SWEDISH MATCH - Creating resilience against cyberthreats
Swedish Match, headquarted in Stockholm, Sweden, develops, manufactures and sells alternative products to cigarettes to tobacco consumers. Production takes place in factories in 13 countries with the majority of company sales coming from Scandinavia and the U.S. The company employs almost 5,500 people and has 16,101 MSEK in net sales (2017).
The challenge
Swedish Match wanted to get a complete and deep understanding of the current technical state of cybersecurity within their organization to be able to allocate development efforts effectively and to control the growing challenges in cybersecurity. They also wanted to benchmark against the industry best practices and use the analysis from Nixu to select areas where improvement of cybersecurity would generate the most effect.
Our solution
The project targets included identifying the possible gap against the CIS cybersecurity framework, creating a prioritized roadmap and benchmarking Swedish Match’s cybersecurity posture for best practices in the manufacturing industry. Nixu created a gap analysis against CIS Critical Security Controls for Effective Cyber Defense-framework that was supplemented by technical testing. By identifying the development areas, the Nixu team was able to create recommendations for how Swedish Match could go from its current state to its target state and a roadmap of how to close the gap.
The analysis and the Cybersecurity roadmap give business leaders tools to make informed decisions and allocate resources.
Customer benefit
Swedish Match now have a good understanding of the company’s current state of cybersecurity. The analysis and the roadmap give business leaders tools to make informed decisions and allocate pinpointed resources based on facts of the current situation of the entire organization. The Nixu roadmap acts as a baseline upon which Swedish Match can build and prioritize its own cybersecurity’s short- and long-term planning. After completion of the project, Swedish Match is able to focus its activities towards their desired cybersecurity level.