Skip to content
Menu
menu
Illustration of glowing cubes and business people representing the interconnected skills and technology in a security operations center

Illustration by iStock

A Canadian Retailer Supports its Cyber Response Team with a Centralized Security-as-a-Service Solution

What do you do if you’re a growing retailer that wants to ensure that not only is the company serving the needs of customers and remaining competitive within the market, but also protecting customers’ information? In Canada, there were more than 150,000 reported cases of fraud involving cybercrime between January 2021 and the end of December 2023—averaging to about 137 attacks per day. In 2023, the Canadian Anti-Fraud Centre received 63,519 reports, with victims’ losses amounting to approximately $569 million. Those risks to customer information are also risks to brand reputation.

When Shaun Guthrie first arrived at Peavey Industries in October 2021 as its new senior vice president of technology and eCommerce, he arranged for a threat risk assessment so to better understand the greatest risks to the company that his team could help manage.

“I just didn’t want to throw away money at new shiny technology or new shiny solutions. …I wanted to understand where our risks were and then prioritize our investment based on those risks,” Guthrie says.

Founded in 1967, Peavey Industries is a Canadian, employee-owned retailer that offers farm and ranch products to rural communities—feed, fencing, and other goods that support agriculture, homesteading, birding, and equine industries. Today the company operates about 90 stores and two distribution centers, with support from roughly 2,300 employees. Headquartered in Red Deer, Alberta, its facilities can be found across the nation.

When he started with the company, Guthrie found that the technology and eCommerce team was largely reactive, responding to alerts as they sounded and having to determine the legitimacy of the concern.

“With no central repository, it was a lot of firefighting, and that caused a lot of running around. And also, it caused us to investigate a lot of false positives,” Guthrie says. For example, if an employee was traveling outside of the country and tried to access the company’s system, an alert would be sent to Guthrie’s team, claiming it was an attempted breach.

The risk assessment helped identify these repeat problems, enabling Guthrie and his team to take a step back from the firefighting and point out a solution that could support the team and the company’s overall mission.

The threat risk assessment clearly indicated the organization needed to have centralized monitoring and a solution like a security operations center (SOC) or a security information and event management service.

Guthrie was convinced that a central logging solution or SOC could result in a more efficient analysis of alerts that required a cybersecurity response. This could keep the team focused on triaging concerns while the solution determined what merited additional analysis and flagged likely false alarms.

“Having somebody else do that allows us to not have to chase down false positives. It allows us to really focus our efforts on the real problems, the real incidents that we have to investigate,” Guthrie says. PII was a top priority. While Peavey Industries does not store credit card information, it still has some PII that it wants to safeguard.

To protect its own systems, as well as customers’ PII, there were some key issues Guthrie needed the solution to address.

“We needed a way to be more efficient with logging and tracking and making sure that our team was focused on the items that mattered the most, not kind of doing the firefighting and hunting for false positives,” Guthrie says. “We wanted to make sure that if we’re going to engage in an activity, we’re engaging because it’s a credible threat or it’s a credible issue.”

He also wanted a solution that allowed his team to conduct monthly internal and external vulnerability scans. “If you’re not measuring the ability to determine where you’re at from an internal and external perspective and what are the leaky holes in your organization, then you’re flying blind,” he says.

Eventually, Guthrie used the risk assessment’s findings to select cloud-based security provider Stratejm as a partner. With the assessment’s guidance, Guthrie saw that Stratejm’s Security-as-a-Service (SECaaS) could support his team.

Once connected to Peavey’s network, the cloud-based solution identified the various servers, video cameras, firewalls, access points, and other assets and applications linked to the larger network. Anything with an IP address that was connected to the network had to be initially identified and mapped out.

After about five weeks, Guthrie’s team was presented with a list of the mapped items and had to decide which would require monitoring.

“Really, the involvement for my team was just a coordinated effort between Stratejm and a few members of my technology team. Stratejm had a project manager tied to it, and they led the entire project, start to finish,” Guthrie says.

Those first four to six weeks also involved fine-tuning as Stratejm’s service became more familiar with the generated alerts.

“When you’re monitoring something, it creates a lot of extra alerts. And you have to kind of tweak it and say, okay, we can calm down the alerting here that it’s maybe too restrictive,” Guthrie says. “It’s just turning the dials, so to speak, and configuring the system.”

When there is an alert concerning anything that the team identified as important, a report is generated and logged into the SECaaS. Logged events are collected on-site and sent to the cloud service. The service—which offers both analysts and automated features—determines whether the event should be considered by Guthrie’s team. When it does merit closer consideration, the event is sent to the team, generating a new ticket. At this point, Peavey Industries’ technology and eCommerce team will triage and begin to address the issue, confident that the alert is worth investigating because the SECaaS has already validated it to a point.

This alert verification enables the in-house team to focus on mission-critical incident response, including anomalous behavior on a network, a virus, or even an unauthorized breach into the company’s system. In those instances when it turns out that the issue was still a false alarm, the collaborative effort first felt during the installation process is seen again. The team notifies the SECaaS about the false positive, helping to fine-tune future monitoring.

The service also relies on automated responses for certain scenarios, which Guthrie describes as preconfigured playbooks. For example, if an event is logged at 2:00 a.m. that indicates that someone’s computer has been compromised or if the team spots abnormal activity on a device, the playbooks adhere to predetermined responses that were created by the technology team and Stratejm. The automatic response to this flag is to shut down the device and stop it from transmitting data.

For more serious incidents, Guthrie has already mapped out a response. In the face of a significant cybersecurity event, such as a targeted breach, information would be fed to the team from Stratejm alerting them to the likelihood of a major incident. “And quite quickly, we would start triaging to see the scale of it,” Guthrie adds. They would also determine how it could affect customers’ information.

Guthrie also uses the SECaaS to measure his team’s security maturity with an annual assessment that looks at the processes and identifies improvements, allowing Guthrie to put together a report for the company’s board and executives.

“It’s like other investments that we’re making,” he says. “Are we actually making improvements?” The report helps highlight why this kind of service can be an asset to the company by supporting security efforts and saving time.

When Guthrie joined Peavey Industries, he created a three-year security roadmap. Now that he reached the end of that roadmap, it is time to start again with another threat risk assessment—one that can help analyze the current risk landscape and if additional investments need to be made, according to Guthrie.

“We’re confident that Stratejm does have additional solutions for us, and we’ll evaluate those as we get the results of that new assessment and how we value this relationship,” Guthrie says.

 

Sara Mosqueda is associate editor for Security Management. You can connect with her via LinkedIn or by sending her an email at [email protected].

 

To learn more about Stratejm’s Security-as-a-Service, visit stratejm.com/security-as-a-service-secaas/, or contact Nissreen Chams via email, [email protected].

 

arrow_upward