The entire organization must participate for good cyber resilience

The entire organization must participate for good cyber resilience

Johan Rambi, working as Group Security Officer at animal feed company ForFarmers, during the Industrial Cyber Security event (October 12) address the question of how companies can find their way to a risk-based approach. His position: cyber resilience can only be achieved with a good strategy and a clear, integral security roadmap. That way, you get the entire organization on board.

By: Dimitri Reijerman

Johan Rambi has been working on issues surrounding cyber security and the vulnerability of digital systems for many years. For the past three years, he has been working with his colleagues on cyber security within ForFarmers: “I started at ForFarmers in 2018,” he says. “First of all, I had to work in the company awareness create. It is about knowledge, attitude and behavior. You have to get people on board and that happens in small steps. So you start by creating awareness around the importance of security and providing insight into where possible threats are. A year later I started implementing the first changes and where quick gains can be achieved. You have to make it very concrete for everyone.”

Quick wins? Yes, according to Rambi, there are plenty of them. He mentions a few examples: “Quick wins can be good visitor registration, installing cameras, email security or access controls. But also writing policy and performing risk assessments before a project starts. I have also performed penetration tests and conducted tests on phishing. In doing so, I sent test emails to employees to see if they clicked on certain links.”

A year later came the next step: “In 2020, I started a project at ForFarmers to implement security monitoring in ForFarmers’ IT and OT environments. We first did that in a proof of concept. That was important, because it had to prove that security monitoring within ForFarmers works and makes sense. For example, you can simulate an attack to try to get in.”

Head and tail

Eventually, all the pieces fell into place, says Rambi: “This all results in a security roadmap with a top-down approach. Does the security roadmap follow the business strategy? Which threats and threat actors can thwart or disrupt this strategy? And which measures do we need to implement from a security perspective to mitigate these dangers and reduce them to acceptable levels? This gives the whole story a head and a tail.”

Because there are plenty of dangers for companies, Rambi believes: “There are numerous cyber threats. Disruption of business processes due to ransomware attacks is of course high on the list, while DDoS attacks on critical company sites can also be very dangerous.”

Nightmare scenario

 “Data manipulation is becoming increasingly prevalent. If you are unable to detect this in time, it can have major consequences for your business operations.”

The final step, according to Rambi, is to formalize agreements, not only within the company but also within the chain with suppliers. “Otherwise you cannot change. You have to work well with them in this area, but also record everything in advance in contracts and SLAs. For example, agreements about remote access, patch management and how you keep each other informed during a security incident. Because the so-called supply chain attacks are the trickiest. Furthermore, we share knowledge with other large companies in the sector and the government, for example via the Digital Trust Center. Because attackers often work together, why shouldn't we?"

Do you want the lecture by Johan Rambi to attend? Register for free on the Industrial Cyber Security event website.