CASE STUDY: Aircraft Precision Products

Background

Aircraft Precision Products makes specialty parts for jet aircraft engines. Its largest customers are GE Aviation, Rolls Royce, the Department of Defense (DOD), and Pratt & Whitney, along with several overseas customers. They categorize their business as high-end machining and specialize in hard-to-machine aerospace alloys and difficult configurations.

Bill Henderson, Aircraft Precision Products’ president, graduated from Michigan State University with a degree in engineering and started working at the company in March 1981, in the engineering department. He gradually moved into the plant manager’s position before transitioning to his current leadership role. Bill is also the president of the Central Michigan Manufacturers Association (CMMA), which is a regional association across four counties in Michigan including: Gratiot, Isabella, Clare, and Gladwin. The organization has about 110 member companies and specializes in ways to make things easier for manufacturers. Their association slogan is, “Business is easier when we work together.” The CMMA facilitates best practice tours and is always on the lookout for new ideas to provide additional value for members while helping them with workforce development. Henderson says, “Cybersecurity is certainly something that manufacturers, if they’re not concerned about, need to be. And so, we’ve identified cybersecurity as an area of focus for us.”

About six years ago, Aircraft Precision Products was hit with a ransomware attack. The cyberattack happened over Christmas. Since the company was shut down for the Christmas holidays, it was able to restore everything from backup and get things restored to normal by the time they opened again after the first of the year. The situation definitely was a reality check for the company. The cyberattack used remote desktop software that the company had set up. Unfortunately, they hadn’t been diligent about changing the passwords. So, the attacker actually gained remote access right through the software.

Companies that do business with the DOD are aware that there are some increasingly tight standards that they are putting forth for cybersecurity policy requirements, assessments, and things of that nature. Henderson adds, “But, I think the main thing is that cybersecurity insurance premiums are really increasing exponentially. And so, that’s another way we could add value to our members is by offering them, or pointing them to a solution which might help them mitigate their rising insurance costs.” Due to the various factors mentioned above, Aircraft Precision Products was highly sensitive to cyber issues.

The Decision

Bill Henderson discovered SensCy through a webinar they had done with the CMMA. He says that he was immediately taken by SensCy’s no nonsense approach and that they clearly focused on small and medium-sized companies. He had some conversations with other cybersecurity companies but felt that their approach tended to be more prescriptive. He added, “SensCy seems to take a more foundational approach, and I think tends to be more flexible as far as working with the individual company. They understand what our needs and requirements are, versus what they offer–rather than try to take a square peg and jam it into a round hole.”

Henderson was also impressed with the SensCy management and customer support teams and stated that SensCy was very easy to work with and very professional. He said they offered common sense suggestions, and in ways where they understood what the foundation of those suggestions were, rather than just having something come out of the blue. He said they take a much more methodical approach. He added, “The advice they give us makes a lot of sense. Some of the other organizations we dealt with, we felt that they didn’t understand the subject matter particularly well. The SensCy team lives and breathes cybersecurity and they clearly understand what they are talking about.”

Furthermore, “Going back to the CMMA, what appealed to us was SensCy’s business model, which really is focused on small and medium-sized businesses. And, we thought that really fit with us because some of the other companies we dealt with seemed to be of the opinion that we had unlimited resources, that we had a certain place we needed to get to, and money wasn’t a factor for achieving those goals. SensCy has more of a stepped approach. They seem to understand the financial constraints that smaller businesses have.”

Henderson sought the advice and opinion of his IT manager. He says that it was critical to gain consensus with this individual rather than make a unilateral decision himself. His IT manager shared his opinion and agreed that SensCy was the best solution for the organization and said, “Now this is what I’ve been looking for.”

Implementation

In terms of implementation, Henderson said that the biggest surprise is that there weren’t any surprises. His team has adapted well to the SensCy solution including the helpful, 10-minute training modules that SensCy provides. These modules may discuss critical cybersecurity measures to combat phishing attacks or information on cyber hygiene to help train employees. And, they have been pretty well received. Bill believes that given the environment and how cybersecurity, particularly ransomware, has been dominating the headlines, employees appreciate the fact that the company is paying attention. He says that employees recognize why the need is there, and SensCy does a good job of helping pass the message on.

Future

Bill Henderson is planning to promote their use of SensCy to help further differentiate their company and to help customers understand that they are taking the right steps to prevent future attacks. He adds, “There are a lot of differentiators in our industry. But, no question, things like a quality track record, service, delivery, the depth of personnel, all factor into it, as does this sort of thing. The part drawings that we have—the specifications are proprietary to the customers—our nondisclosure agreements require they be kept private.”

Reference

When asked what he would say as a reference for SensCy, Henderson said, “I describe SensCy as the real deal. They do exactly what they say they’re going to do and they do it very well. I also have to admit that having the former governor as one of the principals of the organization immediately gives them more credibility. And, in this case, he actually did the original sales pitch with their CMMA, and he clearly understands the subject matter. So, it is indicative of the overall professionalism of the organization. I can tell you that you can see that throughout the organization, it’s a culture that he’s established and as a businessman, I greatly appreciate it.”