A global food products company needed to strengthen its resiliency to potential cyberattacks. Some of its chief competitors were already subject to damaging ransomware attacks that shut down their operations. This company wanted to build a cybersecurity program across more than a dozen manufacturing sites in North America. The challenge: knowing exactly how to go about doing it.
Central to the challenge was the company’s unfamiliarity with security best practices and how to advance such a comprehensive cybersecurity program across so many sites. It had already installed some technologies at some individual sites, but they weren’t necessarily deployed effectively or consistently across the various facilities.
What the company needed was a standardized security architecture and holistic operating model. Having different architectures and tools at each site made it difficult for security teams to operate centrally. Another argument for consistent technology was visibility: Individual tools can provide only a partial look into potential threats.
If the company had a standardized security stack of technologies across its entire landscape—firewalls, network access controls, backup and recovery solutions, and network monitoring—it could more easily identify, prevent, and mitigate threats with greater speed, potentially stopping catastrophes before they happened.
Making dozens of physical plants resilient to cyberattacks
Deloitte approached the transformation in three phases, which kicked off in early 2021. The first phase involved on-site assessments of half a dozen of the company’s major facilities. In addition to a maturity assessment of its security architecture and staff interviews, Deloitte completed deep-dive field inspections that included physical inspections of equipment as well as capturing and analyzing network data, which resulted in a more detailed overview of the company’s technical vulnerabilities and capabilities.
Priorities were then established regarding which foundational controls needed implementing and in what order. The second phase focused on development of those capabilities. Starting in mid-2021, Deloitte helped create:
Deploying, managing, and training was necessary for the third phase: syncing up these practices to create a unified view and true global program management.
Creating a defensive posture against cyberattacks
By 2023, cybersecurity measures for most of the company’s North American sites were deployed, which primed it to expand the solutions from slightly more than a dozen sites to nearly three dozen across the world.
Ultimately, from a single security operations center, the company will have visibility into more than 50 sites. Each of the measures implemented at each site will improve the company’s overall security maturity.
The company didn’t want to do just the minimum; its goal was to do better than average when it came to its risk assessment. Deloitte created the foundational controls to create business resiliency while having the flexibility in all regions to respond to emerging threats, not just existing ones.