; ; ; ; ; ; ; Cybersecurity Plan | Rieusset Blog
Plan de ciberseguridad Rieusset

Cybersecurity Plan

 

Cybersecurity: a key point in industry 4.0

Applying improvements and implementing new measures that affect cybersecurity has become one of our main priorities. Why? These are the reasons:

  1. We want to continue making progress in our industry 4.0 plan, which includes advancing in the digitization of all our production processes, and therefore developing new computer systems, as well as improving and securing the ones we already have.
  2. One of our corporate objectives is security –in computer systems as well– and consequently the security of our information and that of our partners: customers, suppliers, workers, etc. We want to protect ourselves against hackers and new forms of cyber-attacks.

The security of all the information handled by our company is an aspect of primary importance for Rieusset. Let’s find out what our situation is in this regard with the Personnel Director and coordinator of the cybersecurity project, Pilar Pintor, and also with the company contracted for the execution of the plan, Ingram Cloud Cyber Security.

Pilar Pintor

Cybersecurity audit

In May 2021, the German company Ingram Cloud Cyber Security was hired to begin the audit process that could facilitate the starting point of our company in terms of cybersecurity. The objective was to uncover any vulnerabilities in our computer systems that could put our activity or the protection of sensitive data at risk.

Ingram Cloud Cyber Security carried out different activities to determine what vulnerabilities Rieusset had in terms of cybersecurity, verifying these and determining the security risk level associated with the environment and its corresponding assets in order to establish an action plan to mitigate them.

To do this, they carry out two types of interventions:

  • The external one, which consists of trying to enter and attack our computer system from outside, as if it were a hacker.
  • The internal one, carried out from inside the company as if it were an internal person with access to staff computers, servers, etc.

Each of these interventions is carried out in the following phases:

    1. Planning phase. Identification of the rules, scope of the test, access points to verify, timing and objectives.
    2. Discovery phase. Automated vulnerability scanning using industry standard tools.
    3. Once the vulnerabilities are identified, they are verified and classified according to the likelihood and risk they pose to Rieusset.
    4. Final phase. Recording of all findings, risk assessment and steps to follow in order to mitigate it. Finally everything is compiled in a report.

 

Tests and results. Cybersecurity audit

Let’s start with the external test.

As can be seen in the graph, the results were very positive, as only one medium risk vulnerability was found, which the report determines as: moderate security problems that require some effort to successfully influence the environment. The report also explains that at the time of the test they found themselves up against a well-reinforced external perimeter that made it impossible to finish the attack successfully.

To date, the detected incident has already been worked on and solved, thus achieving maximum security in our system against external attacks.

Let’s also have a look at the internal test.

As can be seen in the graph, the number of vulnerabilities was still very low and most of them carried a medium risk (as in the external test). Although there were certain situations from which it was possible to attack the system, the attacks were unsuccessful because we had internal systems reinforced with firewalls, antivirus or network intrusion detection systems.

As indicated by Pilar Pintor, the coordinator of the cybersecurity project: “in this regard, we felt reassured knowing that many actions we were taking to date were correct and truly protected us.”

Even so, we worked on all the vulnerable points until we managed to solve them. To date, all the weak points have been reinforced and we now have a much more secure computer system.

 Cybersecurity 2022

Although all the vulnerabilities have been corrected, we plan to carry out more tests periodically to continue guaranteeing the security not only of our company, but also of our workers, customers, suppliers and all our interested parties.

As explained by our cybersecurity coordinator, Pilar Pintor: “internally, for example, we have carried out (and will continue to do so) training with cybersecurity specialists for our office staff. In this way, they will be well informed and will know how to act.”

One of the latest developments is the incorporation last December of a computer technician, Alejandro Beltrán, whereby we strengthen our IT area in all its aspects, having more resources to continue working on our cybersecurity.

In 2022, our objective is to continue working to be a healthy, sustainable and safe company, which also includes being cybersecure.

Don’t miss our articles and posts; we will continue to report on our advances in cybersecurity.