It's important for everyone to understand not only why cybersecurity precautions are in place, but how they enable employees to perform their jobs better and protect the steel manufacturer's physical, revenue-generating assets.
“With the recent attacks on industrial control systems and HMIs, we’re really leaning on GrayMatter not only for their technical expertise but on the organizational, marketing and communications expertise that GrayMatter has with talking to operations," said Jerry Baum, Director of IT, Infrastructure, at Zekelman.
To build buy-in, Zekelman’s IT Infrastructure team started an information campaign dubbed "Security Bits" to share security tips and info about thwarting ransomware to build a culture of security with employees.
Zekelman focused on how security supports Zekelman’s key business differentiators, which are: Safety, Quality and Customer Service. For example, on-time delivery is a key performance metric for Zekelman when it comes to customer service, Baum said.
“If one of our sites gets taken down by a cyber attack for a week, a month or, heaven forbid, several months, that drastically affects not only our reputation but our on-time delivery metrics,” he said.
Zekelman is also working with GrayMatter to conduct a site-by-site OT cybersecurity assessment and formulate next steps for roughly 15 facilities now under one hierarchy. Changes are already underway. Everything on the plant floor now must go through firewalls – something not previously in place.
Imagine the financial and reputational impact of a month-long shut down of customer order fulfillment because of a cybersecurity incident like the one Zekelman's vendor experienced. An event of this type at Zekelman would cost tens of millions of dollars.
This was a major factor in persuading upper management to get behind a more comprehensive approach to securing operations.