Electricity and Control August 2020

CYBERSECURITY

IT governance ensures operational resilience

I nformation technology governance builds resilient busi- nesses. It puts in place the protocols and mechanisms necessary to ensure business continuity during times of upheaval and sustainability over the long term. At the same time, optimising IT resources and operational efficiencies can reduce costs while enabling better risk management. This was demonstrated recently in the case of an organ- isation in the rubber industry that was able to mobilise its remote workforce within 24 hours and keep people, pro- cesses and technology in sync for continuity through the national Covid-19 lockdown. A leader in the supply and manufacture of precure tread and consumables in South Africa, the company started implementing IT governance in 2019. This move placed the organisation – with its core business operations heavily restricted during the lockdown – in good stead to navigate and survive the shift. Leader Rubber’s Financial Director, Andrew Summers, who spearheaded the project with AVeS Cyber Security, says, “Despite having to shut down the company’s core operations, administrative and sales functions could continue without disruption during the initial lockdown. And with IT and operational technologies (OT) more aligned, the organisation was able to step up from operating at 10% capacity in April 2020 to 100% in May. This is in part due to the groundwork laid during the governance project we started last year.” Overhauling the company’s information systems and assessing the value of the various technology solutions at play helped Leader Rubber to persevere through this un- certain time. Bolstering the operational environment with more effective processes and ensuring that IT tools are linked to the needs and goals of the organisation also sup- ported resilience. “This shows that good governance is a good tool not only to help services-based businesses survive during tough economic times, but operational technology businesses as well. Companies need to build their governance capabilities for business continuity, to better manage risks, and because governance-conscious customers and partners expect it,” says Cecil Munsamy, Managing Director at AVeS Cyber Security. Munsamy was commissioned to implement an IT Governance Framework and prepare the IT security policies and procedures for Leader Rubber. Before that, the company did not have an integrated view of governance, IT systems or cybersecurity. People, processes and technology were not aligned, creating ineffi- ciencies as well as security vulnerabilities. External service providers that were linked to the company’s networks had unwittingly created significant cybersecurity gaps. The net- works were not segregated, and many computers on the factory floor were not equipped with anti-virus software.

Newly installed cabling and cameras had also placed strain on the network, causing it to slow down dramatically. “The company had to look at its overall business envi- ronment and the value of the different solutions it had: in summary – old technologies, an environment without pro- cesses and there was no link between the business’s goals and the technology it used,” Munsamy recalls. “After an information security assessment and an IT gov- ernance workshop, a roadmap was put in place to look at people, processes and technology inputs, and align each of these to enterprise goals. The roadmap includes an OT strat- egy, to be implemented soon. The company successfully moved from a one-man IT manager to a team of skilled pro- fessionals, achieving lower IT costs as specialist outsourced skills are only accessed and paid for as needed. We also implemented an organisational change management pro- cess to assist people with adapting to the new ways of work- ing. This is especially important in an age where operational technology systems are connected to the internet. “The company did not have a work-from-home culture, but when the lockdown was announced, we were able to have all the office personnel working from home in 24 hours. Virtual networks were easy to set up because the correct firewall was already in place. All the servers are in the cloud, which allowed employees to access company resources from home. If the previous infrastructure were still in place, nobody would have been able to work from home. The legacy systems would not have supported it, and the necessary cybersecurity would not have been in place ei- ther,” says Munsamy. Charl Ueckermann, CEO at AVeS Cyber Security com- ments: “The link between governance and business con- tinuity is often missed by businesses. Yet, they are inex- tricably linked. The probability of surviving and thriving in uncertain times and through a crisis is much higher for those that have good governance in place compared to those that don’t, as this case demonstrates.”

For more information visit: https://aves.co.za

Electricity + Control AUGUST 2020

31