Nov 08, 2021

Cybersecurity: Does Your Grain Business Need a CISO?

Every business needs a designated person to watch for data attacks

Recently, Raines International Managing Director and Head of Chief Security Officers practice Patrick Gray and SVP and Head of Agribusiness Melissa Oszustowicz hosted a webinar about cybersecurity leadership featuring cybersecurity expert Elad Yoran, executive chairman of Koolspan and CEO of Security Growth Partners.

The average data breach now costs U.S. companies $9 million and takes more than nine months to uncover and contain.

No industry is safe from these increasingly common attacks, yet many companies do not have the right structure in place to prepare, prevent and respond to an attack.

In early October, at least three U.S. grain distributors’ systems had been infected with ransomware, raising concerns that hackers have found an easy target in a vital part of the U.S. food supply chain.

The attacks, in which organized cybercriminals lock up organizations’ computers and demand ransom for a program to unlock them, has slowed the distributors’ operations, hampering their ability to quickly process grain as it came in.

The dangers are real and growing. And according to Yoran, many companies have a long way to go to be safe.

What is a CISO?

Yoran says cybersecurity is not only a safety feature, but it can help businesses grow and protect their customers.

The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

The CISO may also work alongside the chief information officer to procure cybersecurity products and services and to manage disaster recovery and business continuity plans.

The CISO may also be referred to as the chief security architect, the security manager, the corporate security officer or the information security manager, depending on the company's structure and existing titles.

Is having a CISO worth the cost?

“There has to be someone who is responsible for these areas,” says Yoran.

He notes that boards of directors should include a security committee or someone to manage and ask the right questions.

“This person doesn’t have to be an IT expert or cybersecurity expert,” he says. “Today there is entire marketplace of choices with all kinds of consultants and advisors. Your company doesn’t have to take on the entire burden internally. Ideally, it should be a combination of inside and outside sources.

“But, it’s imperative to have someone at your company focused on cybersecurity.”

While the CISO doesn’t have to be an expert, he or she does need to understand what questions to ask.

“This person will need managerial and interpersonal skills to manage up, down and laterally,” says Yoran.

“They will need to manage up – to summarize and present the context in businesses terms, such as budgets and priorities,” he explains. “They will need to manage down by coordinating people working on programming and incident response.

“And they will need to manage laterally. Communication is key,” Yoran says. “This person will need to manage all these silos and place them into a holistic organizational perspective. The CISO doesn't control where the risks are. The CISO reports issues, makes priorities.”

Regardless of size, every organization needs to think about cybersecurity. Larger organizations should think about a CISO-level person that is separate from IT and engineering in order to create a checks-and-balances on each other.

“The CISO can report to whomever it makes sense for your organization – the CEO, COO, CFO – but the position should be independent from IT, engineering and development, so the checks-and-balances work,” says Yoran.

Of course, if your organization doesn’t have a C-suite of executives or feel the need to create a CISO-level position, you still need someone watching for data breaches.

“Cybersecurity and data protection is crucial for every business today,” says Yoran. “It’s better to think about how your organization is going to handle a breach before it happens than after the fact.”

Watch the webinar below.

RELATED READING
Cybersecurity: How to Prepare for an Attack

Lisa Cleaver

Recently Added to Buyer's Guide

FSU101 Bag Sealer

  • Seals up to 25 bags/minute depending on size, weight and type of high barrier material
  • Resistance-type heat seal bars with dual temperature controls

I/O Interface

  • Interface forms a smart and universal actuator
  • Offers endless modifications to give full control of exact functionalities

Reconditioned Mixers

  • Comparable to new equipment when properly restored to as-new working condition by ROSS OEM team
  • Comes with the same standard warranty as new ROSS Mixer

Model SBR Conveyor Belt Cleaner

  • Smaller version of its brush-style conveyor belt cleaner
  • Designed to remove fines and carry-back material from conveyor belt

Mid-Roof Walkarounds

  • Permanently installed walkways
  • 360-degree access to grain bin roofs and mounted components

FSU50

  • Seals 2 to 5 bags/minute depending on operator dexterity as well as size, weight and type of high barrier material
  • Foot pedal or proximity switch activation

Magazine

Marketwatch: May, 21

US Corn Price Idx: ZCPAUS.CM

open: 7.6763
high: 7.7267
low: 7.6613
close: 7.6955

US Soybean Price Idx: ZSPAUS.CM

open: 16.601
high: 16.7876
low: 16.596
close: 16.7347

US Hard Red Winter Wheat Price Idx: KEPAUS.CM

open: 12.213
high: 12.3255
low: 11.9455
close: 11.9611

US Soft Red Winter Wheat Price Idx: ZWPAUS.CM

open: 11.2661
high: 11.3836
low: 11.0864
close: 11.0916