Industry review


Clients developing new technology face near constant attempts to breach their security.

As technology proliferates and becomes ever more pervasive and sophisticated, the success of the businesses designing and developing it depends on it being secure both before and after it is taken to market.

Perhaps more than any other sector, the technology sector's strategic importance in the digital age makes it a target for the most sophisticated and dangerous threat actors: organized crime and nation states.

The prize for most is intellectual property. Significant innovations in software and hardware are worth many billions of dollars to competitors and can save foreign nations years of costly and uncertain research and development. At the same time the cost, both financially and to a company's reputation, of needing to fix security flaws after release continues to increase.

The Cyber Threat

The technology sector is the target of cyber attacks from a wide range of hostile operators, both internal and external, including organised crime and nation states.

In addition to the numerous public breaches of telecoms, hardware, software and technology services companies, MWR has observed persistent, concentrated attempts by nation-states to infiltrate these types of organizations. This is in most cases due to the intellectual property they may possess as well as the strategic importance a major technology firm may have.

There is a perverse asymmetry of expense, in that it typically costs an attacker a small fraction of the spending required to respond to an attack, let alone the risk of long-term damage to the value of the targeted business if the attack is successful.

Technology companies need to be aware of the various threats that face them, and accept that their part in society places them in the firing line of some particularly skilled and motivated attackers. These attackers might be less interested in the organization itself, more in its strategic importance to its host economy, nation or defense sector. Its also not just about the ideas and innovation, the ability for attackers to compromise a new technology once deployed with customers has a huge bearing on the reputation of those who produced it.

The nature of threats to this sector has often meant that where a targeted attack has been conducted, traditional cyber security measures have been found wanting. Forward-thinking organizations must to build on the effective parts of their cyber security programmes with practical solutions in order to stay one step ahead. At the same time they must innovate and take secure products to market to maintain the confidence of increasingly savvy customers.

Move forward with MWR

MWR possesses acute understanding of the needs of the technology sector, having worked extensively with leading hardware and software brands for a number of years. We are also a technology force in our own right, having developed both proprietary and open source cyber security programs and tools.

Our research-driven ‘can we break it’ approach gives us deeper understanding of the methods and tools used by the most dangerous threat actors targeting IT companies. That same understanding helps us to ensure technology is designed and developed with security in mind, reducing the cost of security fixes during a product's lifetime. Some of the key solutions MWR provide for technology companies are:

  • Through-life Security

Whether you use a more traditional waterfall model or have embraced AGILE, we can help you integrate key security activities to ensure through-life security in your products.  

By embedding security review and assurance activities at the heart of your innovation and development processes you can minimise the number of security issues that would otherwise ship with your product. By combining Training, threat modelling, code review and more traditional forms of Security Testing you can support your business in creating successful and secure hardware and software.

  • Improve resilience to APT

Experience has taught us that if your business can resist targeted cyber-attacks from advanced nation states, it can resist cyber-attacks from almost all threat actors.

With solutions such as Targeted Attack SimulationsAttack Path Mapping and Countercept, delivered by consultants that truly understand the mind of an attacker, your organization can be safe in the knowledge that you are using the most advanced defenses to resist the most advanced attackers. These will ensure that you continue to safeguard your valuable new technology against the most sophisticated threats.

These are just a number of solutions offered by MWR to help technology companies overcome the security challenges they are facing.

Please visit our Practice pages for a more comprehensive view of our capabilities.


Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.