Nov 08, 2021

Cybersecurity: Does Your Grain Business Need a CISO?

Every business needs a designated person to watch for data attacks

Recently, Raines International Managing Director and Head of Chief Security Officers practice Patrick Gray and SVP and Head of Agribusiness Melissa Oszustowicz hosted a webinar about cybersecurity leadership featuring cybersecurity expert Elad Yoran, executive chairman of Koolspan and CEO of Security Growth Partners.

The average data breach now costs U.S. companies $9 million and takes more than nine months to uncover and contain.

No industry is safe from these increasingly common attacks, yet many companies do not have the right structure in place to prepare, prevent and respond to an attack.

In early October, at least three U.S. grain distributors’ systems had been infected with ransomware, raising concerns that hackers have found an easy target in a vital part of the U.S. food supply chain.

The attacks, in which organized cybercriminals lock up organizations’ computers and demand ransom for a program to unlock them, has slowed the distributors’ operations, hampering their ability to quickly process grain as it came in.

The dangers are real and growing. And according to Yoran, many companies have a long way to go to be safe.

What is a CISO?

Yoran says cybersecurity is not only a safety feature, but it can help businesses grow and protect their customers.

The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

The CISO may also work alongside the chief information officer to procure cybersecurity products and services and to manage disaster recovery and business continuity plans.

The CISO may also be referred to as the chief security architect, the security manager, the corporate security officer or the information security manager, depending on the company's structure and existing titles.

Is having a CISO worth the cost?

“There has to be someone who is responsible for these areas,” says Yoran.

He notes that boards of directors should include a security committee or someone to manage and ask the right questions.

“This person doesn’t have to be an IT expert or cybersecurity expert,” he says. “Today there is entire marketplace of choices with all kinds of consultants and advisors. Your company doesn’t have to take on the entire burden internally. Ideally, it should be a combination of inside and outside sources.

“But, it’s imperative to have someone at your company focused on cybersecurity.”

While the CISO doesn’t have to be an expert, he or she does need to understand what questions to ask.

“This person will need managerial and interpersonal skills to manage up, down and laterally,” says Yoran.

“They will need to manage up – to summarize and present the context in businesses terms, such as budgets and priorities,” he explains. “They will need to manage down by coordinating people working on programming and incident response.

“And they will need to manage laterally. Communication is key,” Yoran says. “This person will need to manage all these silos and place them into a holistic organizational perspective. The CISO doesn't control where the risks are. The CISO reports issues, makes priorities.”

Regardless of size, every organization needs to think about cybersecurity. Larger organizations should think about a CISO-level person that is separate from IT and engineering in order to create a checks-and-balances on each other.

“The CISO can report to whomever it makes sense for your organization – the CEO, COO, CFO – but the position should be independent from IT, engineering and development, so the checks-and-balances work,” says Yoran.

Of course, if your organization doesn’t have a C-suite of executives or feel the need to create a CISO-level position, you still need someone watching for data breaches.

“Cybersecurity and data protection is crucial for every business today,” says Yoran. “It’s better to think about how your organization is going to handle a breach before it happens than after the fact.”

Watch the webinar below.

Cybersecurity: How to Prepare for an Attack

Lisa Cleaver

Sponsored Items

Recently Added to Buyer's Guide

Granulex 5

  • Up to 30% reduction in energy consumption per ton
  • Connects to Bühler Insights to enable 24/7/365 data-based decision making

Automated Extrusion Control Systems

  • Designed for increased efficiency, higher production rates, reduced waste
  • Consistent results and quality across production lines, shifts and plants

Catwalks & Towers

  • Includes handrail trusses, outrigger trusses, and walk-thru truss style catwalks with standard spans over 200 feet
  • Welded sections and panels allow for easy field assembly while maximizing freight

Market+ Merchandise

  • Bid Management to upload or enter bids, easily adjust basis and other details, and publish to originators and farmers
  • Competitive insights to see how bids compare to other nearby bids

cmdtyView Hedge

  • End-to-end platform for commodity trading that eliminates need for multiple systems
  • Creates automated hedge orders for open offers then pushes grain contracts and hedge executions directly into agribusiness’ ERP system when an offer matches

Safety Access Accessories

  • Safety gates and security doors for ladders and stairs available
  • Reduced number of pieces and bolts for industry-leading assembly time


Marketwatch: Nov, 29

US Corn Price Idx: ZCPAUS.CM

open: 6.7287
high: 6.7755
low: 6.7002
close: 6.7455

US Soybean Price Idx: ZSPAUS.CM

open: 14.0883
high: 14.3903
low: 14.0583
close: 14.3458

US Hard Red Winter Wheat Price Idx: KEPAUS.CM

open: 8.7892
high: 8.7917
low: 8.53
close: 8.5403

US Soft Red Winter Wheat Price Idx: ZWPAUS.CM

open: 6.8766
high: 6.9455
low: 6.8393
close: 6.9087