The situation
A global food products company needed to strengthen its resiliency to potential cyberattacks. Some of its chief competitors were already subject to damaging ransomware attacks that shut down their operations. This company wanted to build a cybersecurity program across more than a dozen manufacturing sites in North America. The challenge: knowing exactly how to go about doing it.
Central to the challenge was the company’s unfamiliarity with security best practices and how to advance such a comprehensive cybersecurity program across so many sites. It had already installed some technologies at some individual sites, but they weren’t necessarily deployed effectively or consistently across the various facilities.
What the company needed was a standardized security architecture and holistic operating model. Having different architectures and tools at each site made it difficult for security teams to operate centrally. Another argument for consistent technology was visibility: Individual tools can provide only a partial look into potential threats.
If the company had a standardized security stack of technologies across its entire landscape—firewalls, network access controls, backup and recovery solutions, and network monitoring—it could more easily identify, prevent, and mitigate threats with greater speed, potentially stopping catastrophes before they happened.
Making dozens of physical plants resilient to cyberattacks
The solve
Deloitte approached the transformation in three phases, which kicked off in early 2021. The first phase involved on-site assessments of half a dozen of the company’s major facilities. In addition to a maturity assessment of its security architecture and staff interviews, Deloitte completed deep-dive field inspections that included physical inspections of equipment as well as capturing and analyzing network data, which resulted in a more detailed overview of the company’s technical vulnerabilities and capabilities.
Priorities were then established regarding which foundational controls needed implementing and in what order. The second phase focused on development of those capabilities. Starting in mid-2021, Deloitte helped create:
- Network segregation, which helps defend against attackers attempting to move throughout the production network.
- Legacy remediation, which updates legacy operating systems and hardens or replaces vulnerable equipment.
- Data protection, which helps prevent malicious or unintentional loss of data.
- Operation technology (OT) incident response training, which can create a blueprint for response to a threat.
- SIEM and SOC strategy, a collection of all security alerts for analysis.
- Endpoint detection and response—a deployment of Sentinel One, a solution that combats attacks targeted at computers and servers.
- The installation of Claroty, a Deloitte alliance partner, used to help detect cyber threats and vulnerabilities.
- OT cyber resilience, a continuity plan for each manufacturing site that involves backup strategy and hardware.
Deploying, managing, and training was necessary for the third phase: syncing up these practices to create a unified view and true global program management.
Creating a defensive posture against cyberattacks
The impact
By 2023, cybersecurity measures for most of the company’s North American sites were deployed, which primed it to expand the solutions from slightly more than a dozen sites to nearly three dozen across the world.
Ultimately, from a single security operations center, the company will have visibility into more than 50 sites. Each of the measures implemented at each site will improve the company’s overall security maturity.
The company didn’t want to do just the minimum; its goal was to do better than average when it came to its risk assessment. Deloitte created the foundational controls to create business resiliency while having the flexibility in all regions to respond to emerging threats, not just existing ones.
Preparing for future threats
