Schneider Electric Builds Security Ecosystem to Support Global Organizations Against Cyber Threats
Schneider Electric reveals its perspective on creating a stable security ecosystem. Standards and reliability are the key to reaching every group of organizations, whether customers or partners. Along with methods to take care of companies that do not have access to cyber security measures through the Security Ecosystem project to help every organization reduce the risk of cyber attacks.
New cybersecurity research has found that organizations worldwide are attacked on average 1,600 times per week as cybercriminals become more sophisticated. As a result of continuous developments in technologies such as artificial intelligence (AI) and machine learning, Schneider Electric, a leader in energy management and industrial automation solutions, is committed to continuing to invest in its cybersecurity posture.
Schneider Electric recognises that as we transform our core business processes, our customer solutions and the technologies that support them, the digital landscape and cyber risk is also expanding. We understand that many organisations that are part of Schneider Electric, such as our ecosystem of non-integrated companies, are also digitising their processes, exposing them to increased risk of threats and attacks.
The companies that are not connected to Schneider Electric are an important part of Schneider Electrics business expansion, branding and reputation opportunities, as they help diversify Schneider Electrics product and service portfolio. From a security perspective, customers expect these companies to be as secure as Schneider Electric. Our Security Ecosystem program provides guidance and support to the companies that are not connected to our system, so they can continue to develop their security standards and align with our Trust Charter.
Accelerating cybersecurity and a culture of trust together
Our definition of non-integrated companies is an entity that is an acquired company or subsidiary of Schneider Electric that has an independent IT infrastructure. When these companies become part of Schneider Electric, regardless of their security readiness status, participation in the Security Ecosystem program will:
help these companies establish an operational framework with the ultimate goal of protecting their IT environment with cybersecurity standards that are equal to or better than those used by Schneider Electric.
The Security Ecosystem program aims to create a higher level of cybersecurity readiness and reduce threats and risks by helping these companies:
- These companies will continue to have their own cybersecurity programs, while also being able to leverage industry best practices, deep cybersecurity expertise and Schneider Electrics resources.
- Identify potential cybersecurity vulnerabilities in their existing security systems and collaborate with Schneider Electric to address them with appropriate solutions to mitigate risk.
- Join forces with security experts from other like-minded ecosystems to share best practices and lessons learned in developing their own security postures.
- This demonstrates how building a strong security posture is a business enabler that can lead to continued growth.
Creating broad and in-depth support for cybersecurity excellence
Our definition of non-integrated companies is an entity that is an acquired company or subsidiary of Schneider Electric that has an independent IT infrastructure. When these companies become part of Schneider Electric, regardless of their security readiness status, participation in the Security Ecosystem program will:
help these companies establish an operational framework with the ultimate goal of protecting their IT environment with cybersecurity standards that are equal to or better than those used by Schneider Electric.
The Security Ecosystem program aims to create a higher level of cybersecurity readiness and reduce threats and risks by helping these companies:
- These companies will continue to have their own cybersecurity programs, while also being able to leverage industry best practices, deep cybersecurity expertise and Schneider Electrics resources.
- Identify potential cybersecurity vulnerabilities in their existing security systems and collaborate with Schneider Electric to address them with appropriate solutions to mitigate risk.
- Join forces with security experts from other like-minded ecosystems to share best practices and lessons learned in developing their own security postures.
- This demonstrates how building a strong security posture is a business enabler that can lead to continued growth.
Creating broad and in-depth support for cybersecurity excellence
The Security Ecosystem program began several years ago as an initiative and has grown into a robust program with full commitment and support from Schneider Electric.
- Governance and Management Supported and endorsed by senior management, a centralized governance team manages the Security Ecosystem program and ensures that it complies with Schneider Electrics cybersecurity reliability standards, which are based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The Cybersecurity Framework covers three core security pillars: digital, product and information.
- Operations and Responsibilities The Security Ecosystem program is operated by regional Chief Information Security Officers (CISOs) who oversee all cybersecurity efforts in the region, including the security of non-Schneider Electric companies. The CISOs
The team will continue to liaise and build good relationships with the executives and those responsible for security at these companies.
Security Expertise and Support These companies will continue to receive support from cybersecurity experts as appropriate, based on their specific business goals and security needs. These companies will benefit from areas such as product security, vulnerability management, incident response, cyber and data risk management, security training and awareness, and much more.
Creating a Comprehensive Framework to Enhance Cybersecurity
The Governance team has created a globally standardized framework for the Security Ecosystem project, based on 30 reliability standards covering four key areas to ensure the sustainability of the highest possible level of security:
The Governance Framework, which is the foundation for cybersecurity and data protection standards that all Schneider Electric companies adhere to.
- Security awareness and training, which ensures the embedding of a cybersecurity culture consistent with Schneider Electrics best practices.
- IT and OT solutions that must be updated and deployed in the most secure versions to maintain ongoing security.
- Operating model processes using the Governance Framework Drive the implementation and implementation of standards and technologies used in day-to-day operations to ensure the highest level of security possible.
Establish consistent and robust security postures
Regional Information Security Executives and Security Officers provide direct support to companies not yet connected to the enterprise system by establishing specific relationships with each organization, providing advice and support in all aspects from implementing Schneider Electrics Trust Standards, to overseeing cybersecurity fundamentals and practices, and managing incident response.
Annual Trust Standards workshops are central to building strong relationships with each company, with ongoing monthly contact and regular progress monitoring to ensure that the security standards are developed and improved in line with the ongoing action plan.
- Annual Trust Standards Workshops, designed by regional teams based on each companys current level of security compliance. The first workshop involves a joint assessment of the companys existing security architecture and, with Schneider Electric, the development of a mutually agreed upon security vision and roadmap. At subsequent annual workshops, the vision and roadmap are reviewed, including identification of potential risks, security vulnerabilities and growth opportunities. A final report is presented to the companys senior management team, who prioritize the actions taken and commit to implementing the recommendations.
- Monthly Follow-Up Meetings. Each month, regional teams meet with companies to review progress and make adjustments as needed.
- Continuous Performance Monitoring. Companies that are not yet connected to the enterprise are required to complete a year-long cyber risk assessment via three external security scoring platforms: Bitsight, RiskRecon and SecurityScorecard. These assessments help Schneider Electric understand the overall security performance of their companies, their digital infrastructure and the risk of their assets being exposed to the outside world.
Collaborating with organizations to strengthen common security standards
One of Schneider Electrics most important goals is to build trust with customers by raising the bar on cybersecurity standards. We partner with companies that are not yet connected through a dedicated cybersecurity readiness program. We extend this standard to them through our Security Ecosystem program. By co-owning this program, these companies will receive ongoing support tailored to their needs to continuously strengthen security, resulting in a collaborative effort to protect each other, not only within the Schneider Electric Group, but also all of our customers.
Schneider Electric / APPR Media (PR)