1.  Security Culture

 

Dedicated Cybersecurity Team

Our team of security specialists who are guided by the Cyber Security Committee, a group of senior executives who meet quarterly to evaluate progress to ensure we keep focus on security of our assets. In addition to overseeing risk management and standards compliance, our team actively engages in various cybersecurity events to stay ahead of perpetrators and remain informed about the latest advancements in the security space. Regular participation in these events allows us to enhance our threat intelligence and better protect our company from emerging threats. Additionally, we gather actionable open-source intelligence which strengthens our defence mechanisms.

Information Security Management System (ISMS)

Euromonitor is actively developing information security policies and procedures aligned with the ISO 27001 framework. ISO 27001 is an internationally recognized framework for information security management systems (ISMS). It sets out the requirements for establishing, implementing, maintaining, and continually improving an ISMS within the context of the organization's overall business risks. The primary objectives of ISO 27001 are to protect the confidentiality, integrity, and availability of information assets, ensuring their secure handling and management. Implementing ISO 27001 brings several benefits for organizations, including enhanced risk management, improved regulatory compliance, increased customer confidence, and a stronger defence against cyber threats. These policies and procedures are designed to establish a comprehensive approach to managing information security risks and protecting sensitive data.

Euromonitor’s information security policies undergo approval and regular review by global leadership, ensuring alignment with organizational objectives and enhancing our overall security strategy. Through our commitment to ISO 27001 compliance, we strive to maintain a robust and resilient information security posture to safeguard our organization's assets and maintain the trust of our stakeholders.

Cybersecurity Awareness

Euromonitor conducts cybersecurity awareness training annually, ensuring that every member of our team stays updated on the latest security practices and threats. In addition to this training, we regularly conduct phishing simulations and campaigns across the organisation, providing employees with practical experience in identifying and responding to phishing emails.

We also offer comprehensive guidance to employees on detecting and responding to phishing attempts effectively.

 

2.  Threat Hunting and Management

 

24/7 Logging and Monitoring

• Euromonitor utilises top-tier security operations to ensure round-the-clock logging and monitoring.
• Leveraging industry-leading partners who assist in identifying potential security gaps or events by correlating intelligence, security control, and telemetry data.

Threat Monitoring

• Euromonitor employs multiple resources for threat monitoring, including industry-best third-party partners.
• Our internal team actively gathers threat feed from various security newsletters, security vendors' bulletins, and threat reports to stay ahead of emerging threats.

Monthly Patching and Automated Cloud Endpoint Updates

• Euromonitor implemented monthly patching procedures and automated updates for cloud endpoints to enhance organisational security.
• These practices significantly contribute to maintaining a secure environment for our organisation and its assets.

 

3.  Risk Management

 

Third-party risk management

• Utilising one of the industry's best third-party provider platform to maintain a comprehensive risk register.
• Onboarding our suppliers based on their risk status determined through the platform.
• Sending out security questionnaires to suppliers to assess their security posture and incorporating the responses into our risk registers.
• This robust third-party risk management approach ensures that we thoroughly evaluate and monitor the security risks associated with our external partners, enhancing overall resilience and security posture.

First-party risk management

• Leveraging the same platform used for third-party risk management to address security questionnaires internally.
• The platform allows us to gain insight into our internal security posture through retrospective assessments.
• Logging these internal risks into our internal risk registers within the same portal.
• Maintaining and administering these risks on a centralised platform streamlines the risk management process and facilitates effective monitoring and mitigation efforts.
• This integrated approach to first-party risk management enables us to proactively identify and address security vulnerabilities within our organisation, fostering a culture of security awareness and resilience.

 

4.  Security Assessment

 

Annual Penetration Testing

Euromonitor employs a rigorous process of continuous penetration testing, utilizing a third-party Pentesting as a Service (PTaaS) platform that is ISO27001, CREST certified, and PCI and HIPAA compliant. This platform is complemented by the core community of experienced pentesters, ensuring the delivery of real-time insights necessary for prompt risk remediation and secure innovation. All assessments are conducted at least once annually to maintain a robust security posture. Our penetration testing covers a wide range of areas, including:

• Broad Security Review: Comprehensive checks of infrastructure controls are performed to identify vulnerabilities and weaknesses that may pose security risks.
• Cloud Configuration Review: A thorough analysis of our cloud estate is conducted to ensure that configurations align with best practices and comply with security standards.
• Assessment of All EMI Products: Our penetration testing extends to all Euromonitor International products, including Passport & NPL, VIA, E.com, and EMMA, to identify and address any security vulnerabilities or weaknesses in these platforms.

Through our comprehensive penetration testing program, we strive to proactively identify and mitigate security risks, safeguarding our systems, data, and infrastructure against potential threats and vulnerabilities.

Advanced Open-source intelligence assessment

Euromonitor implements an advanced Open-source Intelligence (OSINT) assessment strategy, leveraging our third-party PTaaS platform alongside expert analysts to scour public sources for risk identification. Through this process, we uncover attempts to access sensitive or proprietary indexed files, password dumps, data harvesting activities, and other potential threats. Our approach involves consolidating a diverse array of public sources, including media outlets, public records, breach disclosures, cyberattack indicators, and more. By synthesizing publicly available information from the perspective of potential attackers, we can effectively identify security issues and assess risk exposure across our systems and infrastructure.

Regular Vulnerability Scanning

Euromonitor leverages cutting-edge technology and expertise in vulnerability scanning to enhance its ability to identify and respond to security incidents effectively, safeguarding itself against external & internal threats along with unauthorized activities.

• External scanning – Regular external scanning is a crucial aspect of our security strategy, aimed at identifying vulnerabilities and potential entry points from outside our network perimeter. This exercise is conducted bi-weekly using an industry-recognized tool internally. Furthermore, to ensure comprehensive coverage, our Security Operations Centre (SOC) also performs external scanning on a monthly basis.
• Internal scanning – In addition to external scanning, internal scanning is equally vital to maintain a robust security posture. All our endpoints and servers undergo regular scanning round the clock, facilitated by a credible and advanced third-party managed detection and response solution. This continuous monitoring of internal assets helps us detect and mitigate potential threats or anomalies within our network environment, ensuring the integrity and security of our systems and data.

Weekly Security Assessment: Monitoring and Analysis

On a weekly basis, Euromonitor conducts a thorough assessment of its security posture, facilitated by reports received from our external Security Operations Centre (SOC) provider. These reports offer comprehensive insights into any suspicious activities occurring across our entire IT infrastructure, including our Cloud, On-premises, and Microsoft 365 estate. Our dedicated cybersecurity team meticulously scrutinises these reports, analysing each detail to identify and respond to potential threats effectively.

 

5.  Secure Infrastructure

 

Email security

Our third-party cloud-based email security system offers comprehensive protection against a wide range of email-related threats. It stops advanced threats such as spear-phishing and zero-day attacks by scanning URLs in real-time, sandboxing suspicious attachments, and blocking suspect URLs. Additionally, it includes anti-spam protection to filter out unwanted spam emails, email virus protection to safeguard against viruses and malware, and facilitates secure message sending for employees. Moreover, it prevents data leakage by scanning all email communications and attachments, quarantining suspected emails for administrator review.

Next-generation firewalls

Our next-generation firewalls provide advanced threat protection, intrusion prevention, and granular access controls to safeguard our network perimeter against evolving cyber threats.

Intrusion detection/prevention systems

Our intrusion detection and prevention systems continuously monitor network traffic, detect suspicious activities, and proactively block potential threats to prevent unauthorized access and data breaches.

Identity and Access management

We implement strict IAM policies and controls to manage user identities, enforce access controls, and prevent unauthorized access to sensitive resources and data.

Cryptographic controls

We utilize cryptographic techniques to protect data confidentiality, integrity, and authenticity, ensuring secure transmission and storage of sensitive information.

DNS protection

Our DNS protection solution defend against DNS-based attacks, malicious websites, and phishing attempts, providing an additional layer of security for our network infrastructure.

Managed Detection and Response – Endpoint security

Our MDR service offers real-time threat detection, incident response, and remediation capabilities to protect endpoints against advanced threats, malware, and zero-day attacks. Our Cybersecurity team performs regular reviews of endpoint protection policies in alignment with industry best practices.

• Adherence to GDPR & Other Data Protection Acts Globally: We strictly adhere to the General Data Protection Regulation (GDPR) and other data protection acts globally to ensure the lawful and transparent processing of personal data, respect for individual privacy rights, and implementation of appropriate security measures to protect sensitive information.
• Comprehensive Data Security Measures: We implement robust data security measures, including encryption, access controls, data masking, and secure data transfer protocols, to safeguard your data against unauthorized access, disclosure, or alteration.
• For further information about how Euromonitor handles personal data, please see our Privacy policy available here.

 

6.  Data security and privacy 

 

Adherence to GDPR & Other Data Protection Acts Globally: We strictly adhere to the General Data Protection Regulation (GDPR) and other data protection acts globally to ensure the lawful and transparent processing of personal data, respect for individual privacy rights, and implementation of appropriate security measures to protect sensitive information.

Comprehensive Data Security Measures: We implement robust data security measures, including encryption, access controls, data masking, and secure data transfer protocols, to safeguard your data against unauthorized access, disclosure, or alteration.

For further information about how Euromonitor handles personal data, please see our Privacy policy available here.