SWEDISH MATCH - Creating resilience against cyberthreats
Swedish Match, headquartered in Stockholm, Sweden, develops, manufactures, and sells alternative products to cigarettes to tobacco consumers. Production takes place in factories in 13 countries with the majority of company sales coming from Scandinavia and the U.S. The company employs almost 5,500 people and has 16,101 MSEK in net sales (2017).
Swedish Match wanted to get a complete and deep understanding of the current technical state of cybersecurity within their organization to be able to allocate development efforts effectively and control the growing challenges in cybersecurity. They also wanted to benchmark against the industry best practices and use the analysis by Nixu to select areas where improvement of cybersecurity would generate the most effect.
The project targets included identifying the possible gap against the CIS cybersecurity framework, creating a prioritized Cybersecurity roadmap, and benchmarking Swedish Match’s cybersecurity posture for best practices in the manufacturing industry. Nixu created a gap analysis against CIS Critical Security Controls for Effective Cyber Defense framework that was supplemented by technical testing. By identifying the development areas, the Nixu team was able to create recommendations for how Swedish Match could go from its current state to its target state and a roadmap of how to close the gap.
The analysis and the Cybersecurity roadmap give business leaders tools to make informed decisions and allocate resources.
Swedish Match now has a good understanding of the company’s current state of cybersecurity. The analysis and the roadmap give business leaders tools to make informed decisions and allocate pinpointed resources based on facts about the current situation of the entire organization. The Nixu roadmap acts as a baseline upon which Swedish Match can build and prioritize its own cybersecurity’s short- and long-term planning. After completing the project, Swedish Match is able to focus its activities toward its desired cybersecurity level.