#InfosecurityEurope Case Study: Attack Surface Operations at Nationwide

Written by

As the UK’s largest building society, Nationwide has 18,000 users on its IT systems, 400 domains and 750 servers. The business pushes out 25,000 technology changes and updates every year.

As a financial services provider, the society faces an increase in cyber-threats, as well as the need to comply with industry-specific legislation. As a result, the organization is trialing the use of a new team within cybersecurity, specifically to manage its attack surface.

According to David Boda, chief security and resilience officer at Nationwide Building Society, this includes both external and internal risks. Although the society has a wide range of tools managing the attack surface, it wanted a single team to respond to risks.

“It is about being threat led, looking at all of the attack surface with a dedicated, ring-fenced resource to work proactively on things that will have the greatest impact in reducing our risk exposure,” he told Infosecurity Europe 2023 during the closing keynote.

“We are looking for what is really going to move the dial on risk exposure, what is going to make a difference and give a real return on investment.”

Read more from Infosecurity Europe: Financial Firms to Build Resilience in Face of Growing Cyber-Threats

Nationwide plans to provide the attack surface operations team with a “digital twin” of the organization. This will take data from its security tools and create a digital version of its technology.

“This allows us to have a more interactive visualization to work out how our assets fit together and how our data flows,” Boda said. “This can be really valuable to help us map our attack surface … it could also help us during an incident.”

The new team will also carry out deep-dive reviews of the society’s technology and identify where security could be improved.

In particular, Boda hopes the new unit will generate a better return on investment from existing security spending, for example by discovering security features that have been shipped but not implemented when applications or tools were upgraded.

The teams’ other goals will include prioritizing and delivering remediation activities, and putting in place changes that will help the Security Operations Centre (SOC) with incident response.

“The outcome will be to make the SOC’s job easier and the attackers’ job a lot harder,” Boda said.

Nationwide plans to have the new team in operation later this year.

Editorial image credit: monticello / Shutterstock.com

What’s hot on Infosecurity Magazine?