With more than 677,000 parking spaces spread across seven countries, Q-Park is one of the largest owners and operators of parking facilities in Western Europe. Q-Park employs some 2000 people and manages 3400 locations.
Cybersecurity is crucial for Q-Park. With the thousands of visitors who come in and out of Q-Park’s parking facilities daily, the company processes a lot of personal data, e.g.license plates, email addresses, payment methods, etc. Next to that, the company becomes increasingly dependent on ICT systems for efficient business management and for overall digitization.
In 2017, Q-Park sustained an attack by WannaCry ransomware. “Fortunately, our systems were spared, and we had no problems with our data, but initially, we had to open up the barriers to our parking facilities since our customers were unable to pay. With a considerable loss in earnings as a result”, notes CEO Frank De Moor. “That was a real wake-up call.”
There were two things for Q-Park to do: first, conduct an evaluation of the ICT environment, and second, reorganize the ICT department. “Given our locations in seven European countries, we work in a very decentralized manner. But that is far from ideal when it comes to ICT. Therefore, we wanted to move to a single overarching ICT department with a clear ICT approach”, says Frank.
Q-Park entered into a collaborative arrangement with Orange Cyberdefense. The ICT operations were evaluated via a Security Maturity Assessment, enabling Q-Park to have a clear view of where things stood. Together with Orange Cyberdefense, a new Information Security strategy was drawn up and implemented. This required buy-in from all Q-Parkers. Everyone was made aware of the importance of cybersecurity. A gargantuan task, given the thousands of locations and vast number of devices (parking management systems, cameras, laptops, mobile phones, payment terminals, etc.). “The Orange Cyberdefense staff helped us with it all. Thanks to their expertise and communication skills, we were able to make everyone in the organization aware of the importance of cybersecurity”, says Frank De Moor.
And so, Q-Park got started with Orange Cyberdefense’s CISO-as-a-Service model. This expert brought the needed technical expertise to our company and, in collaboration with various specialists, worked out a secure ICT environment that takes into account current trends and developments.
Q-Park is now in the operational phase of cybersecurity. They have appointed their own CISO, and the transition went very smoothly. Where necessary, the Q-Park CISO works with Orange Cyberdefense experts. “In addition to the expertise they bring, they are also good communicators”, says Frank De Moor. “The experts express an interest and are familiar with how our organization works, and they communicate very easily with the stakeholders and staff so that everyone is aware of cyber risks. Communication is key. Of course, we need expertise. But the experts need to be able to communicate with everyone within the company. And that is working very well.”
Orange Cyberdefense has been working with Q-Park for five years now. This close collaboration has laid the basis for the coming years. “The fact that we have been working together for five years has led to a close relationship between the two parties”, according to Frank. “And we would like to develop this collaboration further in the future.”