Removed a false sense of security at Montel
When Sicra looked under the hood, the top executive got a surprise. This led to new attitudes towards security.
Montel is a Norwegian provider of insight and information to the European energy markets. The company sells subscriptions to news, data, and analysis, real-time market prices, and weather forecasting services to over 1600 large companies in more than 30 countries.
CEO Tom Nyblin has been with the company since 1994. In 2021, they started a process to attract growth capital. This led to an extensive due diligence process.
- We had grown to 100 employees and 100 million in revenue and were at a crossroads. We needed capital and a partner who could help us seize the many exciting opportunities in the energy market related to decarbonization and the green shift in society, says Nyblin.
Security wasn't good enough
One of the areas that needed particular scrutiny was IT security.
- We received IT services from a well-renowned Nordic listed company, and they were responsible for security and infrastructure. They assured us that we were their best-secured customer. This assurance was important to us as we handle large amounts of sensitive data, says Nyblin.
Nevertheless, during the audit process, it was decided to take an extra look at the IT security itself. Sicra was recommended and given the task of taking a closer look under the hood.
- Sicra quickly revealed that the security was far from satisfactory. On a scale from 0 to 10, we were at 4. That's not good enough, especially in a time when the threat landscape has become much worse, says Nyblin.
Machines and systems were Not updated
This was the beginning of a hectic period that lasted 3-4 months. The entire infrastructure was mapped out, and Sicra first carried out improvements to eliminate the many vulnerabilities and then worked on implementing better security measures around the infrastructure.
- Sicra started analyzing all traffic in and out of our systems. We saw that there was a lot of traffic inside the system that we couldn't identify, but fortunately, it turned out not to be anything dangerous. Then they found some major security holes.
Among the worst challenges were machines and systems that had not been updated for a long time. It was also unexpected for Nyblin that no one checked the traffic out of the systems.
- Sicra recommended, among other things, that we invest in a new firewall from Palo Alto Networks, he says.
Building more robust and secure services
The work meant that Montel got rid of a lot of old technical debt and chose to reprogram and rebuild systems from scratch. The process is described as costly and time-consuming but also important.
- We can scale much better now and have more modern systems that support growth.
The work to secure the infrastructure meant that much work on developing new services was put on hold. Nyblin is happy about that today.
- It's better to be safe than sorry. I don't think we've lost much. The infrastructure and services we are building now are more robust and secure.
He sees it as a strength that Sicra exclusively delivers senior expertise with long experience.
- Sicra has been very good, precise, and has a high level of knowledge. They have helped us take giant steps with security work and equipped us to make much better choices.
That Sicra has slightly higher hourly rates than comparable players doesn't bother him.
- It's good to have a supplier who only offers skilled people. We know that the best expertise is the cheapest over time because good consultants spend fewer hours solving the task.
Energy markets Are more exposed
After the initial phase was completed, the war in Ukraine broke out. The fact that energy then became geopolitics significantly worsened the security situation.
- In practice, we are at war, and especially the energy markets in Europe are under heavy pressure. We have continued the good cooperation with Sicra throughout this period. They have been an important resource for keeping us at a good security level, says Nyblin.
The work in the subsequent phases has been particularly related to compliance, the introduction of better security routines, and working on security culture from the owner to the board, management, and throughout the organization.
- Sicra has worked closely with our skilled team in the IT department. We have, among other things, acquired more procurement expertise so that we make better choices. This allows our internal team to devote more of their time to strategically more important tasks than management and operations, he says.
Hiring their own CISO
Since new owners came into the company, Montel has tripled its revenue and more than doubled the number of employees. This has also created new needs in the organization.
- We have appointed our own head of IT security (CISO) with a direct reporting line to me, and we are also hiring more dedicated security experts in the IT department.
Over these two years, Nyblin has gone from being aware of security to taking personal responsibility for ensuring the company is well protected. Sicra is still on the journey as an advisor and facilitator of security that helps create new opportunities in the Montel group.
- Security is a board responsibility. It's something I, as a leader, prioritize highly, and it's fun to work with when we succeed, concludes Nyblin.
Explore more
Oslo Taxi secures the platform with Sicra and River Security
.jpg?width=292&height=195&name=shutterstock_2259920251%20(1).jpg)
Malling wanted a security review of their M365 environment
Ransomware attack caused headaches for one of Norway's largest chains
