To guarantee optimal focus on all aspects of their technology while implementing the highest level of cybersecurity controls, global leader in camera technology Nikon partnered with Gridware to undertake regular network layer penetration testing of their corporate environment.
Background
Nikon is a global leader in consumer products and camera technology, with internationally recognised standards in the quality of their product design and market leading performance. For over 90 years, Nikon has set their focus on out-innovating their competitors by creating reliable and ecologically sustainable optical technologies. Nikon’s product line supports a wide variety of fields including medical imaging, science, and industrial optics. To guarantee optimal focus on all aspects of their technology while implementing the highest level of cybersecurity controls, Nikon partnered with Gridware to undertake regular network layer penetration testing of their corporate environment.
Challenge
Nikon’s Australian headquarters underwent a significant upgrade to their IT infrastructure. This included improved firewalls, network devices, servers and migration to cloud technologies which increased Nikon’s attack vector risk.
Like most great companies, Nikon’s team assessed the risk to their own network security, and ensured they partnered with a leading CREST-certified vendor to provide independent assurance of potential security vulnerabilities or gaps in technology.
The Solution
Prior to the agreed date of penetration testing, a project review, including a rules of engagement meeting, was undertaken to establish which areas of Nikon’s network were being tested. While doing so, a scope of works and timeline of events were generated to ensure that testing would not result in any disruption to Nikon’s network.
Gridware’s penetration testing team undertook a full network investigation utilising the latest tools and technology, to better understand what technological vulnerabilities may have been examined and exploited by a threat actor in the event of an attack. Our testers then began by running a variety of suitable vulnerability scanning technologies and identifying any pathways for manual exploitation. The team also conducted manual vulnerability identification during the reconnaissance phase of the engagement.
During this procedure, Gridware identified several opportunities for improvement in Nikon’s network security design which could have potentially posed a risk to their environment. Our testing team notified Nikon immediately of any risks to the environment prior to issuing the full report.
Once the testing was completed, a detailed report was compiled which highlighted any potential vulnerabilities present in Nikon’s network and their corresponding remediation activities. By assigning these vulnerabilities a suitable risk rating (from critical, high, medium, or low), Nikon was able to address these issues in a systematic way and attend to the most significant vulnerabilities first.
Following Nikon’s confirmation that all vulnerabilities had been addressed, Gridware conducted re-verification testing at a later date to confirm that all changes had been made correctly by Nikon’s IT team.
The Outcome
Gridware’s partnership with Nikon added tremendous value to their overall competitiveness by helping the organisation meet the highest standards of security for their network. Further, as Gridware’s testing activities were completed swiftly, there was no noticeable disruption to their business activity.
Gridware’s penetration testing services ensured that Nikon maintained met their contractual and regulatory compliance requirements while adding confidence to their IT and management team.
