In this case study, we caught up with the Group IT Manager at a highly renowned British automotive engineering company to understand how OnSecurity has significantly improved their security strategy and closed critical gaps in their infrastructure.
What was the security challenge faced by this automotive company?
This business faced multiple cybersecurity challenges that reflected the complexity of a modern, high-performance engineering business. From safeguarding its network perimeter against external threats and meeting demanding customer compliance requirements to ensuring the security of third-party-hosted web applications that protect its intellectual property and brand reputation, the company needed a robust, flexible approach.
In a nutshell, they came to OnSecurity for:
- External Penetration Testing: To ensure the security of its network perimeter and satisfy customer compliance requirements, they conduct external penetration tests with us every six months.
- Web Application Testing: Hosted by a third-party provider, the web applications needed testing to protect intellectual property and brand reputation.
Why OnSecurity is the go-to security vendor for the automotive industry
This client partners with OnSecurity by leveraging the platform for both external and web application penetration testing. During this interview, we discussed the key reasons for selecting us as their security partner:
- Diverse Methodologies: OnSecurity’s expert pentesting testing, paired with threat intelligence, solved a recurring breach issue that had previously gone undetected by other testing vendors.
- All-in-one Platform: The OnSecurity platform provides actionable reports, executive summaries, real-time dashboards, and continuous security assurance in one place, immediately streamlining processes and simplifying the experience.
- Cost Efficiency: OnSecurity’s competitive and flexible pricing compared to previous providers made the platform an attractive choice.
How did OnSecurity positively impact their security outcomes?
OnSecurity has previously reported findings within 8 minutes. While working on this infrastructure, the team identified several high-risk vulnerabilities that prevented further fraudulent activity and unauthorised access.
The “Aha moment”
Our clients discovered that one of their employees was experiencing a series of irregular and unauthorised transactions on their company credit card, totalling approximately £5,000. Despite previous security testing, no vulnerabilities were flagged, leaving the source of the fraud unclear.
While using OnSecurity’s threat intelligence tool, the “Breached Credentials” feature identified that an employee’s credentials were exposed on the Dark Web. Through internal verification, they confirmed that these credentials belonged to the employee affected by the fraudulent transactions.
With this information, our clients implemented simple but effective measures: updating the employees’ passwords and introducing stronger password practices internally. This immediate action stopped the fraudulent activity, preventing further financial loss and saving the company thousands of pounds.
Exposed web access presents a high-risk entry point
During a penetration test, the OnSecurity testing team discovered a critical finding: An on-premises Exchange server still had exposed web access, a vulnerability that had gone unnoticed for some time.
The company had long since migrated its email infrastructure to Office 365, and this leftover access point had slipped under the radar. Despite being a legacy system, it represented a high-risk entry point that could have allowed attackers to gain unauthorised access to sensitive internal communications.
With this discovery, they were able to secure the server immediately, close the vulnerability, and ensure that their transition to the cloud had not left any security gaps.
Beyond this, the platform’s real-time dashboard has improved overall visibility, allowing the IT team to monitor security continuously and closely, rather than relying solely on static, irregular testing.
How would you describe your experience using OnSecurity?
We asked the Group IT Manager to describe his experience in a few sentences:
“From the initial introduction and engagement, we immediately felt the benefits. The ease of use of both the platform and reporting has enhanced our ability to improve our security.
OnSecurity provided real-time insights, identified vulnerabilities we didn’t even know existed, and helped us prevent fraudulent activity. We would absolutely recommend OnSecurity for their excellent service, competitive pricing, and practical, high-impact results.”
This customer story is just one example of the countless times our skilled, CREST-accredited testing teams have uncovered hidden vulnerabilities and weaknesses that, if left unchecked, could have led to severe disruption and costly financial losses.
It’s a powerful reminder that no matter how secure you believe your infrastructure to be, without viewing it through a hacker’s eyes, you can never be certain what’s exposed and left unprotected.
Get a quote in as little as 60 seconds today and gain a true picture of your threat posture.
