Get in Touch Close Menu

CASE STUDY: FINTECH ORGANISATION

14 November 2022
fintech cybersecurity

Introduction

To support its continued growth, a Fintech organisation wanted to show prospective clients evidence of its security maturity while protecting its infrastructure and achieving regulatory compliance with the Financial Conduct Authority (FCA).

Working in partnership with Sapphire and their Managed Security Services, the organisation has enhanced its security visibility and maturity while keeping costs and resources to a minimum.

The Challenge

The organisation needed to enhance its cybersecurity programme and keep its clients secure whilst supporting its internal and market growth strategies. The organisation is subject to stringent compliance requirements in the financial services sector.

From customers requiring evidence of the cybersecurity controls the organisation has in place to the need to report its security maturity to the Financial Conduct Authority (FCA), the fintech organisation recognised that it did not have the resources in-house to deal with these demands.

The Cyber Security and Compliance Director, said, “We’re in an industry where our clients need evidence of our ability to secure our services. We’re growing and expanding into new markets and services, and therefore we require more controls, especially around the logging and monitoring security events.”

A white paper was commissioned internally, written by the Cyber Security and Compliance Director, to identify solutions to scale up their cybersecurity capabilities.

The whitepaper presented to the organisation suggested two options:

  • Bringing cybersecurity operations in-house
  • Outsourcing cybersecurity operations externally

“Keeping cybersecurity in-house was suggested; however, the up-keep and continuous recruitment of SOC analysts is expensive. Investing in a large team of cybersecurity professionals and managing that 24x7x365 was not a practical option in the long term.

My recommendation was to outsource our cybersecurity to a managed service provider.”

 

MSSP Selection Process

The Cyber Security Director had previously used Sapphire Professional Services for various specific cybersecurity projects. He now sought their expertise in the growth, management and delivery of security services – his Managed Security Service Provider (MSSP) of choice.

“I was invited to Sapphire’s National Information Security Conference (NISC) a few years ago and was sold on their cybersecurity knowledge. Sapphire has an acute understanding of the type of threats that put organisations in the financial services sector at risk.

Having experienced their quality of service in all my subsequent roles, it made sense to contact Sapphire again. Their approach to cybersecurity is to work with organisations in partnership and to bridge the gap in a customer’s expertise and knowledge.”

 

UK-based Security Operations Centre (SOC)

UK-based Security Operations Centre (SOC)

In their due diligence, the organisation’s clients often ask where their cybersecurity operations are located due to data processing laws and stringent compliance requirements.

This question was an important one. Sapphire, which provides a UK-based MSSP and Security Operation Centre (SOC), has all its data collection, processing and analyst investigations conducted entirely within the United Kingdom.

 

SAPPHIRE’S CYBERSECURITY SOLUTIONS

Sapphire recommended a Managed Security Information and Event Management (SIEM) and Managed Threat Intelligence service to meet the fintech organisation’s growing needs.

The Managed SIEM enables the fintech organisation to benefit from 24x7x365 monitoring and alerting of all security events across their environment. Sapphire’s SOC analysts quickly and efficiently identify, prioritise, and rapidly address all cybersecurity threats across the organisation.

The information gathered from threat intelligence feeds uses premium threat intelligence sources and proprietary and open-source intelligence, allowing analysts to make more informed decisions in proactively protecting the company and reducing risk to their organisation.

“The onboarding and implementation were shorter than our expected timescales. Once we started our relationship with Sapphire, the entire process was easy.

We instantly saw value in using their Managed SIEM service.”

 

Impact of Sapphire’s Managed Security Services

24x7x365 support

The fintech organisation receives 24x7x365 threat monitoring, logging, analysis, notification, and threat hunting via Sapphire’s dedicated UK-based Security Operations Centre (SOC). The organisation is now resilient and better equipped to respond effectively to cyber threats

 

extension of the IT team

Sapphire’s SOC analysts are an extension of the organisation’s IT team. Sapphire’s support has enabled the fintech organisation to maximise efficiency and accuracy while allowing them to focus on what matters most

 

increased monitoring and logging

The Managed SIEM service has increased the level of monitoring and logging. Sapphire collects and processes data from across the organisation, including all devices and systems, providing a centralised view of all security events as they occur.

 

 

Contact Sapphire Today

Sapphire has over 25 years experience
mitigating cyber risk for some of the UK’s
largest organisations.

For our clients, this means access to the best
possible people, processes and technology, all
continually augmented to match a highly fluid
threat landscape.

Whether it is securing physical hardware,
managing cloud risk or developing a security
strategy mapped to your organisation.

For all additional information or enquiries
contact us today.

Name
I agree to the terms & conditions

Related Articles

Sapphire Acquires Awen to Expand IT/OT Services Portfolio
27 September 2023

Appointment of new CEO, Ian Thomas, and acquisition signals next phase of growth for wholly UK-based Sapphire Darlington, UK – 27th September 2023 – Sapphire, the UK based pure-play cyber security solutions provider, today announced the acquisition of Awen Collective, a cyber security software company dedicated to reducing the risks of cyberattacks to Operational Technology (OT). The acquisition […]

Find Out More
 Data Breach Reporting: How Quickly Should It Be Done?
20 September 2023

Organisations must protect data and respond quickly and transparently during a data breach. However, despite their relentless efforts, data breaches remain a persistent and formidable threat. But, the good thing is that data breach reporting plays a crucial role in data protection. How quickly should a data breach be reported when it occurs? A slow […]

Find Out More
 Authentication vs Authorisation: Understanding the Difference
15 September 2023

In today’s digital age, where information is a valuable asset and data breaches are a constant threat, ensuring the security of systems and sensitive information is paramount. Two fundamental concepts are pivotal in safeguarding digital assets: authentication vs authorisation. While often used interchangeably, these terms have distinct roles in information security. We will delve deep […]

Find Out More