Miller. Commenting on her evolving role as a cybersecurity expert she said: “I think security has changed a lot during the past 20 years. When I think back to when I started my career, IT security was considered a bolt-on at the end of a project. In some ways, we often felt like we were at the bottom of the food chain. “Today, it's the complete opposite. We're now an enabler. We're a true business partner. We are recognised as being the people that address probably one of the most difficult risks that businesses face these days. I think security and the way that we manage security has really transformed.” 6
spectris.com
Four pillars of Spectris digital strategy Overseeing the company’s overall digital transformation is “the guardian of technology” Adam Forde, Group CIO who joined the company two years ago. “This is one of the most exciting times in history to work in technology”, said Forde who described the four pillars of the Spectris digital journey: • Product - sensors (hardware and software) and digital simulation products and how data science produces results to help the client • Customer - personal and unique relationship • Employees - how IT has enabled engagement during pandemic and hybrid working • Supply chain - how to get intelligence from the supply chain
SPECTRIS PLC
ADAM FORDE TITLE: CIO COMPANY: SPECTRIS
“ What we're looking at is how do we get real intelligence through our supply chain so that we can understand the model of what's happening. This is so we can apply things like lean six Sigma and other best practices digitally to minimise disruption” ADAM FORDE
CIO, SPECTRIS
EXECUTIVE BIO
With over 20 years of technology experience, including the last 10 years at an executive level, I have had the opportunity to lead multiple business transformation programs, across a wide range of companies (Credit Suisse, GE, Coca-Cola and now Spectris). I most enjoy building and leading high-performance teams. I live in Surrey, am married to Elena and have to kids, Jack (15) and Emma (12). When I’m not working, I coach a local rugby team, enjoy running, cycling, gardening and DIY. I also provide a free of charge UBER service to my kids.
SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT.
MPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY P
F YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU
DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T
KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW
BOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT A
SET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YO
CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T
“SIMPLY PUT, IF
OTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT
MPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY P
YOU DON’T KNOW
F YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU
DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T
ABOUT AN ASSET,
KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW
BOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT A
YOU CAN’T
SET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YO
CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T
OTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT
PROTECT IT.”
MPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY P
F YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU
- Doug Graham
DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T
KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW Chief Trust Officer, Lionbridge
BOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT A
SET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YO
CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T
LEARN MORE
OTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT
MPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY P
F YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU
DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T
KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW
SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT.
PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT,
U DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU
T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T
W ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW
AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN
OU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU
T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T
T IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT.
PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT,
AXONIUS: CYBERSECURITY ASSET MANAGEMENT
U DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU
companies T KNOWAxonius ABOUT helps AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T managed or unmanaged, in the cloud, gain visibility into all devices
insight into every device—whether it’s or on-premise. For every connection,
W ABOUT AN ASSET,to YOU CAN'T PROTECT IT.you SIMPLY PUT, IF YOU DON'T KNOW connected their network— need to understand its context.
giving AN ASSET, YOUclients CAN'Tconfidence, PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN that resource? Are its users permitted clarity, and control.
Does it have permission to connect to to access the network?
OU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU Axonius x Spectris: Cybersecurity In addition, Axonius’s solution will T PROTECT IT.Management SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T Asset help Spectris automate how it reacts to risk. This layer of security extends
Imagine what had to do the dayABOUT AN ASSET, YOU CAN'T PROTECT IT. T IT. SIMPLY PUT, IFSpectris YOU DON'T KNOW to IT, operations, infrastructure, and
after enabling work from anywhere’, says engineering—essentially mitigating DeanDON'T Sysman, KNOW the co-founder of Axonius. PUT, IF YOU ABOUT AN ASSET,the YOU CAN'T PROTECT danger of digital attacks. IT. SIMPLY PUT, When you have countless types of devices to your network across the U DON'Tconnecting KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU Looking Forward world, how do you stop cybercriminals wreaking Since Dean and his co-founders started T KNOWfrom ABOUT ANhavoc? ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T Axonius four years ago, it’s raised ToAN solve this problem, funding. Now,DON'T as 2022 KNOW W ABOUT ASSET, YOU Axonius CAN'T created PROTECT IT.US$195mn SIMPLY in PUT, IF YOU a product that connects to all existing unfolds, Axonius intends to bring controls in aCAN'T company’s network. IT. Its 400+ companies evenDON'T greater clarity andABOUT AN AN ASSET, YOU PROTECT SIMPLY PUT, IF YOU KNOW adapters connect to security platforms, control over their networks. But it’s networks, cloud platforms, identity the seed of something OU CAN'T PROTECT IT. SIMPLY PUT, IF YOU just DON'T KNOW ABOUTgreater. AN ASSET, YOU platforms, and more to pool that data ‘Cybersecurity asset management is together. ‘We give you a comprehensive not a solution’, says. ‘It’s yourCAN'T T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUTSysman AN ASSET, YOU and real-time asset inventory’, Sysman starting point’. says. ‘Once we collect device data, we T IT. SIMPLY PUT, IF YOU DON'T KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. correlate it to give our clients a single source of truth’.KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, PUT, IF YOU DON'T
LEARN MORE
Partnership U DON'TThe KNOW ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU To help Spectris manage its newly remote
T KNOWworkforce, ABOUT the ANAxonius ASSET, YOU CAN'T platform providesPROTECT FACEBOOK IT.LINKEDINSIMPLY TWITTER PUT, IF YOU DON'T
W ABOUT AN ASSET, YOU CAN'T PROTECT IT. SIMPLY PUT, IF YOU DON'T KNOW
SPECTRIS PLC
Spectris: Sustainable approach to cybersecurity
“In my 20-plus years, I've never seen anything like it, where technology and technologists are moving from the back office to the front office. It's just wonderful. I feel very fortunate to be working in this era and for an organisation like Spectris,” commented Forde who provides more detail about the four pillars of the company’s digital strategy. 1 Product “From a product perspective, we make and manufacture sensing hardware and have been enhancing that with software,” commented Forde who posed the question. “How do we use software to develop deeper insights from our instruments so that our customers can do things differently? “The answer is we're using software to create digital, entirely simulationtype products. We're also using software, specifically data science, to help our customers understand what's happening 10
spectris.com
SPECTRIS PLC
“ From a cybersecurity standpoint, I think organisations generally have an awful lot to do to help their digital transformations move at pace and make sure that it's sustainable”
ANNA-LISA MILLER TITLE: GROUP CISO COMPANY: SPECTRIS I’ve been working in security for my whole career spanning more than two decades. I’ve been really fortunate to work with amazing people all around the world through consulting with PwC and EY and working with some of the world’s best loved brands including Nestlé, Johnson & Johnson, GSK, Unilever, Xerox, Shell, British Airways Engineering, the BBC and Merlin Entertainments. Now I’m the CISO for Spectris and have been for the last four years. I really do believe that great security enables all of us to work efficiently and effectively while protecting the enterprise's digital assets. When I’m not at work or home, I can often be found swimming in rivers, lakes and seas.
ANNA-LISA MILLER
EXECUTIVE BIO
GLOBAL CISO, SPECTRIS
Prevent Ransomware and Malware
YOUTUBE
BlackBerry helps Spectris transform its systems and data security The partnership between Spectris and BlackBerry future-proofs the instrumentation and measurement pioneer No person in the business world can be unfamiliar with BlackBerry. In 2015 it transitioned from being primarily a mobile device manufacturer to become a cybersecurity enterprise software and services company. Known for secure handsets that changed how people work, now BlackBerry is looking ahead, utilising artificial intelligence and machine learning to protect large private- and publicsector operators from present and future cyberthreats. Robin Wright, Strategic Account Manager with BlackBerry, has been working in IT and cybersecurity for nearly 22 years and has seen the industry evolve from the on-prem IT security model into the present age, where data is front and centre. “It’s our job to look for technologies, threats and solutions coming over the horizon.” The leading precision measurement and instrumentation company Spectris is a key customer. Like BackBerry itself, Spectris has moved with its markets – a
YOUTUBE
long way from its 1915 inception: For example, Spectris is positioning itself as a key player in the field of autonomous vehicles since it acquired VI-grade in 2918 to boost development of advanced electromechanical products. Partnership with Spectris has been altogether positive, Robin Wright confirms. “Spectris was in a security transformation process, looking for a standardised approach across their operating companies. We achieved that, starting with a ‘tabletop’ approach from leadership right through to the operational guys. What they liked was that our team could do this from end to end, with one point of contact, rather than bringing in third parties integrate the solution. Collaboration has been great, with weekly calls since the project started in 2020, at which time they were among our biggest customers in EMEA. Transparent and honest dialogue has been a feature of the partnership. We put a lot of work in, and as a result Spectris has been happy to recommend us to other prospective clients!”
SPECTRIS PLC
QUICK FIRE QUESTIONS In the hot seat with Adam Forde, Group CIO Spectris What plans do you have for the future? “We plan to keep growing profitably and investing in developing new products that meet our customer needs. We're always looking at our portfolio of businesses to see what changes we can make as things become available. We very much have our eyes on the horizon in terms of new opportunities.” What does Spectris mean? “The Spectris name reflects the transformation of Fairey (the original company name) into a specialist technology-based instrumentation and electronic controls company, and was actually the name of a German company the Fairey Group acquired in 2000. Today, we have very simple values, which are to be true, aim high, own it.” You have come a long way since Sir Richard Fairey founded the company in 1915 to manufacture seaplanes - what legacy did he leave behind for Spectris? “The legacy of engineering is very much alive, we are essentially an engineering company”.
14
spectris.com
in terms of the results they're getting from the instrument. The idea being that's the value chain of our customer and if we can help them gain greater insights and work more effectively, that's a win for them.” 2 Customers “The focus on our customers is the second piece of our digital strategy and I hope it has been a significant accelerator. We were already running marketing campaigns through our website and through social media. What we weren't doing was running digital conferences and events. We have now
SPECTRIS PLC
shifted quite powerfully into the virtual space. “Looking at that journey for our customers, you want to take them to being an advocate for our company so we have to look at how we do that from a digital perspective. You start to get quite a broad range of interactions, but you have to ensure that it is personal to the customer, unique to the customer but consistent.” 3 Employee Forde pointed out Spectris digitised HR last year through Workday. “That now enables our employees to feel much more engaged
1915
Year Founded
7,500
Number of Employees
Industrial Technology Industry
£1.3bn
Revenue in 2020
spectris.com
15
SPECTRIS PLC
with the organisation, our values and how we manage performance. As a result of COVID-19, we had to run ourselves digitally through mediums like Microsoft Teams.” 4 Supply Chain Forde commented that the supply chain is where Spectris is now heavily focused and how they get real intelligence through the model to see what’s happening. “We’re not a mass manufacturer like a Ford or Toyota, we make a small number of products per year, so we are not looking to create a factory staffed with robots. “What we're looking at is how do we get real intelligence through our supply chain so that we can understand the model of what's happening. This is so we can apply things like lean six Sigma and other best practices digitally to minimise disruption.” One exciting development is a pilot scheme to use Augmented Reality (AR) technology to train test engineers on the Spectris production lines - a procedure that usually takes up to six months. “We're using AR technology to create guided training videos so that when we get a new starter into production, they'll start wearing the goggles and it will guide them through the steps until they are fully trained,” said Forde. Advantages of hardware and analytical simulation software Forde highlighted the advantages of Spectris hardware, analytical, and simulation software and how this saves time for their clients – in areas such as new automotive or aircraft development. “Historically, when it comes to developing new products, you build a prototype and attach a bunch of sensors and then put it through some real-world 16
spectris.com
“ I think it's important that organisations think carefully about what digital transformation means to them and what their own digital journey is as cybersecurity professionals” ANNA-LISA MILLER
GLOBAL CISO, SPECTRIS
SPECTRIS PLC
scenarios. Analytical simulation is about doing all of that without having to build a physical prototype and this significantly shortens the product development lifecycle time, saves cost and resources. “For example, if a car manufacturer could take three years to go from design to production a large amount of that time is spent in physical testing. Anything we can do through digital simulations to reduce that cycle time saves our customers time and money. It's not just in the automotive industry but also in aerospace, pharma, and academia where people are trying to build things and they need to do this more quickly. They can use our sensors as part of their approach.”
Sustainability in cybersecurity But as Spectris precision instruments seek to help companies become the best, an invisible threat is always on Miller’s radar that of an opportunistic cyberattack which could disrupt production and revenue. “I think businesses of all shapes and sizes have now come to realise that they're impacted by cybercrime. A day doesn’t seem to pass when you don’t see something in the news about a cyber attack. Although they tend to focus on larger organisations, all companies or people in some shape or form have been impacted by cybercrime.” Miller points out that at Spectris they work on embedding a sustainable cybersecurity spectris.com
17
SPECTRIS PLC
BitSight's industry-leading cybersecurity data provides cyber risk management insight for stakeholders across the organisation. With BitSight, organisations gain an external view of their network risks. Backed by industry-leading data and trusted by over 2,100+ customers worldwide, BitSight provides actionable cybersecurity risk solutions for all organisations.
SEE YOUR BITSIGHT RATING
Checkout bitsight.com for more information.
18
spectris.com
SPECTRIS PLC
culture which they adopt in a holistic way, taking into account the layers which have evolved on the digital journey during the past few years. “From a cybersecurity standpoint, I think organisations generally have a lot to do to help their digital transformations move at pace and make sure that it's sustainable”, said Miller. “There aren't many organisations that don't recognise cyber risk as being one of the biggest and most tricky risks to handle at the moment. When you layer on top of that the amount of change and the pace of change that comes through digital transformation, you then need to consider each capability associated with that digital transformation because there will be a cyber implication. “If I think back 10 years ago in IT cybersecurity, we always had to justify why there was a risk, which typically had a direct financial impact. The reality now is there are just so many different types of attack and so many different incentives that disruption
itself is often just a good enough reason. “We now just have to accept that it is going to happen. So that layer of protection of digital transformation becomes even more important than ever because we have to protect that change which is going to generate competitive advantage, so we now have a big responsibility in cybersecurity to protect that. “Digital transformation does mean different things to organisations. For some, it could mean replacing old digital with new digital, for some, it could be an ERP implementation. I think it's important that organisations think carefully about what digital transformation means to them and what their own digital journey is as cybersecurity professionals. We then need to understand that digital journey and do everything we can to make sure that it is successful and that we manage that cyber risk effectively,” said Miller. Evolving Spectris ecosystem Forde said Spectris has always worked with distributors and channel partners but he now sees the ecosystem model moving into product development, design, and manufacturing. “If we want to move at a really fast pace, we need to work with organisations for whom that's in their DNA. That's a big growth area for us.” Miller pointed out the key partnerships with BlackBerry and Axonius were important to Spectris. “We've been working with BlackBerry for a number of years in several areas, but from a cybersecurity perspective, we are using their Cylance suite for managed detection and response as well as digital forensics. We are using that as a group-wide solution. “We are also delighted to partner with Axonius as we use their service and product. spectris.com
19
SPECTRIS PLC
20
spectris.com
SPECTRIS PLC
“ We're using augmented reality technology to create guided training videos so that when we get a new starter or into production, they'll start wearing the goggles and it will guide them through the steps until they are fully trained” ADAM FORDE
CIO, SPECTRIS
Something that's really important to me is defence in depth. We don't ever look for a silver bullet in terms of security and what Axonius does for us is help us to get quick and accurate visibility of the security on every asset we have across our estates and to fine-tune when required.” Summing up the digital strategy at Spectris, Forde said it was not all about the technology as digital is a team sport. “Technology is a massive enabler, but it's also about all of the different functions within a business, understanding that the fundamental business model will shift and it needs to be dealt with urgently. But there needs to be a focus on the customer and the employee. The customer, because that's where the revenue comes from and the employee, because they're the people who make it happen and will define the success.” Miller echoed Forde’s comments and added: “When it comes to cybersecurity, we have an additional role to play when it comes to empowering people because the reality is that people are vulnerable to cyber attacks within the business, but also in their personal lives. “I think we have a responsibility to help people in both of those aspects. Cybersecurity belongs to everybody, and we want to empower everybody to make good decisions and to know what behaviours will help the business and themselves when it comes to protecting data, equipment and technology from cybercrime,” she said. Summing up Spectris USP, Forde said: “We combine great people, providing great services with a great set of products.”
spectris.com
21
Heritage House Church Road Egham Surrey TW20 9QD England TW20 9QD spectris.com POWERED BY: