April 17, 2020
Cyber security in the food sector is becoming increasingly important. The lack of a clear security information baseline creates a need for organizations to understand how vulnerable the IT infrastructure is and how employees deal with phishing emails. A challenging factor in this sector is the combination of traditional office automation (IT) and infrastructure in the production environment (OT). For many organizations, and IT teams, in particular, it is difficult to determine how to deal with these strictly separate environments.
A company that has done something about this is ProMessa, a production company located in Deventer, The Netherlands. Remco Hammink, IT manager Promessa, shares his ambitions regarding cyber security and the collaboration with Holm Security.
Remco Hammink describes ProMessa as “Coop Production Companies BV is a successful, innovative meat processor in the Netherlands. Operating under the brand ProMessa. The organization has a traditional, quality-driven production process, in combination with an ultra-modern automated logistics system.” They deliver a distinctive assortment to approximately 1,500 supermarkets daily, where IT and OT are essential links to carry out this work in a safe and effective manner.
New laws and regulations, like GDPR and ISO-27001, require production companies to set new standards in IT security. In the food sector, too, extra emphasis is placed on IT security due to the vital role that food plays in our daily lives. At ProMessa IT security has always been a priority, from virus scanners, firewalls, software updates, security awareness, Remco explains that “Within ProMessa a lot of attention has been paid into an information security program, but the vulnerabilities in the network had not yet been fully clarified”
Since ProMessa processes a lot of data from affiliated supermarkets, a data breach can directly deteriorate the image of the organization, with devastating consequences within the sector. That is why they engaged Holm Security to identify these risks and support them in resolving the issues. Hammink adds:
With a wide range of employees, from people working in a production environment to office staff, Promessa has also carried out phishing campaigns to test the awareness of their employees. The tool is useful in the use of educational training which takes place after the simulation is completed. Each user receives customized training based on his or her awareness level and receives tips to prevent potentially harmful actions in the future.
By mapping the scope and the ambitions, the conversations between ProMessa and Holm Security lead to the execution of a first scan with the platform. An ideal step to test the collaboration and the results of the tool. Remco notes: “We initially opted for a one-off scan. This showed us vulnerabilities that we did not know about. This was a great added value. The continuous scans will periodically present this to us, which we see as great added value for the future of our information security policy”.
To set up the first scan correctly, a clear scope was created. Transparency is also important, in the case of ProMessa they have close cooperation with Detron ICT Group. This IT company hosts several services for ProMessa and was involved in setting up and implementing the tool. Key Account Manager of Holm Security, Dennis Rietberg, speaks of pleasant cooperation: “The communication between the IT-team of ProMessa and Detron was very positive and efficient. This ensured that our Customer Success team could immediately set up the platform properly and the scans were successful”. This was acknowledged by ProMessa who did not need much help setting up.
In addition to performing the scans, Holm Security also helped the management interpret the findings. This was considered added value by Hammink: “The platform is very extensive and clear, a new experience for us, which required extra help. The people at Holm Security are skilled and above all fun people. This makes the entire process a great experience”.
This was also recognized by Holm Security, Dennis says: “We like to take an extra step to help our customers. This will probably be told by every vendor, but for ProMessa and Remco, in particular, you do your best. From start to finish. I am very much looking forward to working with them in the future.”
When asked for a warm recommendation, Remco answers in agreement: “Yes, this tool should be used by every IT department as a standard. Due to the focus on the current state of affairs, we now have homework to do, but we would like to carry out periodic scans for a competitive price.”