Nov 08, 2021

Cybersecurity: Does Your Grain Business Need a CISO?

Every business needs a designated person to watch for data attacks

Recently, Raines International Managing Director and Head of Chief Security Officers practice Patrick Gray and SVP and Head of Agribusiness Melissa Oszustowicz hosted a webinar about cybersecurity leadership featuring cybersecurity expert Elad Yoran, executive chairman of Koolspan and CEO of Security Growth Partners.

The average data breach now costs U.S. companies $9 million and takes more than nine months to uncover and contain.

No industry is safe from these increasingly common attacks, yet many companies do not have the right structure in place to prepare, prevent and respond to an attack.

In early October, at least three U.S. grain distributors’ systems had been infected with ransomware, raising concerns that hackers have found an easy target in a vital part of the U.S. food supply chain.

The attacks, in which organized cybercriminals lock up organizations’ computers and demand ransom for a program to unlock them, has slowed the distributors’ operations, hampering their ability to quickly process grain as it came in.

The dangers are real and growing. And according to Yoran, many companies have a long way to go to be safe.

What is a CISO?

Yoran says cybersecurity is not only a safety feature, but it can help businesses grow and protect their customers.

The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

The CISO may also work alongside the chief information officer to procure cybersecurity products and services and to manage disaster recovery and business continuity plans.

The CISO may also be referred to as the chief security architect, the security manager, the corporate security officer or the information security manager, depending on the company's structure and existing titles.

Is having a CISO worth the cost?

“There has to be someone who is responsible for these areas,” says Yoran.

He notes that boards of directors should include a security committee or someone to manage and ask the right questions.

“This person doesn’t have to be an IT expert or cybersecurity expert,” he says. “Today there is entire marketplace of choices with all kinds of consultants and advisors. Your company doesn’t have to take on the entire burden internally. Ideally, it should be a combination of inside and outside sources.

“But, it’s imperative to have someone at your company focused on cybersecurity.”

While the CISO doesn’t have to be an expert, he or she does need to understand what questions to ask.

“This person will need managerial and interpersonal skills to manage up, down and laterally,” says Yoran.

“They will need to manage up – to summarize and present the context in businesses terms, such as budgets and priorities,” he explains. “They will need to manage down by coordinating people working on programming and incident response.

“And they will need to manage laterally. Communication is key,” Yoran says. “This person will need to manage all these silos and place them into a holistic organizational perspective. The CISO doesn't control where the risks are. The CISO reports issues, makes priorities.”

Regardless of size, every organization needs to think about cybersecurity. Larger organizations should think about a CISO-level person that is separate from IT and engineering in order to create a checks-and-balances on each other.

“The CISO can report to whomever it makes sense for your organization – the CEO, COO, CFO – but the position should be independent from IT, engineering and development, so the checks-and-balances work,” says Yoran.

Of course, if your organization doesn’t have a C-suite of executives or feel the need to create a CISO-level position, you still need someone watching for data breaches.

“Cybersecurity and data protection is crucial for every business today,” says Yoran. “It’s better to think about how your organization is going to handle a breach before it happens than after the fact.”

Watch the webinar below.

Cybersecurity: How to Prepare for an Attack

Lisa Cleaver

Sponsored Items

Recently Added to Buyer's Guide

Manufactured Canoe Liner

  • Durable urethane molded around rugged steel plate to absorb impact and abrasion
  • Protective plate integrated directly into urethane liner

Utility Monitor

  • Plant-wide utility consumption analysis helps identify anomalies
  • Gain real-time analytics and monitoring


  • First-of-its-kind quantitative LFD
  • Rapid and reliable solution for detecting predominant allergen, safety and grain process ability concerns


  • Enables commercial grain facilities to monitor bins to protect quality of stored grain
  • Digital cable technology checks grain temperature and moisture, automatically activating fans to help prevent out-of-condition issues

Silver-Sweet QL Series Bucket Elevators

  • Convey bulk materials vertically
  • 400 to 11,925 bushel/hour capacities

TUBO Push Conveyor

  • Now with 8-inch tube for higher capacity throughput, up to 43 tons/hour
  • System transports products gently over distances from 165 to 230 feet in all directions


Marketwatch: Mar, 29

US Corn Price Idx: ZCPAUS.CM

open: 6.5192
high: 6.5567
low: 6.5038
close: 6.5313

US Soybean Price Idx: ZSPAUS.CM

open: 14.1991
high: 14.3893
low: 14.1566
close: 14.3578

US Hard Red Winter Wheat Price Idx: KEPAUS.CM

open: 8.2902
high: 8.3652
low: 8.2527
close: 8.3587

US Soft Red Winter Wheat Price Idx: ZWPAUS.CM

open: 6.4098
high: 6.4923
low: 6.3998
close: 6.4423